URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	excess.web.tr
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Control D HaGeZi :	Not blocked
Firstseen:	2020-07-22 17:48:03 UTC
Total malware sites :	2
Online malware sites :	0 (0%)
Offline Malware sites :	2 (100%)
A record(s) observed :	5

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-04-28 01:54:45	217.18.85.52	server52.tr85.dhs.com.tr	Not listed	AS201233 dhs	TR	yes
2021-05-22 19:26:40	185.254.28.2	host-185.254.28.2.routergate.com	Not listed	AS215645 AS209737	TR	no
2021-02-19 01:13:34	185.136.207.82		Not listed	AS211995 a2z	AZ	no
2020-10-28 20:55:24	185.207.39.227	www.fiberserver.net.tr-www.fiberltd.net	Not listed	AS203377 FiberNET-Teknoloji-LTD	TR	no
2020-07-22 17:48:04	77.92.90.190	av-nur.com	Not listed	AS13213 UK2NET-AS	GB	no

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2020-07-28 08:53:03	http://excess.web.tr/docs/4uzog3fpr27/	Offline	doc emotet epoch2 heodo	Cryptolaemus1
2020-07-22 17:48:04	http://excess.web.tr/font/FILE/	Offline	doc emotet epoch2 heodo	spamhaus

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2020-09-01 01:30:58	dcab281c030ca8ebd833b95d2379df634eec571e1ae19b6aad70ae1a0eb2e07e	doc	Heodo
2020-07-28 11:15:43	7880dbee79353af6a070ba20eda972b3ef7abad67d3c309d064ced44676ed6e4	doc	Heodo
2020-07-28 10:53:13	23c51d3c717104427e3ee990c8db28900701083c086707b24493ad7f9968be97	doc	Heodo
2020-07-28 10:36:45	69314a5a40529facfde61bb78562869e4ca9a67ba69a3028d376a265e174ea6c	doc	Heodo
2020-07-28 10:32:46	2840dbe68611c23040d1bcd78b9473dcd48de959c93280ee78f105b5af51fe75	doc	Heodo
2020-07-28 10:17:34	8b8b2829eec27c2687e1e4dfb190e65d66875564f241e73d6229909a552a510c	doc	Heodo
2020-07-28 09:56:59	26906041efdeafb6c1754eac8dff97abf079148816f1121ef92bfaed0a6e9991	doc	Heodo
2020-07-28 09:38:45	c10d1d7b7a6bdcee31e7e98ee8290a37d2c50a27aac7c20a64d41629c88b622d	doc	Heodo
2020-07-28 08:53:03	b12900d634708edaefd0ef99628c89ac7fc197c02ad83d8ccd8bc3a90dcf6d78	doc	Heodo
2020-07-22 17:48:04	25737bcaa6c0c46693fcd5eef40857305f06e0527275a7135f1ec1c2505102cc	doc	Heodo