URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-04-28 00:19:40 | 168.119.79.98 | node1.indservers.com | Not listed | AS24940 HETZNER-AS |  DE | yes |
| 2025-10-13 17:43:10 | 13.248.213.45 | a67c48129651a0940.awsglobalaccelerator.com | Not listed | AS16509 AMAZON-02 |  US | no |
| 2025-10-13 17:43:10 | 76.223.67.189 | a67c48129651a0940.awsglobalaccelerator.com | Not listed | AS16509 AMAZON-02 | US | no |
| 2022-01-11 18:12:05 | 162.214.156.4 | cloud.servers800.com | Not listed | AS46606 UNIFIEDLAYER-AS-1 | US | no |
| 2022-10-14 00:37:41 | 34.98.99.30 | 30.99.98.34.bc.googleusercontent.com | Not listed | AS396982 GOOGLE-CLOUD-PLATFORM | US | no |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2022-01-11 18:12:05 | http://sidhgroup.in/b/TdiQyGn5E/?i=1 | Offline | doc emotet  epoch4 heodo SilentBuilder |  Cryptolaemus1 |
| 2022-01-11 18:12:05 | http://sidhgroup.in/b/TdiQyGn5E/ | Offline | emotet epoch4 redir-doc xls |  waga_tw |
The table below shows recent payloads delivery by this host.