URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name). This page shows all malware URLs that are associated with the host www.xn--4dkp5a8a8393c2odvw9a9p6aoy8a.com.

Database Entry

Spamhaus DBL:Not listed
SURBL:Not listed
Firstseen:2018-05-14 15:51:34 UTC

IP addresses

The table below shows all IP address obsered for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones).

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2018-07-28 12:49:2052.25.92.0ec2-52-25-92-0.us-west-2.compute.amazonaws.comNot listedAS16509 AMAZON-02 - Amazon.com, Inc.- USno
2018-07-28 06:23:1454.65.172.3ec2-54-65-172-3.ap-northeast-1.compute.amazonaws.comNot listedAS16509 AMAZON-02 - Amazon.com, Inc.- JPno
2018-05-14 15:51:40157.7.188.155users167.heteml.jpNot listedAS7506 INTERQ GMO Internet,Inc- JPno

Malware URLs

The table below shows all malware URLs that are associated with this particulare host.

Dateadded (UTC)URLStatusTagsGSBReporter
2018-05-14 15:51:40http://www.xn--4dkp5a8a8393c2odvw9a9p6aoy8a.com/update.phpOfflineAgentTesla GandCrab heodo Loki Ransomware Ransomware.GandCrab Clean@JAMESWT_MHT