URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-04-28 02:47:13	162.241.61.239	162-241-61-239.unifiedlayer.com	Not listed	AS19871 NETWORK-SOLUTIONS-HOSTING	US	yes
2020-02-05 13:39:00	153.122.85.104		Not listed	AS131921 MAINT-JPNIC	JP	no
2020-01-24 21:11:09	153.122.57.175	sub0000541492.hmk-temp.com	Not listed	AS131921 MAINT-JPNIC	JP	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2020-01-24 21:11:09	https://newskymobile.jp/8uf/107951_kulP8pzOnII4...	Offline	doc emotet epoch1 heodo	Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2020-01-25 02:28:38	7a257b44a9fb62afa665bf698344474aa5ad6ab256a2ba1692223bb491dd938e	doc		Heodo
2020-01-25 01:26:24	2c766cefc72ed82b965682d731703859bb9e88bfe41720b32db5fd80a5c1c630	doc		Heodo
2020-01-25 00:25:30	84232ef58a9e4bcd7f0694bb51bf6ddf5969514899f00cee26e1a3d01ed204b2	doc		Heodo
2020-01-24 23:54:54	de72ecd5468e8d098273998dbaaa0402d34eb0966456c717a0c5adc75b3ac2ba	doc		Heodo
2020-01-24 23:24:26	6ac1a717b4ccc5b9f59e24983045117253454d52129cf64406f1e24418afcfd4	doc		Heodo
2020-01-24 21:53:23	c20bb59f9e7d85bf81173ebe6277c9d3961963762d212abcec41f05238d3e2e6	doc		Heodo
2020-01-24 21:11:08	0125ba70c9635bce08e993cac5046795777482d6404c794aaac1cbe270028f3d	doc		Heodo