URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-09-19 15:55:30	162.159.140.166		Not listed	AS13335 CLOUDFLARENET	n/a	no
2025-09-11 21:17:21	74.208.236.195	74-208-236-195.elastic-ssl.ui-r.com	Not listed	AS8560 IONOS-AS	US	no
2022-03-03 18:51:13	67.227.226.240	lb01.parklogic.com	Not listed	AS32244 LIQUIDWEB	US	no
2022-09-16 16:33:38	50.28.32.8	peacock.parklogic.com	Not listed	AS32244 LIQUIDWEB	US	no
2022-02-27 19:14:15	34.102.136.180	180.136.102.34.bc.googleusercontent.com	Not listed	AS396982 GOOGLE-CLOUD-PLATFORM	US	no
2022-01-21 18:21:49	34.98.99.30	30.99.98.34.bc.googleusercontent.com	Not listed	AS396982 GOOGLE-CLOUD-PLATFORM	US	no
2021-10-01 04:13:04	148.66.138.114		Not listed	AS26496 AS-26496-GO-DADDY-COM-LLC	SG	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-10-01 04:13:04	https://reclaimyourriches.com/images/leaders/WC...	Offline	32 exe RedLineStealer	zbetcheckin

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2021-10-02 12:28:41	ee3a537e93bb22332bf7e3f8d9286870208f7fd75ce60ce91ae23f87901b22eb	exe		RedLineStealer
2021-10-01 22:47:58	87d447a15d1d9d9852ee777d23420054994264a2d78a4399e67059daa8b42912	exe		RedLineStealer
2021-10-01 11:21:26	aeb4122591d2076f47911982e236055ef732880c132cc56c902618d556762456	exe		RedLineStealer
2021-10-01 04:13:04	5b1d9e756ba63d14a11bb2f66be3aa1ddd3f6ff7cfb7e21e4cc020862088744a	exe		RedLineStealer