URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-05-26 12:53:17	3.211.254.194	ec2-3-211-254-194.compute-1.amazonaws.com	Not listed	AS14618 AMAZON-AES	US	no
2025-05-22 01:48:24	34.194.237.240	ec2-34-194-237-240.compute-1.amazonaws.com	Not listed	AS14618 AMAZON-AES	US	no
2025-05-22 01:48:24	50.17.143.155	ec2-50-17-143-155.compute-1.amazonaws.com	Not listed	AS14618 AMAZON-AES	US	no
2025-05-18 04:41:32	52.2.128.121	ec2-52-2-128-121.compute-1.amazonaws.com	Not listed	AS16509 AMAZON-02	US	no
2025-05-18 04:41:32	44.208.109.200	ec2-44-208-109-200.compute-1.amazonaws.com	Not listed	AS16509 AMAZON-02	US	no
2025-04-27 09:35:59	18.119.154.66	ec2-18-119-154-66.us-east-2.compute.amazonaws.com	Not listed	AS16509 AMAZON-02	US	no
2025-04-27 09:35:59	3.140.13.188	ec2-3-140-13-188.us-east-2.compute.amazonaws.com	Not listed	AS16509 AMAZON-02	US	no
2025-04-30 06:32:36	34.205.242.146	ec2-34-205-242-146.compute-1.amazonaws.com	Not listed	AS14618 AMAZON-AES	US	no
2025-04-30 06:32:36	54.161.222.85	ec2-54-161-222-85.compute-1.amazonaws.com	Not listed	AS16509 AMAZON-02	US	no
2020-01-31 08:25:04	164.132.163.21	ns3038902.ip-164-132-163.eu	Not listed	AS16276 OVH	FR	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2020-01-31 08:25:04	https://passionbazaar.com/wp-content/multifunci...	Offline	doc emotet epoch1 heodo	Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2020-02-01 04:30:53	dda76af8d395dccbe545d1229617376570b747b0bacfe5582b646f42937eb732	doc		Heodo
2020-02-01 03:20:49	b67d9a95a6a08ba02556971147227edd021913ba8358b4f59c86227d4b57f502	doc		Heodo
2020-02-01 01:58:47	db7f5b6d87d0f0ae4d1382c466452fa7957c4187f6a2c5604f3c40c326b2d627	doc		Heodo
2020-02-01 00:57:45	5a73104935659f63aa233afdd3583c6dc3087ec5804bd439dd0c189891986b6c	doc		Heodo
2020-02-01 00:10:55	0868d596c8affa141c596d7bfb80521df4e2147cacf37ce374b0cc357cfdfc2f	doc		Heodo
2020-01-31 23:56:45	16dc2ea6966445ff4b382ab180a5983bbe8513068550a030d7581fd6c0e46bd7	doc		Heodo
2020-01-31 22:25:43	964ade2e36826fb06c5ca21cd4cbbd3a11a8e21c195e323ae8cfd383543d1d93	doc		Heodo
2020-01-31 21:18:35	aebb8ef053c29de1aab7da94fc9873aee20eadcb51be762f73f08a2aa0cea7ba	doc		Heodo
2020-01-31 21:06:56	102bb1372b29549ac0ede4412630e0da7015a08f4d489e6c644f3b17c24598f7	doc		Heodo
2020-01-31 19:50:29	75a193ddb301d33ccb84b3ec9ac81a9bc61313864cafe25f23c10cd31e159587	doc		Heodo
2020-01-31 18:19:32	b8f61b7051e5cb28a6f514db68d873b863f74324defa9d63a2ee00cbed32c509	doc		Heodo
2020-01-31 16:48:25	3a1bb7b01c02be6e2e71fd83c2bb04835747b98aafc1ee772f88c618b5325d53	doc		Heodo
2020-01-31 15:24:29	075d1f5b7944bb5b788d8b9036b9ade54bf6cda3e8d6809c6846900039d90e18	doc		Heodo
2020-01-31 14:03:27	98d4100547490c9809f92a82a3afc57c4927ce1e84664bad304d005b9754a02f	doc		Heodo
2020-01-31 13:03:22	e7863425cfe23c40a2c40e179c1bd67eba047602a382158bb9458b1f52cbeec4	doc		Heodo
2020-01-31 11:54:21	94126672a1eae302832e65ad27da988191a1cfe19203434facd8fc6cda3605ad	doc		Heodo
2020-01-31 11:46:57	09c4e38f5ae89bb62c021442a2e76b9f572255957f80b6d5af3111d7d9623325	doc
2020-01-31 10:23:27	3519cd8b1d547e4f668fcd2760c5cb4cf74c70404ae4fc40b9ea83680c5fb675	doc		Heodo
2020-01-31 09:46:19	83adf17a21b247ab3da648cd23beffbe62adba8f6bc39585c8c132022be229c8	doc		Heodo
2020-01-31 08:25:04	cf478028a8a4afbe610af8c9c1587dec1c1dc4ec8a253cb98a15314e534c1c8e	doc