URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-11-14 21:40:48	23.106.50.53		Not listed	AS59253 LEASEWEB-APAC-SIN-11	SG	yes
2025-10-15 17:31:42	139.144.119.143	sin2.hostclusters.com	Not listed	AS63949 AKAMAI-LINODE-AP	SG	no
2021-06-17 07:42:07	18.136.132.202	ns2.iisol.org	Not listed	AS16509 AMAZON-02	SG	no
2025-10-09 12:46:22	91.195.240.94		Not listed	AS47846 SEDO-AS	DE	no
2021-10-12 11:44:26	34.98.99.30	30.99.98.34.bc.googleusercontent.com	Not listed	AS396982 GOOGLE-CLOUD-PLATFORM	US	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-06-21 19:40:06	https://tricommanagement.org/fonts/font-awesome...	Offline	Dridex opendir	Cryptolaemus1
2021-06-17 07:42:07	https://tricommanagement.org/fonts/font-awesome...	Offline	CobaltStrike	info_sec_ca

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2022-03-13 02:03:13	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855	unknown
2022-03-13 01:30:54	7a6837edc95157d66dd3bfec81ada8dbcf1601942b049da150e371b847eefea8	unknown
2021-06-17 08:47:13	407eed9aa2c05b67f0bbbcb87f73aac7952a468129f264ed2d42437f78df7b70	dll		CobaltStrike
2021-06-17 08:29:58	434c246d2be81c0a28aea4b865656de223e083ce670581843cff4c67d66da0cc	dll		CobaltStrike
2021-06-17 07:42:06	c3163389f8926bb33178e27ad11af95395955da44380a4ffd84ef7f8af135c1e	dll		CobaltStrike