URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-05-14 19:42:55	115.187.18.85		Not listed	AS133070 EHL-AS-AP	BD	yes
2021-01-15 13:53:38	104.21.91.24		Not listed	AS13335 CLOUDFLARENET	n/a	no
2020-10-29 11:37:06	172.67.208.217		Not listed	AS13335 CLOUDFLARENET	n/a	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2020-10-29 16:25:10	http://kichai.xyz/wp-admin/3eJkZcUr/	Offline	doc emotet epoch2	Cryptolaemus1
2020-10-29 11:37:06	https://kichai.xyz/wp-admin/3eJkZcUr/	Offline	doc emotet epoch2 heodo	Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2020-10-29 14:28:42	cd3fe863b543b7cff0caa09fe57459ed428b05158a34dd748438f0f7a671fabb	doc		Heodo
2020-10-29 14:00:40	9fe969fee626debd81e116bda0f8fba99a6adf05e1a8265e3e9d93df703da84b	doc		Heodo
2020-10-29 13:41:01	0cec6f211eea415989b964dbdbbf4da0f4d0dfc4b70990a7d27491cf154615e8	doc		Heodo
2020-10-29 13:19:42	3a2e90fab180e4802d87707829a02157b25a93f71da8a2a62796b59483d315c7	doc		Heodo
2020-10-29 12:47:47	ac100d3e7a4985580d980cb7dc26527d01d4166b7bc89405dd21918ae03f7fae	doc		Heodo
2020-10-29 12:05:31	fa68a64196793116b8b029723e9a7fd7d6a7e5c8bbcc752be10b93c5575ebb03	doc		Heodo
2020-10-29 11:49:02	c56962ccf0f482b04c168639afb894430e7cb71c873faac02d8f3a34107f33a8	doc		Heodo
2020-10-29 11:37:05	ae454b06f63308de7e1a613281feea2eef089041c67af45e72ceec804482b526	doc		Heodo