URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-11-05 03:47:44	91.195.240.13		Not listed	AS47846 SEDO-AS	DE	yes
2025-06-28 08:00:40	52.4.148.156	ec2-52-4-148-156.compute-1.amazonaws.com	Not listed	AS16509 AMAZON-02	US	no
2025-07-02 12:40:44	18.233.137.190	ec2-18-233-137-190.compute-1.amazonaws.com	Not listed	AS14618 AMAZON-AES	US	no
2025-06-28 08:00:40	44.220.108.2	ec2-44-220-108-2.compute-1.amazonaws.com	Not listed	AS16509 AMAZON-02	US	no
2025-06-27 00:16:44	3.93.249.75	ec2-3-93-249-75.compute-1.amazonaws.com	Not listed	AS16509 AMAZON-02	US	no
2025-04-27 12:29:05	103.224.212.215		Not listed	AS133618 TRELLIAN-AS-AP	AU	no
2025-06-09 06:25:54	3.210.147.83	ec2-3-210-147-83.compute-1.amazonaws.com	Not listed	AS14618 AMAZON-AES	US	no
2025-06-09 06:25:54	54.163.66.91	ec2-54-163-66-91.compute-1.amazonaws.com	Not listed	AS16509 AMAZON-02	US	no
2025-06-01 10:47:56	13.216.97.21	ec2-13-216-97-21.compute-1.amazonaws.com	Not listed	AS14618 AMAZON-AES	US	no
2025-05-29 09:23:28	54.237.116.149	ec2-54-237-116-149.compute-1.amazonaws.com	Not listed	AS16509 AMAZON-02	US	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-07-02 18:17:05	https://www.zaidalomar.com/wp-includes/sodium_c...	Offline	Dridex	Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2021-07-02 18:38:01	6785c64a1bdc72a4c27cf21a478807dac184463945dbec21b3593577335d050c	dll		Dridex