URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	th-web.winchat8.com
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Blocked
Control D HaGeZi :	Not blocked
Firstseen:	2020-10-17 00:13:03 UTC
Total malware sites :	1
A record(s) observed :	6

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	SBL	ASN	Country	Active?
2025-04-27 21:15:16	188.114.96.3	Not listed	AS13335 CLOUDFLARENET	n/a	yes
2025-04-27 21:15:16	188.114.97.3	Not listed	AS13335 CLOUDFLARENET	n/a	yes
2021-01-15 00:45:30	104.21.54.37	Not listed	AS13335 CLOUDFLARENET	n/a	no
2020-10-17 00:13:05	172.67.223.31	Not listed	AS13335 CLOUDFLARENET	n/a	no

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2020-10-17 00:13:05	http://th-web.winchat8.com/ahpmsnheo1/0xldl5pmy...	Offline	doc emotet epoch2 heodo	Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2020-10-17 08:48:13	9fddabb44e0d01bdc8e0886790e1e34059ac1aedbe3faf4cdfa66bf9dec923cb	doc	Heodo
2020-10-17 08:05:30	797ebeb27b3af7fa872d899601baf807800f85a84371fbee97e2232f841c4ae4	doc	Heodo
2020-10-17 07:33:34	8b422df815c80e86241a4670a69918c21bf0fbdde61aaa753f84e0af70d9f4a4	doc	Heodo
2020-10-17 06:36:25	82886986ef5507c85b6e17a8904a70bb3b67212863f5f835fa7bc3392d070f80	doc	Heodo
2020-10-17 06:26:52	58945b2729339cb8db084de7ca7c3197dc009fa50097bcdf716d8b0c3d125a19	doc	Heodo
2020-10-17 06:00:35	3ad213e4b7d2660593144245f06a9ba71b10e326cbf5996b2f632ed5457e77d7	doc	Heodo
2020-10-17 05:44:29	6d5ed047cba0f40a2bd108fdb285520a5590c29ac64b7a9d32a20719905f1e7c	doc	Heodo
2020-10-17 05:25:20	d718b0058aaa9406fd6bfdf6d7f13e8963789c2c0b331e70fd6e8edd6b1f22eb	doc	Heodo
2020-10-17 04:49:19	69e669abaf2af59fb872755c1dbaac25b25cc27d4dd460db7162fe8b3ebdb158	doc	Heodo
2020-10-17 04:13:42	7563b098e425087d70e59bc0ad1d712d39ec6286fc63eaa9a9eea68f9a7ede26	doc	Heodo
2020-10-17 03:55:06	2a73fb122ea506f3c1e9b1ce6acf917b3fd3c38b886848986007c1a0e57a91b9	doc	Heodo
2020-10-17 03:28:04	d1e952f7b8eac274a9eb54c0ce6e8c6542aaa16cbdf7345c10c79852c2d5bd0d	doc	Heodo
2020-10-17 03:00:45	cc0b6720262ce77c846acb19ec1f31511f0f465f1bfd03bd5e8bfb3c6b3e9828	doc	Heodo
2020-10-17 02:34:20	bb96b8f7ca8418e8d16ada7ed78c33abe3bd24d7ca843033cc73e73e4c606fda	doc	Heodo
2020-10-17 01:50:38	cad389f338446345616f9a4f005b47f186be55fdd914d1b88f42bc4f26220685	doc	Heodo
2020-10-17 01:30:10	eb06448eea7b0d73132945671275ea572688e13de195a89974d8315900ff8cb7	doc	Heodo
2020-10-17 01:01:22	5990f98a0aeffb24181deb144a8519e54f7695794e545b9ba0cb52fe28e3f987	doc	Heodo
2020-10-17 00:39:28	72bc6543f22de398e1374caed638e9a1d24ec0b37a5fa9b5ac10ade7559ab839	doc	Heodo
2020-10-17 00:13:04	c40e490d1149a43b982a7c65d5f04d36117a86623374f75bf8d47f31090f8b18	doc	Heodo