URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2021-01-05 16:56:07	54.234.16.39	ec2-54-234-16-39.compute-1.amazonaws.com	Not listed	AS16509 AMAZON-02	US	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-01-05 16:56:07	http://twtech.com.br/wp-includes/AdoFymYOtKzMCP...	Offline	doc emotet epoch2 heodo	Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2021-01-05 18:27:59	62e74ce72095ea7b31c0afa3b8730fdbd7efb75dd60899a64f4879bca64d396f	doc		Heodo
2021-01-05 18:16:14	6eeffb79f8c4aa26fe40db3e13ce97d3fc0401bb06b16362301bde1524534f16	doc		Heodo
2021-01-05 18:08:49	4e3a0ad4ce849705cfb0b25ceb1b9447b104129bf30552f0fe1591fac04a39a5	doc		Heodo
2021-01-05 17:51:21	a8713fbee086f687f8bd38ea51497a24ef912675ebdd1738a8d2190f980d6b57	doc		Heodo
2021-01-05 17:41:17	e988587a9306a7454ba6dd4d9d1797f145d62cec0d590d00cc35e756a99e48f8	doc		Heodo
2021-01-05 17:29:09	9fbb1d6a78d460235c15cd965c206905604e198b8e8dbfb02bac8d5c2582cfa6	doc		Heodo
2021-01-05 17:20:46	afac66c125f46ce3c87f0613ef483fd0c8b46478b68498cccd087563fb8b7e43	doc		Heodo
2021-01-05 17:04:00	b7ab6e42f85864cffbabbd1238bb6ec2054478a1b89e8cf59d519bc07f6ac543	doc		Heodo
2021-01-05 16:56:06	a2790bfeafea9f12eea6a40da413d84e2517341f83f83c18ef5dc7f8fb9e4722	doc		Heodo