URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	promofm.com
Domain registrar:	Namecheap
Domain registration date:	2022-01-14 06:06:26 UTC
Abuse complaint sent to registrar:	Yes (2022-01-18 11:27:02 UTC to abuse{at}namecheap[dot]com)
Domain registry:	VeriSign Global Registry Services
Abuse complaint sent to registry:	Yes (2022-01-18 11:27:02 UTC to info{at}verisign-grs[dot]com)
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Control D HaGeZi :	Not blocked
Firstseen:	2022-01-18 11:24:03 UTC
Total malware sites :	2
Online malware sites :	0 (0%)
Offline Malware sites :	2 (100%)
A record(s) observed :	15

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-06-23 18:33:15	13.248.169.48	a904c694c05102f30.awsglobalaccelerator.com	Not listed	AS16509 AMAZON-02	US	yes
2025-06-23 18:33:15	76.223.54.146	a904c694c05102f30.awsglobalaccelerator.com	Not listed	AS16509 AMAZON-02	US	yes
2025-09-06 09:15:30	166.117.110.61		Not listed	AS16509 AMAZON-02	US	no
2025-09-06 09:15:30	99.83.161.153	a2b7bf3398455f345.awsglobalaccelerator.com	Not listed	AS16509 AMAZON-02	US	no
2025-09-18 21:46:52	15.197.148.33	a2aa9ff50de748dbe.awsglobalaccelerator.com	Not listed	AS16509 AMAZON-02	US	no
2025-09-18 21:46:52	3.33.130.190	a2aa9ff50de748dbe.awsglobalaccelerator.com	Not listed	AS16509 AMAZON-02	US	no
2025-04-27 19:32:22	199.59.243.228		Not listed	AS16509 AMAZON-02	US	no
2023-04-20 07:25:08	172.96.191.192	172.96.191.192-static.reverse.arandomserver.com	Not listed	AS59253 LEASEWEB-APAC-SIN-11	SG	no
2023-04-08 13:07:29	188.114.96.3		Not listed	AS13335 CLOUDFLARENET	n/a	no
2023-04-08 13:07:29	188.114.97.3		Not listed	AS13335 CLOUDFLARENET	n/a	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-01-18 11:25:04	https://promofm.com/wp-content/JlI1UgLT31Nh1IpO...	Offline	emotet epoch4 redir-doc	Cryptolaemus1
2022-01-18 11:24:20	https://promofm.com/wp-content/JlI1UgLT31Nh1IpO...	Offline	doc emotet epoch4 heodo SilentBuilder	Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2022-01-18 20:58:07	95141c557c2da97c647844e7c27133e0f8ba49907e167088ad774ed57e950294	xls		SilentBuilder
2022-01-18 20:41:20	0c2fe7f75dc52fa0a130eaf8bb9f2b4557364a0920e6a1c69305677d87ca4afc	xls		Heodo
2022-01-18 20:39:30	23818d020226a4e303ac78cb6d0a405c556ac097e43103924139863457ce57a4	xls		Heodo
2022-01-18 20:22:48	f41ec4b22a26f1a4f48f59ab394c650f24c4f44ee6bec9a108bd381c0b7c530a	xls		Heodo
2022-01-18 20:02:01	7aa9c6f8262331cf9c8ebdca556c1d388cb4f7e602ed8b8a5f4e1855b1f87119	xls		Heodo
2022-01-18 19:50:39	db3cdb2ac31dead6ed8c92e15387433f9d1f1e22bced252500894becaf2f2cb5	xls		Heodo
2022-01-18 19:34:04	ed7b7b714357d1a175b514b76cbf5147ede66ace8298383c6b280e08917b4a63	xls		Heodo
2022-01-18 19:18:09	84f5c4c9612d301ba12603f53c640782b202958246bbd8872741a56727356d50	xls		Heodo
2022-01-18 19:12:57	72c86aa317ab7faa997935b084336233629d3bfd686c0d3b187d9b3817db2219	xls		Heodo
2022-01-18 18:59:43	a86bee361ac332eb884025ac663421c25b4df9b67524b61daf6d0f47981ea3a8	xls		Heodo
2022-01-18 18:40:56	2ac5ab393ba3fad0d1d2b2bb830dbfa05aea37cf4678cf4810d36df3dc1b8ee0	xls		Heodo
2022-01-18 15:56:27	e6a55d3065b29b2634244c18d442d767860dde8b31b384e78ffa5a532f690a08	xls		SilentBuilder
2022-01-18 15:38:59	87a3b10f55f64b9ad36bcbaeeba95d11ded3d3e7d1e40b2fde1106e4893c8237	xls		Heodo
2022-01-18 15:21:20	8cf0d4b6f46140310d23a11ccea9f0432cba82e2a5f06e26dc351a849e043c53	xls		SilentBuilder
2022-01-18 15:15:58	2b602d2295ecce099afe885b2bd744337e5602f3300728e6b1e88438f7788455	xls		SilentBuilder
2022-01-18 14:55:56	17c6c45571007ecbe44b50fafd5222e9fd161646f082d066f7fee48fe727ee5a	xls		Heodo
2022-01-18 14:38:58	33d2af0373f1662863398e935a3130ca56d7fcd1cd61e2963dc3c70adf85032c	xls		Heodo
2022-01-18 14:26:21	2de97a93ab7dd5aeefda020a0447b400f6c7bb15212d4a6f096967e5ba910f01	xls		Heodo
2022-01-18 14:16:54	ee5f67811826c99bf20139cb20c4927a5ece12e158dbcaf0eb0fdb0dd00cb87e	xls		Heodo
2022-01-18 14:00:29	203afcf45c6c4b26213d835ba1164816c6c5ff9617e763481ecbd90481f1c581	xls		Heodo
2022-01-18 13:44:37	28c65d1f9eccc96780983180a3c32b0c8b5f65c97d06375841c3b01b1c8f616a	xls		SilentBuilder
2022-01-18 13:31:46	b5826a1bcd5ab4363b49cbb87facbe2d6cd4ff7cc2ad56db37c3bcce6f794edb	xls		Heodo
2022-01-18 13:21:49	f386fa8e712fec7fdf912fa73704a375be4db32562d3c74d8069036f2d6d50e8	xls		SilentBuilder
2022-01-18 13:03:50	bbb0d9096b57b510f84f8b3100abcfa22d6b39dbdd0d182d403e6b78db9b4cff	xls		Heodo
2022-01-18 12:59:01	c4d6824a33dd865ea6e4813de15d4783237ea71a7040c537bf283d44565d198a	xls		SilentBuilder
2022-01-18 12:40:52	742e4e61e724ce6d7ff5062cfcfa8e0022ed8efae93831bdac36fd47bae4a51a	xls		SilentBuilder
2022-01-18 12:27:06	1779463f218d2d34d1f5c91c10f22ad041cdb7d11213e32e99dcbfb02b72ee02	xls		SilentBuilder
2022-01-18 12:15:32	2344e1b56f2fbbeb4e83627c4b76ee3a66c264a7c2c5905e90c592506488030f	xls		SilentBuilder
2022-01-18 12:03:56	db2524a38755745b796339f2a7fb4e42dba8341984ce35ea715923742a725315	xls		SilentBuilder
2022-01-18 11:49:58	bb03708424d81d0d854321db58bf2b8b53e14bfb0370bb212a75d9f7bd7ebf46	xls		SilentBuilder
2022-01-18 11:36:05	2dc2a41823b6a6c96530697177ee9be6343c4d95f4a71ae29bf678fddce82bb3	xls		SilentBuilder
2022-01-18 11:25:04	a93a0a031d974a128fa11a60714e833acc67ec7ef3385810e7481878ce34d6d5	html
2022-01-18 11:24:19	70730b2e2b915460b29f280979de96339912418a1c5dcea03e8c5b9add9b291e	xls		Heodo