URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-08-31 16:24:31	74.208.236.73	74-208-236-73.elastic-ssl.ui-r.com	Not listed	AS8560 IONOS-AS	US	yes
2025-04-28 06:08:35	107.180.21.58	58.21.180.107.host.secureserver.net	Not listed	AS400754 GO-DADDY-COM-LLC	US	no
2020-10-21 15:50:15	64.13.192.72	acmkokecao.gs01.gridserver.com	Not listed	AS26496 AS-26496-GO-DADDY-COM-LLC	US	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2020-10-21 15:50:15	http://sofiariggen.com/js/lm/6rVkATBaXx/	Offline	doc emotet epoch1 heodo	Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2020-10-21 19:43:14	8537810517cd5dd09f54c8b9b8ae8800be7178a6bd57e6b35effba2f254dc891	doc		Heodo
2020-10-21 19:12:18	4495e02eb9c67c54be349e4212281f1c652234240082f96a9071ced88e8c6f9c	doc		Heodo
2020-10-21 18:41:27	fadd46cf2d24d37774a0476e63f3deab1b22a0be761fcf7e250a25dbbec858d7	doc		Heodo
2020-10-21 17:52:41	7d812b3579d4c3f9b7d05487763dd9253ce70bebca34b9d46735f76435e3fdd0	doc		Heodo
2020-10-21 17:37:03	00ed59c9df48338ff3a5a699c8e8f21b57b36396088820dd0e3b51382a6e3016	doc		Heodo
2020-10-21 17:03:24	f6cca707c3dba7f0fb0a216c7910dd5b8da4d5601fc47156afc04c9e516d8284	doc		Heodo
2020-10-21 16:29:45	1c9f16cb8efe6d27052e6e20471366e7516176926ff0f7c04038156016be4b0d	doc		Heodo
2020-10-21 15:50:15	9108ca23d908dda4dec8fb03dc119e054b45ac8bef157933a4034f5992ca7ce7	doc		Heodo