URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-04-30 19:07:01	107.6.136.42	amsr201.websitehostserver.net	Not listed	AS32475 SINGLEHOP-LLC	US	yes
2020-08-25 17:25:12	198.20.120.146	rrugadrejtsuksesit.com	Not listed	AS32475 SINGLEHOP-LLC	NL	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2020-08-28 06:41:12	http://invoice.ae/cuhqw/	Offline	emotet epoch3 exe heodo	Cryptolaemus1
2020-08-25 17:25:12	http://invoice.ae/invoices.ae/Documentation/mf3...	Offline	doc emotet epoch2 heodo	Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2020-08-28 07:50:12	e297b1ed360e120fb503e7923e63cdff5130f6968b99e9da5f17520ffb0ec0ba	exe		Heodo
2020-08-28 07:22:03	097d6ea5e891028dc22b4a5a26d5d9bbdc28c6ec248068a020a03a16df614d0e	exe		Heodo
2020-08-28 07:01:33	026b95da54749171bc599bf24db640abfd1ed4edbac2b4a7ed85b0f57d5bfef4	exe		Heodo
2020-08-28 06:41:12	e19ae0d0c17386ee8e5278be92f29a8f0f98d170376a6ec1e4abb7095c329aa5	exe		Heodo
2020-08-25 18:38:34	cd5de7d65b2e9b1096050ce5dc17eab61c74558a8570d384af33e78dd2d9b025	doc		Heodo
2020-08-25 18:01:11	2585dca9439553fc132aa07924ab669bd0ac2b0efb4dc154f3538472be3d5425	doc		Heodo
2020-08-25 17:44:22	d5f40d452d9a860469d5230c2770b2dd97806bcf9734af4d3f76218dba8e5c8c	doc		Heodo
2020-08-25 17:25:12	a739a31e32ab7fa601d4f3c3b816aaad621608deb572db4c84030ea4f4e8df20	doc		Heodo