URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2020-02-03 12:05:49	91.234.33.3	thehost.ua	Not listed	AS56485 THEHOST-AS	UA	no
2020-01-28 06:45:07	91.234.32.170	s5.thehost.com.ua	Not listed	AS56485 THEHOST-AS	UA	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2020-01-28 06:45:07	http://test-page.freedomain.thehost.com.ua/wp-c...	Offline	doc emotet epoch2 heodo	spamhaus

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2020-01-29 17:40:48	135e6e64bd7742b372ada6b825319eb55fa6081a563f2bb5b8c41b146badb7e9	doc		Heodo
2020-01-29 14:59:57	297fd91043a8029b8962d475697106ba99591e11fd9a12213f50dc4df365404b	doc
2020-01-29 13:28:29	caeb63c281928fabb08a3fd9e2dc5ce013153975c7c123520486b8659e018454	doc
2020-01-29 11:58:24	c39aa63290c4b66475a91f31655d381cb05d871f118ec9c5128f64d19dadd59f	doc		Heodo
2020-01-29 07:23:24	467e2a0184aeb5583dfcaff28844919d93845accbdcb0653479291fa4254ae99	doc		Heodo
2020-01-28 10:40:16	bb1ba015ebe3d9ec7bba784e8c90faa20f9347ee104985cf5ad466c7b6839cbe	doc		Heodo
2020-01-28 07:59:14	16f1beee6ccaca78348db5391555130ae143617366ccf7c1e9a6351c50e9cf6c	doc		Heodo
2020-01-28 06:49:23	7f1d1727e4dcedd806a776ecae2c08e5505978dfb4bacf2063fda4124409371e	doc
2020-01-28 06:45:07	3edc9bba3f5242ce9b40b5416426d15ac6d200b37b6a0681bb9da24b8ebff42d	doc		Heodo