URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-04-27 11:09:22 | 15.197.148.33 | a2aa9ff50de748dbe.awsglobalaccelerator.com | Not listed | AS16509 AMAZON-02 |  US | yes |
| 2025-04-27 11:09:22 | 3.33.130.190 | a2aa9ff50de748dbe.awsglobalaccelerator.com | Not listed | AS16509 AMAZON-02 | US | yes |
| 2023-04-22 18:37:46 | 91.195.240.94 | Not listed | AS47846 SEDO-AS |  DE | no | |
| 2022-01-25 09:23:09 | 131.153.37.3 | svr157.fastwebhost.com | Not listed | AS20454 SSASN2 | US | no |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2022-01-26 14:19:09 | http://sashapieterse.net/bb/KwD.exe | Offline | exe Formbook  opendir |  abuse_ch |
| 2022-01-25 10:53:07 | http://sashapieterse.net/k66/F5r.exe | Offline | 32 exe Formbook |  zbetcheckin |
| 2022-01-25 09:23:09 | http://sashapieterse.net/f9/rfq.exe | Offline | exe Formbook opendir | abuse_ch |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2022-01-26 14:19:08 | 4102936b0b54529eb3be257a0ed5a222149bf146da96cd75b77e1dd2be614f9b | exe | Formbook | |
| 2022-01-25 10:53:07 | 11b121ba849ce2438d07acd369c8d73e229279af58ea1dc5cbed24849f611e3a | exe | Formbook | |
| 2022-01-25 09:23:09 | c08281aad469530583f8216b4e4fa73c2f94807b680ae7407662ea08641dc8e1 | exe | Formbook |