URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-10-09 17:37:11	92.113.23.170		Not listed	AS47583 AS-HOSTINGER	DE	no
2025-09-21 22:28:38	92.113.23.129		Not listed	AS47583 AS-HOSTINGER	DE	no
2025-08-21 03:45:36	92.113.16.16		Not listed	AS47583 AS-HOSTINGER	DE	no
2025-06-26 09:24:49	92.113.23.218		Not listed	AS47583 AS-HOSTINGER	DE	no
2025-08-26 12:07:08	92.113.16.50		Not listed	AS47583 AS-HOSTINGER	DE	no
2025-09-19 11:43:33	92.113.16.186		Not listed	AS47583 AS-HOSTINGER	DE	no
2025-09-16 22:04:00	92.113.23.127		Not listed	AS47583 AS-HOSTINGER	DE	no
2025-08-16 14:26:34	92.113.16.242		Not listed	AS47583 AS-HOSTINGER	DE	no
2025-09-01 23:21:04	92.113.16.20		Not listed	AS47583 AS-HOSTINGER	DE	no
2025-09-24 11:04:51	92.113.16.166		Not listed	AS47583 AS-HOSTINGER	DE	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-01-22 21:44:07	https://magnumuae.com/wp-includes/avgL4Fjh05Bfg...	Offline	doc emotet epoch2 heodo	Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2021-01-25 23:09:46	e86d93199f2f416bf5dca9a736c5bdbac4ee3989ab0f04baad2c7e0066316e72	doc		Heodo
2021-01-22 22:00:53	377ccf81bc50553f09c559652bad5ec67c73c649cb60ba53cfd01f39a52e5ad2	doc		Heodo
2021-01-22 21:47:58	d369edd4ee295fafd1231bb5d370fff75a48505360a64708bce6418c7f2974a1	doc		Heodo
2021-01-22 21:44:07	5baed32dcd265a53a8f5f4182bfa79336ffa1acc17f1ab71e8387529a82b10cd	doc		Heodo