URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-04-30 05:45:02	8.218.118.157		Not listed	AS45102 ALIBABA-CN-NET	HK	yes
2020-08-12 11:07:11	129.204.0.152		Not listed	AS45090 TENCENT-NET-AP	CN	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2020-08-12 11:07:11	http://zanxcx.com/wp-content/qwcrp7w/7py4747216...	Offline	doc emotet epoch2 heodo	spamhaus

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2020-08-12 16:42:54	dd4525e6914fa0fd2f91bde41f2df30ef8857b9f08c19e0a106ec78098ab63c1	doc		Heodo
2020-08-12 16:24:50	1b43dacaa3825888c4583607901a5fad687f60840690fa8dfb7b5ab72e28c27a	doc		Heodo
2020-08-12 15:53:58	c99e3c74dfec6465026a494216c1ac797697cb816f37baa98d571a089dacb73a	doc		Heodo
2020-08-12 14:21:12	4020a8982e70b51b150cd40a837ea5dfceb35f0a6c9f9858b3fae5e00404ae62	doc		Heodo
2020-08-12 14:05:02	1f1a6a0dbefcc80a0303cdd5d9efc76784286fe3003a19b0e1ca9e0da6b7d030	doc		Heodo
2020-08-12 13:44:33	555eec27e492447bbe5bb1313613ba7edda123de03e384227bf9440ec1965da9	doc		Heodo
2020-08-12 13:33:41	d49ceafe59b20372032a83bee0b04f5ea7bc91c92258d386bac309f97206627c	doc		Heodo
2020-08-12 12:13:53	ae3f98c31cbf01b3809feeb57990ae8270686b4e716f2c8971f8408ca1676532	doc		Heodo
2020-08-12 11:07:11	92fe2e08d235d92a0378e842d305b9250f77f306642def6eab93a7bba7e5d542	doc		Heodo