URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: spearllc.com
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
ProtonDNS :Not blocked
OpenBLD :Blocked
DNS4EU :Blocked
Control D HaGeZi :Not blocked
Firstseen:2018-05-18 10:39:03 UTC
Total malware sites :15
Online malware sites :0 (0%)
Offline Malware sites :15 (100%)
A record(s) observed :4

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2025-04-27 10:37:29 15.197.148.33a2aa9ff50de748dbe.awsglobalaccelerator.comNot listedAS16509 AMAZON-02- USyes
2025-04-27 10:37:29 3.33.130.190a2aa9ff50de748dbe.awsglobalaccelerator.comNot listedAS16509 AMAZON-02- USyes
2018-08-17 00:30:36 50.63.197.10p3nw8shg370.shr.prod.phx3.secureserver.netNot listedAS26496 AS-26496-GO-DADDY-COM-LLC- USno
2018-05-18 10:39:17 184.168.27.3333.27.168.184.host.secureserver.netNot listedAS26496 AS-26496-GO-DADDY-COM-LLC- USno

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2018-06-28 05:36:59http://spearllc.com/_dsn/STATUS/Past-Due-invoiceOfflineemotet ext heodo ext p5yb34m
2018-06-28 04:33:13http://spearllc.com/_dsn/STATUS/Past-Due-invoice/Offlineheodo ext JayTHL
2018-06-21 13:03:36http://spearllc.com/_dsn/ACCOUNT/tracking-numbe...Offlineemotet ext heodo ext Malware_News
2018-06-20 18:35:10http://spearllc.com/_dsn/ACCOUNT/tracking-numbe...Offlineheodo ext Malware_News
2018-06-18 16:32:03http://spearllc.com/ssfm/RECH/Ihre-Rechnung-vom...OfflineAgentTesla ext doc emotet ext epoch1 heodo ext Cryptolaemus1
2018-06-15 18:30:33http://spearllc.com/ssfm/ups.com/webtracking/mc...Offlineemotet ext heodo ext JayTHL
2018-06-15 15:42:19http://spearllc.com/_dsn/10-SNBG/New-payment-no...Offlineheodo ext JayTHL
2018-06-14 22:15:04http://spearllc.com/ssfm/IRS-TRANSCRIPTS-052T/1/Offlinedoc emotet ext epoch1 heodo ext Cryptolaemus1
2018-06-14 05:57:53http://spearllc.com/ssfm/ups.com/webtracking/mc...Offlinedoc emotet ext heodo ext DecayPotato
2018-06-12 13:34:07http://spearllc.com/_dsn/h54alb/Offlineemotet ext heodo ext payload Cryptolaemus1
2018-06-08 15:45:03http://spearllc.com/ssfm/ACCOUNT/Invoice-4863045/Offlinedoc emotet ext epoch1 heodo ext Cryptolaemus1
2018-06-05 00:55:44http://spearllc.com/_dsn/ups.com/WebTracking/EN...Offlinedoc emotet ext heodo ext Cryptolaemus1
2018-05-31 09:46:10http://spearllc.com/_dsn/Vos-facture-impayee-31...Offlinedoc emotet ext heodo ext c_APT_ure
2018-05-29 22:50:00http://spearllc.com/_dsn/ups.com/WebTracking/AO...Offlinedoc emotet ext heodo ext Cryptolaemus1
2018-05-18 10:39:17http://spearllc.com/_dsn/Paid-Invoices/Offlinedoc emotet ext heodo ext JAMESWT_MHT

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2018-06-15 20:10:33f5e86722c4805df0eba25b8d85607fe0ea03422c9e60b5a4f6285b0027f03582doc Heodo
2018-06-15 18:30:33a8ede5b4e9ad5f52a3c28142fa26a4c2caa2d9bd9e73aead41942d31986e4abedocHeodo
2018-06-15 15:00:3510b4c1ae0adc1a115d3912e20347e928100ed65741b74d9430004405644c8864doc Heodo
2018-06-14 05:57:53a8ede5b4e9ad5f52a3c28142fa26a4c2caa2d9bd9e73aead41942d31986e4abedocHeodo
2018-06-01 01:23:548edd3c1ec2f99deabfece7103676b493df26ee126e57855f7ee3ec50ced56086doc Heodo