URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	geomodelling.rs
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Blocked
Control D HaGeZi :	Not blocked
Firstseen:	2020-08-28 22:12:06 UTC
Total malware sites :	1
A record(s) observed :	2

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-10-23 10:51:18	185.22.147.2	ares.saltedbite.cloud	Not listed	AS57595 NETLOGIC-AS	RS	yes
2020-08-28 22:12:08	176.221.75.131	cpanel.nlnet.rs	Not listed	AS57595 NETLOGIC-AS	RS	no

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2020-08-28 22:12:08	http://geomodelling.rs/sitetarget/docs/bxdrj1c/	Offline	doc emotet epoch2 heodo	spamhaus

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2020-08-29 00:01:45	2b8c2b9a9c7d844ed52ed9144f940f325bccce6ad4c74c524b4470ee94a583ff	doc	Heodo
2020-08-28 23:48:36	933af4898a9ce638e04dbcf02e075e9f7eecf02ab22cebc4488517cd415e1c71	doc	Heodo
2020-08-28 23:33:39	f5d308b615528818047b9010074fd219d6248ce43aff167bcc0bbb56a6d45504	doc	Heodo
2020-08-28 23:21:34	aef46f7e71936aca8da4fff081f587fe6293f09dac7b27fc70f372088eff86f5	doc	Heodo
2020-08-28 23:05:04	167504fd75c887fa1e091030f6f8899e57917c86c6e455c8f7fe99b378bb5f71	doc	Heodo
2020-08-28 22:48:40	3e8f3a7d0d0ce8e8ab7b5363b9c12f3219bd75974ac09118344ccc9c2b727727	doc	Heodo
2020-08-28 22:12:08	e5cbe16ff82c0a8778906a889f99a6cc41def9921e1944cf107eab74e277559b	doc	Heodo