URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-09-06 07:54:44	23.227.38.72		Not listed	AS13335 CLOUDFLARENET	CA	yes
2022-02-12 07:48:27	23.227.38.65	myshopify.com	Not listed	AS13335 CLOUDFLARENET	CA	no
2022-01-28 09:05:15	161.97.110.227	vmi874329.contaboserver.net	Not listed	AS51167 CONTABO	FR	no
2022-01-26 08:41:26	161.97.73.12	ip-12-73-97-161.static.contabo.net	Not listed	AS51167 CONTABO	FR	no
2022-01-17 21:13:34	131.153.22.164		Not listed	AS60558 SECUREDSERVERS-EU	NL	no
2022-01-14 17:57:27	173.249.48.203	ip-203-48-249-173.static.contabo.net	Not listed	AS51167 CONTABO	FR	no
2022-01-12 17:41:32	154.53.57.93	vmi1344666.contaboserver.net	Not listed	AS40021 CONTABO-40021	US	no
2022-01-09 12:09:06	94.250.202.36	ip-36-202-250-94.static.contabo.net	Not listed	AS51167 CONTABO	FR	no
2022-01-06 16:51:36	62.171.130.84	ip-84-130-171-62.static.contabo.net	Not listed	AS51167 CONTABO	DE	no
2021-12-21 03:01:00	69.49.245.242	69-49-245-242.webhostbox.net	Not listed	AS19871 NETWORK-SOLUTIONS-HOSTING	US	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-04-09 15:43:04	http://thebabybasket.co.uk/windoc/grace/Tepic.exe	Offline	Agenttelsa AgentTesla	James_inthe_box

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2021-04-09 15:43:04	246a80477c659a3d29e39e00bfb4775217507c1cebdb3c9816c905a5d6d68535	exe		AgentTesla