URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2021-02-09 03:16:28	128.199.50.241		Not listed	AS14061 DIGITALOCEAN-ASN	NL	yes
2020-11-14 08:26:50	167.172.35.119		Not listed	AS14061 DIGITALOCEAN-ASN	NL	no
2020-10-16 18:04:04	85.95.237.132	unix8a.ixirhost.com	Not listed	AS206991 IXIR	TR	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2020-10-16 18:04:04	http://www.entegrasyonyazilim.com/yaznet/Docume...	Offline	doc emotet epoch2 heodo	Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2020-10-16 20:55:54	1c3dd09ac057aa6b432e637992b2d3f2dac3ec4212fbd51771b0bfd7be470110	doc		Heodo
2020-10-16 20:39:29	0592df728f9353ff5f892eba34b3e4a89511bebcf05071738614f9c16c4c640a	doc		Heodo
2020-10-16 20:10:56	9051dea430fb5eea96e34f2c938f3eaa2e672eeb73fa5d8ee44680ec0b906f26	doc		Heodo
2020-10-16 19:41:37	ba25bd51dddd6e6b5f359d2e79ac6cafab5ec98ac623f412764253be9e449833	doc		Heodo
2020-10-16 19:26:25	ebb3b2f3e028448f7177bbd45d2de8b72115e600efa71bc4f649ef66cb30e2be	doc		Heodo
2020-10-16 19:04:05	70a35d75979116a3deb5a05fd800b019ce1a1e3cfa73a22c3e547f5fdfc702d6	doc		Heodo
2020-10-16 18:37:56	b790075cf1b5ae9592d7b61d5513b6b4ae15e0df4e08226b9152f878e0ef49b3	doc		Heodo
2020-10-16 18:04:04	77cdfff917a2408f0ee9abbc0f607fe7cb8967b25ea422571c36ad69debc73e2	doc		Heodo