URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2023-03-20 13:43:12	54.226.201.41	ec2-54-226-201-41.compute-1.amazonaws.com	Not listed	AS14618 AMAZON-AES	US	no
2023-02-11 23:48:38	34.102.136.180	180.136.102.34.bc.googleusercontent.com	Not listed	AS396982 GOOGLE-CLOUD-PLATFORM	US	no
2022-11-19 15:23:49	34.98.99.30	30.99.98.34.bc.googleusercontent.com	Not listed	AS396982 GOOGLE-CLOUD-PLATFORM	US	no
2022-06-11 13:06:54	76.76.21.21		SBL688052	AS16509 AMAZON-02	US	no
2022-04-21 10:05:31	108.179.253.179	br590-ip05.hostgator.com.br	Not listed	AS19871 NETWORK-SOLUTIONS-HOSTING	US	no
2021-03-24 15:07:20	50.116.113.57	50-116-113-57.unifiedlayer.com	Not listed	AS19871 NETWORK-SOLUTIONS-HOSTING	US	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-03-24 15:07:20	https://querocar.com/x9dysfm.rar	Offline	Dridex	reecdeep

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2021-03-25 03:58:44	344b0c9513004b3db07f3ffb46ec8fa975f1b980fec9654bf4cbe1782cfcc4f4	dll		Dridex
2021-03-24 20:25:51	ed5fb363f765e5ebf27d230bbe96cdb77be2a424ff7b7008a70ab3f2a56c25e4	dll		Dridex
2021-03-24 17:48:47	532ce5b53bd2a7ef01be953f374d442b693600341db0adc47fd411fd8e7bf4db	dll		Dridex
2021-03-24 15:51:30	db868f7c31fdd547c5ee758b1d088404dc721607b85ebd2a4b4b869705746410	dll		Dridex
2021-03-24 15:07:19	affbeee207af41f2f83fdaf5c655921f0e2af76eab702b9470c177429e863885	dll		Dridex