URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-10-08 15:33:07	185.220.244.29	charon.artera.farm	Not listed	AS12637 SEEWEB	CH	yes
2025-04-30 12:20:01	49.13.51.7	cp2.wareserv.com	Not listed	AS24940 HETZNER-AS	DE	no
2020-09-03 19:13:34	82.220.91.43	mtebar.mifaweb.net	Not listed	AS9044 SOLNET	CH	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2020-09-03 19:13:34	http://farmaciaarcobaleno.ch/wp-snapshots/PNXFH...	Offline	emotet epoch3 exe heodo	Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2020-09-03 21:07:37	2499dd5932195522d821f1b6372a30d0112ae63c2cf42f015c70d032c9f00071	exe		Heodo
2020-09-03 20:51:28	7c6896299a28a8ea854029d4942d9bbbc887cf0e3dcc89f80797160539a9b84c	exe		Heodo
2020-09-03 20:30:32	6a1b713157ec7ee5812c3e5f5c97ac337acbe2a61d436adf7e8c92f42b9003f5	exe		Heodo
2020-09-03 20:24:38	abc422eb83cccf4ab4cf3e65d1d1e8596af8b0618215f2f56aa60f8e1b56ac47	exe		Heodo
2020-09-03 19:58:56	5dce985765fe8e2815508c94ae5a2e0516ec554c326ba9058b961a0a8471b5bd	exe		Heodo
2020-09-03 19:39:57	0174e322dacb386921d334e5d220629fe16ca69eca59f843ae6ccf25e39d1838	exe		Heodo
2020-09-03 19:13:33	edaa589be83469406cdb9c77475be867316a3a75e995227288d9e13a00692133	exe		Heodo