URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-09-04 05:20:40 | 5.44.244.230 | hosting-10.wepardi.fi | Not listed | AS201692 ZONER-AS |  FI | yes |
| 2023-04-26 17:47:52 | 94.237.107.66 | hosting-10.wepardi.fi | Not listed | AS202053 UPCLOUD | FI | no |
| 2022-01-20 06:51:05 | 192.130.146.152 | Not listed | AS1759 TSF-IP-Core | FI | no |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2022-01-20 06:51:05 | http://sinuntahtesi.com/assets/6537875-8001/?i=1 | Offline | doc emotet  epoch5 heodo |  Cryptolaemus1 |
| 2022-01-20 06:51:05 | http://sinuntahtesi.com/assets/6537875-8001/ | Offline | emotet epoch5 redir-doc xls | Cryptolaemus1 |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2022-01-20 07:59:38 | e4b4b4aeffb795fbbac1cd7bf7465c6fd98c0906401fdb3a90ecca0ce903b3c4 | xlsm | Heodo | |
| 2022-01-20 07:29:26 | a75d803a646fa5cfa41b0489c6de355e62319450b46d41792b4b5b3cd21a0dc3 | xlsm | Heodo | |
| 2022-01-20 07:11:34 | 19d1c6a37f4b01531b66ec4b77e6479907d637b4bd18431ace83635eb4d07afa | xlsm | Heodo | |
| 2022-01-20 06:51:05 | fb18f3109867f5c66552ed2cb8f624bd0d7b882b0c68ede96f53782bde872794 | xlsm | Heodo | |
| 2022-01-20 06:51:04 | cafd8ab2f8d419a5a24272d3f18590e58dfcdbf3dc6790a270cf2141e6f8ab13 | html |