URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-11-02 06:18:35	13.248.243.5	a16e665f42988324c.awsglobalaccelerator.com	Not listed	AS16509 AMAZON-02	US	no
2025-11-02 06:18:35	76.223.105.230	a16e665f42988324c.awsglobalaccelerator.com	Not listed	AS16509 AMAZON-02	US	no
2021-01-18 21:31:25	184.168.131.241	241.131.168.184.host.secureserver.net	Not listed	AS26496 AS-26496-GO-DADDY-COM-LLC	US	no
2020-09-25 05:57:41	35.213.138.9	9.138.213.35.bc.googleusercontent.com	Not listed	AS15169 GOOGLE	SG	no
2020-09-23 07:10:15	172.67.189.73		Not listed	AS13335 CLOUDFLARENET	n/a	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2020-09-23 22:26:06	http://youtube-monetization.com/qrnsp/2v/	Offline	emotet epoch2 exe heodo	Cryptolaemus1
2020-09-23 07:10:15	http://youtube-monetization.com/wp-admin/Docume...	Offline	doc emotet epoch2 heodo	Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2020-09-23 22:26:06	166adb615416b6938a83c6204b96f4e4485bef20b5f8f9a2591468bc1c31586d	exe		Heodo
2020-09-23 07:47:29	93fddf6220e95dc443df2a8bea1bd77d75a502ca3d7ba4428a6f7eccdf3c659e	doc		Heodo
2020-09-23 07:28:25	c482b94b35c677f27e5911c44179f984768ceca5388c34e6b5bdafa23dac794b	doc		Heodo
2020-09-23 07:10:14	80345dcdae23c5209ca98dc5266bfd4e989d51223a302e41c5193bde6c6544f9	doc		Heodo