URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-09-09 16:26:02	162.241.61.204	162-241-61-204.unifiedlayer.com	Not listed	AS19871 NETWORK-SOLUTIONS-HOSTING	US	yes
2025-04-30 09:18:00	195.250.27.131	p4050.mex1.stableserver.net	Not listed	AS211126 WHG-MEX	MX	no
2020-08-11 09:57:06	207.148.0.174	207.148.0.174.vultrusercontent.com	Not listed	AS20473 AS-VULTR	US	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2020-08-11 09:57:06	http://decapsis.com/administrator/protected_res...	Offline	doc emotet epoch1 heodo	spamhaus

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2020-08-11 12:03:05	b6996cae658283af7922ab5b0c3a2e16fb4fafbe641c818ff651053bb7836342	doc		Heodo
2020-08-11 11:44:00	23315f65b06123e965e1949c08085c097b3efc919a3807955cd3e1acc596e809	doc		Heodo
2020-08-11 11:15:44	29d67f5bde2807da0a4316463578997237825ad1a5e219e2dc5d9c4efa4cf3e1	doc		Heodo
2020-08-11 10:55:50	f680090987b21b32b1b79195b479f3bb74ae2e1507572e091736a055335597bd	doc		Heodo
2020-08-11 10:25:29	a6913ae8ba43c0a8e7e2b3ad3e2623096c45be801d9274e6162c679cb4fd80e7	doc		Heodo
2020-08-11 10:08:58	a72210e93b8fbc11a25dec4ea2f7d6f637a31a66e36a71a9b1c9ef71aed2b62e	doc		Heodo
2020-08-11 09:57:06	e110bbd4a3f29fa7c662bf2dc8a9c59cdf48bca88ea30bbb6d4ff9e1a84dabef	doc		Heodo