URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-08-24 22:47:49 | 13.223.25.84 | ec2-13-223-25-84.compute-1.amazonaws.com | Not listed | AS14618 AMAZON-AES |  US | yes |
| 2025-08-24 22:47:50 | 54.243.117.197 | ec2-54-243-117-197.compute-1.amazonaws.com | Not listed | AS14618 AMAZON-AES | US | yes |
| 2025-08-26 15:12:49 | 52.201.53.166 | ec2-52-201-53-166.compute-1.amazonaws.com | Not listed | AS14618 AMAZON-AES | US | no |
| 2025-08-26 15:12:49 | 98.82.42.139 | ec2-98-82-42-139.compute-1.amazonaws.com | Not listed | AS16509 AMAZON-02 | US | no |
| 2025-06-06 14:58:37 | 199.59.243.228 | Not listed | AS16509 AMAZON-02 | US | no | |
| 2025-04-27 15:19:37 | 66.29.132.127 | business141-4.web-hosting.com | Not listed | AS22612 NAMECHEAP-NET | US | no |
| 2020-08-20 19:41:48 | 199.188.201.77 | server275-2.web-hosting.com | Not listed | AS22612 NAMECHEAP-NET | US | no |
| 2020-08-13 19:35:04 | 51.89.20.92 | ns3143972.ip-51-89-20.eu | Not listed | AS16276 OVH |  GB | no |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2020-08-13 19:35:04 | http://nairapath.com/wp-includes/XmYO/ | Offline | doc emotet  epoch3 heodo |  Cryptolaemus1 |
The table below shows recent payloads delivery by this host.