URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-11-10 22:13:05	104.21.24.183		Not listed	AS13335 CLOUDFLARENET	n/a	yes
2025-11-10 22:13:05	172.67.219.227		Not listed	AS13335 CLOUDFLARENET	n/a	yes
2025-05-01 15:26:00	177.153.58.234	mukah.vps-kinghost.net	Not listed	AS27715 Locaweb_Servios_de_Internet_S/A	BR	no
2020-09-21 22:50:08	165.227.182.120		Not listed	AS14061 DIGITALOCEAN-ASN	US	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2020-09-21 22:50:08	https://mukah.com.br/anjosdaguarda/wp-includes/...	Offline	doc emotet epoch2 heodo	Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2020-09-22 01:23:26	23184d215b3db4bb670b2c1e70e1b7f81760cdec7e35b8a0a90cebc4a6797ecc	doc		Heodo
2020-09-22 00:48:33	ed6598e7e6d37524439397ed78a735fe41117f47c0964cba780b5800d4eb5146	doc		Heodo
2020-09-22 00:37:59	0489a6b94e2c6206bd2730cc32c8f873d1ac1af2ad02bdb69a77a8078460741c	doc		Heodo
2020-09-22 00:14:23	66a72b85f41d624425d7d908104bfec8a8c0c8412c8a23337b71844f909a0175	doc		Heodo
2020-09-21 23:35:07	a09dd0e095d93b68eb0713e31e92eb9caee82983e99ddccdb71177216cc52f30	doc		Heodo
2020-09-21 23:13:03	0b406d237fa37888f1acd0ffc4b59577ffd5e45b792a835c2141483e2206ce9c	doc		Heodo
2020-09-21 22:50:07	86a8ee1c5f1f5ce84a8f3b31c04f51e324a47d2de0936339357ee0e9a139e0c6	doc		Heodo