URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-11-01 13:11:26	116.203.2.213	visualcom.logikamentevps.it	Not listed	AS24940 HETZNER-AS	DE	yes
2020-09-30 10:49:49	213.152.204.68	voltron.pensareweb.com	Not listed	AS13182 ASN-ADHOC-NETWORK	IT	no
2020-09-29 22:24:06	213.152.204.17	sayaka.xtsystem.it	Not listed	AS13182 ASN-ADHOC-NETWORK	IT	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2020-09-29 22:24:06	http://www.degrea.com/wp-admin/payment/z14xz620...	Offline	doc emotet epoch2 heodo	Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2020-09-30 06:43:48	0c169d8b50436ffcfc67dc75e5a8534829a932697bf5e79107b4ecc423e227f9	doc		Heodo
2020-09-30 06:15:52	0a2e10583a6c70298eb3c353e0a15ebd98c8a9ae09db8e6cc9cef513e39c95dc	doc		Heodo
2020-09-30 05:57:20	fc6f0ac3e38b970866e30342911b1f72bc2a028a33a093badc8c5694321d5808	doc		Heodo
2020-09-30 05:29:34	24e3ba16d86892e3c786b97123151b7a2294602a61bafd3c546475d0597a2a37	doc		Heodo
2020-09-29 23:37:02	ad21f91ac048eeb669e0a9cc8199225d755cf89a9f5d79d7fb39ef2659f04a9b	doc		Heodo
2020-09-29 23:15:15	f3156f2dd9bbd4c0f1164e92165433c3f689d7777297b5149c47299dfbb1d840	doc		Heodo
2020-09-29 22:44:10	d59faf29c8fe5f632a3b7d91802b08434241b502d47b2bcdf2276dc68e4e7d48	doc		Heodo
2020-09-29 22:24:06	a7bac9b6662da2eb4c3fa6f12c10d790ab6b8ef1735241fcd2a4d35a152a8965	doc		Heodo