URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-11-10 19:26:05	188.114.96.3		Not listed	AS13335 CLOUDFLARENET	n/a	yes
2025-11-10 19:26:05	188.114.97.3		Not listed	AS13335 CLOUDFLARENET	n/a	yes
2025-04-28 04:23:14	141.193.213.10		Not listed	AS209242 CLOUDFLARESPECTRUM	US	no
2025-04-28 04:23:14	141.193.213.11		Not listed	AS209242 CLOUDFLARESPECTRUM	US	no
2020-10-21 11:01:41	172.67.204.26		Not listed	AS13335 CLOUDFLARENET	n/a	no
2021-01-15 06:42:32	104.21.52.213		Not listed	AS13335 CLOUDFLARENET	n/a	no
2020-10-19 20:38:04	5.189.178.31	vmi398597.contaboserver.net	Not listed	AS51167 CONTABO	FR	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2020-10-19 20:38:04	https://itegroup.al/cgi-bin/eTrac/kkg5vzhjyk9ec/	Offline	doc emotet epoch2 heodo	Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2020-10-19 22:05:36	7af133206232af82a36e45dcbc7e64a3ea9ca17299266f647e0b130f0c100104	doc		Heodo
2020-10-19 21:55:15	274cfd5e9c3e428d1183c7011e1737a41572574138afaaf467de745f7e87e372	doc		Heodo
2020-10-19 21:13:33	24aa0b76e29bbdca3ce724f547c7cd8ecffbd973e9c800a142a172abea94a44c	doc		Heodo
2020-10-19 20:53:31	02fb14b853a57f7e925b5f9908b367c89029942cfcf48b2c66ff6ce176b2b4c6	doc		Heodo
2020-10-19 20:38:03	3609b53854e45524f9a41351bc0ebed9dce553e0eb558fc06fab72cee6b97de4	doc		Heodo