URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-05-02 03:30:41	85.158.232.135		Not listed	AS6730 SUNRISE	CH	yes
2022-08-16 18:54:00	185.136.120.30	120030.vivanet.cloud	Not listed	AS204631 VIVANET-AS	CH	no
2022-03-30 22:12:04	185.136.120.100	120100.vivanet.cloud	Not listed	AS204631 VIVANET-AS	CH	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-03-30 22:12:04	http://hausgemachtes.ch/wafx_res/67K8Mj0OezOZZh...	Offline	emotet epoch4 heodo xls	Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2022-03-31 07:18:56	894658b992050ab6d7ee061f083a48264ce56c1b4fbc5ac87c142765405a47f7	xlsm		Heodo
2022-03-31 06:00:02	a1057f814e603d7b7ff7b711305cac0ef15e48b78499802d411424a19ee235f8	xlsm		Heodo
2022-03-31 05:29:07	9098c46a233798193c0587711f5a9be2a4aa97567db08504452748dde516053a	xlsm		Heodo
2022-03-31 01:35:02	652a3348b8cc258826c44ec6e135a18779b75bf7b8f9aec2dae1726bb793acc5	xlsm		Heodo
2022-03-31 00:23:43	d0e1bf9a8969b0e7856ed1015033cef4c745a120413c76d61b1560e323de2359	xlsm		Heodo
2022-03-31 00:05:18	30966974e86a66616cc16777afa85aae655f75123db0418c503c03e389091e69	xlsm		Heodo
2022-03-30 22:59:07	39bbb570609ea300f9d959dcf23f2161043c6dedc230f97e7eab2388db651831	xlsm		Heodo
2022-03-30 22:12:03	fd0dfb80a1cb4bbdef0cf9b9a2503563ed8679d88a305b246dce39b58a105bf7	xlsm		Heodo