URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-11-14 15:52:48	104.21.17.244		Not listed	AS13335 CLOUDFLARENET	n/a	yes
2025-11-14 15:52:48	172.67.178.226		Not listed	AS13335 CLOUDFLARENET	n/a	yes
2025-04-28 21:42:44	188.114.96.3		Not listed	AS13335 CLOUDFLARENET	n/a	no
2025-04-28 21:42:44	188.114.97.3		Not listed	AS13335 CLOUDFLARENET	n/a	no
2025-05-25 00:09:08	104.21.82.161		Not listed	AS13335 CLOUDFLARENET	n/a	no
2025-05-25 00:09:08	172.67.159.90		Not listed	AS13335 CLOUDFLARENET	n/a	no
2020-08-20 12:39:25	154.208.96.19		Not listed	AS11404 AS-WAVE-1	US	no
2020-08-17 13:41:13	23.234.41.152		Not listed	AS134548 DXTL-HK	US	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2020-08-17 13:41:13	http://1win365.com/wp-admin/multifunctional-res...	Offline	doc emotet epoch1 heodo	spamhaus

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2020-08-17 16:59:33	8a346d540cf74e5dd42aa37659347c7620b972f541ed167bf4ffe7cfcacfe5e5	doc		Heodo
2020-08-17 16:44:25	dbecd98d9fd1626b3aa562d063ba66033db39d1b8e846afe8634d738feeda550	doc		Heodo
2020-08-17 15:12:06	b8c4ae9395ce9c082cbe508326bbc7a8bc329dd318b3034fde610276c5d2e102	doc		Heodo
2020-08-17 13:41:10	5488ced86c0349f218ebe8ee794bcca48f54e48b1be0335d03602d5a8b99a90a	doc		Heodo