URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-04-27 09:47:58	23.254.202.116	hwsrv-1087112.hostwindsdns.com	Not listed	AS54290 HOSTWINDS	US	yes
2022-05-21 03:46:33	103.87.173.132	dev.prefix.solutions	Not listed	AS146943 TIER4CLOU-AS	IN	no
2021-01-25 16:41:29	188.208.140.157	linux3.rapiddeal.in	Not listed	AS132335 LEAPSWITCH-IN-AS-AP	IN	no
2021-03-07 11:37:10	209.99.40.222	209-99-40-222.fwd.datafoundry.com	Not listed	AS23005 SWITCH-LTD	US	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-01-25 16:41:29	http://redbats.co.in/nuzx6o.zip	Offline	Dridex dropper	Myrtus0x0

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2021-02-05 19:26:33	7e4484cc74b39c84caa11ddaa7ac523036f516b091edd15060a7ded9e2494d23	dll
2021-01-26 11:49:29	b6cf019dca618ebc676b84c40846e0a9a2050689b35845af2f12a93442fb25e8	dll		Dridex
2021-01-26 05:55:55	81222472b041091fc7af2308fee853b197d8b6dd0010dada181c153998535dd0	dll		Dridex
2021-01-25 20:59:28	5f5bea792adc24979fde02125541d92934b19de7590ec132f26fa7c8e8ea97c5	dll
2021-01-25 19:50:16	146347c87193f4a89fb4bdf2e1a9a2f366687eb0430720ffa7bab1dfd8437ae5	dll
2021-01-25 18:35:25	4d8c2d2475582c8216e6292327b028868e3506ddb252b8184127f698a5920f91	dll		Dridex
2021-01-25 17:40:54	a10d6a433874eb64d03ccf1a0c45d94cbe62c00646088da013f983859c4aafd7	dll		Dridex
2021-01-25 16:41:29	0b3e6ada39214664cac30a55a1502a76f040b23b569a205504369372c9a36c8a	dll		Dridex