URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-06-29 15:30:21 | 188.114.96.3 | Not listed | AS13335 CLOUDFLARENET | n/a | yes | |
| 2025-06-29 15:30:21 | 188.114.97.3 | Not listed | AS13335 CLOUDFLARENET | n/a | yes | |
| 2025-07-02 15:19:19 | 104.21.92.12 | Not listed | AS13335 CLOUDFLARENET | n/a | no | |
| 2025-07-02 15:19:19 | 172.67.184.126 | Not listed | AS13335 CLOUDFLARENET | n/a | no | |
| 2025-06-01 12:13:00 | 172.65.190.172 | Not listed | AS13335 CLOUDFLARENET | n/a | no | |
| 2020-01-24 07:03:37 | 162.159.208.60 | Not listed | AS13335 CLOUDFLARENET | n/a | no | |
| 2020-03-02 01:42:27 | 58.211.137.132 | Not listed | AS140292 CHINATELECOM-JIANGSU-SUZHOU-5G-NETWORK |  CN | no | |
| 2025-11-05 05:42:16 | 188.114.96.12 | SBL687667 | AS13335 CLOUDFLARENET | n/a | no | |
| 2025-11-05 05:42:16 | 188.114.97.12 | SBL687666 | AS13335 CLOUDFLARENET | n/a | no |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2020-02-06 00:23:11 | http://jy.gzsdzh.com/wp-admin/docs/jpr558494929... | Offline | doc emotet  epoch2 heodo |  spamhaus |
| 2020-02-03 18:17:45 | http://jy.gzsdzh.com/wp-admin/INC/c4rh096174864... | Offline | doc emotet epoch2 heodo | spamhaus |
| 2020-02-01 00:20:09 | http://jy.gzsdzh.com/wp-admin/protected-zone/co... | Offline | doc emotet epoch1 heodo | spamhaus |
| 2020-01-29 22:10:08 | http://jy.gzsdzh.com/wp-admin/multifunctional-b... | Offline | doc emotet epoch1 heodo |  Cryptolaemus1 |
| 2020-01-27 21:37:15 | http://jy.gzsdzh.com/wp-admin/personal_gw90r9j0... | Offline | doc emotet epoch1 heodo | Cryptolaemus1 |
| 2020-01-24 07:03:37 | http://jy.gzsdzh.com/wp-admin/QZJwOCbazv/ | Offline | emotet epoch1 exe heodo | Cryptolaemus1 |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2020-02-03 18:17:44 | 5260a8b5127d106616c35b3b54c005e4e21a3463cfd6a9068a9fc128cc28c527 | docx | ||
| 2020-02-01 04:32:51 | dda76af8d395dccbe545d1229617376570b747b0bacfe5582b646f42937eb732 | doc | Heodo | |
| 2020-02-01 03:21:47 | b67d9a95a6a08ba02556971147227edd021913ba8358b4f59c86227d4b57f502 | doc | Heodo | |
| 2020-02-01 02:02:15 | 7701f0948a3c21d43e92b7e6e67ad7e942fef4c953e101b7061cc07f4be0833e | doc | Heodo | |
| 2020-02-01 00:59:29 | 27689a930fd81d023602e707ea9431d24fd92189df1a2acf8f8cf481f60180ea | doc | Heodo | |
| 2020-02-01 00:20:08 | 41bc73aef76c69b9bbb330c48bf380e55405bb67cfb7d9be5c6cbb188ac41d32 | doc | Heodo | |
| 2020-01-29 22:10:07 | 315cf86a77ccf32952f4878001e53336340ba0103585421695ee79ae25153bea | doc | Heodo | |
| 2020-01-27 22:07:59 | 105d24ebb512c02c992f5b330459830f12ece2b54011cd65914e673f0617c8c7 | doc | Heodo | |
| 2020-01-27 21:37:14 | 0d4e97e95ead8d6bc4b9094a0a71cc5192cde229ce8d1fcb9b45894efd727b4d | doc | ||
| 2020-01-24 07:03:36 | f71211baf688c6ef592c9046416b4b651ce410af68c8c40861f6cb09c4bb386c | exe | Heodo |