URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: prod2.saffyr.com
Domain registrar:HostGator -
Domain registration date:2014-11-25 18:26:47 UTC
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Blocked
Control D HaGeZi :Not blocked
Firstseen:2022-01-18 02:12:04 UTC
Total malware sites :4
Online malware sites :0 (0%)
Offline Malware sites :4 (100%)
A record(s) observed :4

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2025-10-30 14:20:26 13.248.169.48a904c694c05102f30.awsglobalaccelerator.comNot listedAS16509 AMAZON-02- USyes
2025-10-30 14:20:26 76.223.54.146a904c694c05102f30.awsglobalaccelerator.comNot listedAS16509 AMAZON-02- USyes
2022-11-26 04:06:45 208.91.197.13Not listedAS40034 CONFLUENCE-NETWORK-INC- VGno
2022-01-18 02:12:06 162.214.224.135244000.agenceweb-jforjay.comNot listedAS46606 UNIFIEDLAYER-AS-1- USno

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2022-01-21 03:17:10http://prod2.saffyr.com/Fox-C404/CDQLYAeSg9Jljt...Offlinedoc emotet ext epoch4 heodo ext SilentBuilder Cryptolaemus1
2022-01-21 03:17:10http://prod2.saffyr.com/Fox-C404/CDQLYAeSg9Jljt...Offlineemotet ext epoch4 redir-doc xls Cryptolaemus1
2022-01-18 02:12:11http://prod2.saffyr.com/assets/bqgE/Offlineemotet ext epoch4 redir-doc Cryptolaemus1
2022-01-18 02:12:06http://prod2.saffyr.com/assets/bqgE/?i=1Offlinedoc emotet ext epoch4 heodo ext SilentBuilder Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2022-01-21 07:16:296407591df6ce61f946e24715faa6fba1b1f3221e2baf22f6c4f5a64f1ea98eb5xlsHeodo
2022-01-21 07:02:37b443a467b699497e7eabc0c3bdf7bf6a86705a29944ec4ee8e249abb7d17828fxls Heodo
2022-01-21 06:50:395733b0f4ff735d3282e9f35d49f2415eb5b786859209d98bdfeb412b55d09958xls Heodo
2022-01-21 06:40:56b11d267860a7dfa12d415540e8d6b6e4b7813b2a4d633c966ce2c405a20b9a95xls Heodo
2022-01-21 06:20:02a012d6c3ff9ac12c39dc7e32fb51008897bf8ec0ea7291f80801a2bcdf195cffxlsSilentBuilder
2022-01-21 05:57:4939123bd1932920eca6749593bee628c405f8bb88114d8647a5d9db8b5914f46cxls Heodo
2022-01-21 05:51:281f8c4b036377f2a61d53cb148ad29e36409e2248ccb66479eea7f3e5eac3cb78xls Heodo
2022-01-21 05:28:0717fd6dde30c8df304a856b8907a053772fe7300d8ca7f8164b72d0c5f5f51215xls Heodo
2022-01-21 05:20:257ecf0d5b556f400f2d98ef9f7e90373854ec0bda7732f5300223f9c600405235xlsHeodo
2022-01-21 04:47:34db8baab6295830de9d3d9a59dc3b8c88a5de601deeaffaaa83bb6aa941e29b6cxlsHeodo
2022-01-21 04:39:4368ac40fe87dde757e87dd5e24f31fa32b8936e445748bf112e3b2bfd8e50c713xlsHeodo
2022-01-21 04:26:33c1cf0024cf0ea94cafe10459912b6db4e4b66bb5b5a08fd061b4e72b227a63e4xls Heodo
2022-01-21 04:02:22322c57757251a738ad054ef39b079a236e8f4747bd3ea260a3494021ca5e14d9xls SilentBuilder
2022-01-21 03:49:152244d7a7eb44aec8923cc308795cb6b808fd39743144179763b083fe3e0a09d4xls Heodo
2022-01-21 03:34:055e822244fcb48ca7098e959edb32e21203c5e1115aa43158ce06fe0bf4b6a628xls Heodo
2022-01-21 03:17:10a35dd8234181c606ed2622bc7e8682a83326670684b0179ec886eebd8727a6a9xls Heodo
2022-01-21 03:17:10aca9351e4854bbf87f6a6bb91a5326d4312774e00d2c2c39f6642078ac57660dhtml  
2022-01-18 06:18:4059cb2552a34b231acb92fcee121b13d662ca7f0049a70aae86fe312270f548e5xls SilentBuilder
2022-01-18 06:06:32a08e21a9646ed80fd78c00c66e67a24ae0fe62a3b0e7f1f8af0de9e7e5b36fefxls SilentBuilder
2022-01-18 05:47:38b463abec1dfc612e1ea59fa20ed07f468fbdc69e8694a5af639fa79435ce4f58xlsHeodo
2022-01-18 05:40:4635be5819e56e15ca1bc78bb61ba08a38d392461405142da722d534c2f87e55f5xls Heodo
2022-01-18 05:16:2426b4ee804e6a317a802f1c370398c6629f516477378bf94cad94413237e05c34xls SilentBuilder
2022-01-18 04:58:25b4a49e89e7852d569ea4a0d6abbfb489a53b392e38fb16270343b54b2cc34b00xls SilentBuilder
2022-01-18 04:49:58a35ccc0277367ef2660f2eb7b2c5702b33e04ecabb9e9dc69f0e089d31b24abfxls SilentBuilder
2022-01-18 04:28:45ebe7c1008e98277cac317211c9fb8db1371f256f9c344209fba11039fcfc1576xls SilentBuilder
2022-01-18 04:14:01c1a761edd3badd0226e48b8622372de2feddd9d4ced41445685022600816aa7cxls Heodo
2022-01-18 04:07:53f992f21f03b86aefe34db46f747ad9c063feebaac70cc1eff8cb76806aed499dxls SilentBuilder
2022-01-18 03:46:390462fb1b5a8a7784bb9b1dc90185c6b031d6dbc1ca9256bc59a34bab1c87ab49xls SilentBuilder
2022-01-18 03:40:31fef50521b3110b6efcd1210d87cffcc0912c24b496de185199e0ccd5b5a5c88exls SilentBuilder
2022-01-18 03:12:254ad545641ce10800bcd2a75f03ae32b78d9fce1feb504c5353da50438959e3b0xls SilentBuilder
2022-01-18 03:05:20daa9500fee014b0450b7fe52c152b9031d7ad98762a7f2f5630ba7bf59b8e44dxls SilentBuilder
2022-01-18 02:40:33a5e2d9ed5a8d8f082894ed767dde54d0300a5de869e1e05594545468a53760ebxlsSilentBuilder
2022-01-18 02:33:09008b222ba5cbe5e41d04de155ba16402767896ac08765f7f15b59a7e5f7352dfxls SilentBuilder
2022-01-18 02:12:11d8726553447c66ed0ece18673611a03fab25c19a666c5f5d813963670d23e5abhtml  
2022-01-18 02:12:05cfe3e0a2ea55f2970885db2686568629c82fe6e8b161f6ec2c3456e75c9af9ecxls SilentBuilder