URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-10-06 02:02:57	185.107.56.208		Not listed	AS43350 NFORCE	NL	yes
2025-11-02 08:13:10	82.192.80.79		Not listed	AS60781 LEASEWEB-NL-AMS-01	NL	no
2025-10-08 18:11:20	185.107.56.210		Not listed	AS43350 NFORCE	NL	no
2025-11-01 01:15:05	82.192.80.80		Not listed	AS60781 LEASEWEB-NL-AMS-01	NL	no
2025-10-14 20:55:15	185.107.56.207		Not listed	AS43350 NFORCE	NL	no
2025-08-18 06:56:38	77.247.179.91		Not listed	AS43350 NFORCE	NL	no
2025-05-25 07:54:57	77.247.179.90		Not listed	AS43350 NFORCE	NL	no
2025-10-12 10:31:51	185.150.189.123	emails.victorkaiser.com	Not listed	AS23470 RELIABLESITE	US	no
2025-10-03 10:47:40	185.150.189.166	ny-117.vshield.pro	Not listed	AS23470 RELIABLESITE	US	no
2025-06-04 10:39:39	77.247.179.87		Not listed	AS43350 NFORCE	NL	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2020-10-16 20:46:04	http://alibabamakemerich.com/wp-includes/esp/ed...	Offline	doc emotet epoch2 heodo	Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2020-10-18 02:25:02	360a5cb7eed923017b4ef07460e7652362cdf1fc0a902516addbb8e244e30134	doc		Heodo
2020-10-16 20:46:04	00ca7ef024a663527f5295900154321d98f6422070bbdf2c9c2abe268370b811	doc		Heodo