URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2021-01-27 14:22:26	107.180.13.247	247.13.180.107.host.secureserver.net	Not listed	AS26496 AS-26496-GO-DADDY-COM-LLC	US	no
2021-06-01 01:30:29	34.98.99.30	30.99.98.34.bc.googleusercontent.com	Not listed	AS396982 GOOGLE-CLOUD-PLATFORM	US	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-01-27 14:22:26	http://test.grupokeithmar.com/xkp369t.zip	Offline	Dridex	stoerchl

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2021-01-28 15:25:43	ff0efdad65d67bb34986f4be712f63ebb994dfa2fbec699a5ee2693688be6463	dll		Dridex
2021-01-28 06:40:26	4b22e26ecabb2ef46aa6dd284d81c6cf6689e64c6bcbe29e2645663a062b3ffc	dll		Dridex
2021-01-27 20:55:09	b6669b0677186d99b92663c86ac5c035884271e4fa76aaa9fa054dcc3d13969c	dll		Dridex
2021-01-27 18:31:22	e3c263cc78e35dc7442aff896068b7ed5e79abfc3f083a2ae813171a5fd7bac8	dll		Dridex
2021-01-27 17:27:25	d22ad6672baa9d1947a2fb59d4da6ad94dd1ffca720fa060d84ea6d2dbf7a964	dll		Dridex
2021-01-27 16:24:52	e58605284b9af2bfe1f5d32ffeb2a93d6e610001ed43fe6db62e8668254d1061	dll		Dridex
2021-01-27 15:37:24	609bdf4a236231539cc2ed813319888615c646eddc20e2b559efa0e6e236bff4	dll		Dridex
2021-01-27 14:22:26	4f274c3735228530f821d63949e0cf14f39c162c143f1465fb3b8585b4315be1	dll		Dridex