URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2021-01-04 21:38:59	91.194.77.112	web8.garmtech.net	Not listed	AS43108 GARM-AS	GB	no
2020-12-09 04:51:25	67.222.110.130	pistons.unisonplatform.com	Not listed	AS33494 IHNET	US	no
2020-10-21 13:37:03	185.46.120.226	dolphins.unisonplatform.com	Not listed	AS62134 IHNET-EU	US	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2020-10-21 13:37:03	http://leina.lv/leina/rbljxH8o99rxRF/	Offline	doc emotet epoch1 heodo	Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2020-10-22 05:03:52	8b05297c048f55387edd8b05e69d2a1240c7906afaebaf370edb5b8124f57043	doc		Heodo
2020-10-22 04:16:04	e8cdc278eaa95810ad409fa3670e5cf1dafae7c1532c014bf7e62d4b860a6559	doc		Heodo
2020-10-21 23:23:43	d65ac49f3e3c26aa5a64eb44cd03e3d4e66f10dfc24adb8dba89260852589e14	doc		Heodo
2020-10-21 22:34:10	b7e9cf82054a08fa01d9412cb90a56de33c1d1f0faf71f5ac572dc691b47fe81	doc		Heodo
2020-10-21 20:06:51	2a134af3605cd8875600e60812b847503f74c33b2991c3fef4b4449ff3421233	doc		Heodo
2020-10-21 17:30:32	e822f01aa9977a8463b4ed7e2031156b901753bef12ad64a559787d074be8e89	doc		Heodo
2020-10-21 14:26:21	2d2ac5cd6f74a5856e83c7e4c12acc89c52216c00e83f8d84d58aee357824881	doc		Heodo
2020-10-21 13:37:03	db7fd02e58a7010694a4fd1296ad552e427f156efb262f3eb73b1a1142004947	doc		Heodo