URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2023-09-26 12:35:07	103.38.236.46		Not listed	AS149148 PHUHAIPC-VN	VN	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2023-09-26 12:35:10	http://103.38.236.46/ntpvip.exe	Offline	AsyncRAT	JAMESWT_MHT
2023-09-26 12:35:09	http://103.38.236.46/ntp.zip	Offline		JAMESWT_MHT
2023-09-26 12:35:07	http://103.38.236.46/3ntp.docx.zip	Offline	StormKitty	JAMESWT_MHT
2023-09-26 12:35:07	http://103.38.236.46/ntp.txt	Offline		JAMESWT_MHT
2023-09-26 12:35:07	http://103.38.236.46/Payload.zip	Offline		JAMESWT_MHT
2023-09-26 12:35:07	http://103.38.236.46/archive/usertp.exe	Offline	AsyncRAT	JAMESWT_MHT
2023-09-26 12:35:07	http://103.38.236.46/tienphouk.pdf.zip	Offline		JAMESWT_MHT

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2023-09-26 12:35:10	3261879a2aa9272d761dd5888c89646259d99d4008b28715b363c654230a3df3	exe		AsyncRAT
2023-09-26 12:35:08	ff995449039b12666054de503dc9fe5802b4a6e688277eeb06e8d36624dfd7a2	zip
2023-09-26 12:35:07	1847cad333bbf5e2fdadafe6866637240eb05691993eac01462e6adfa071ecd0	zip		StormKitty
2023-09-26 12:35:07	a8d18fac09af0d5bf4c988ee2189dd4829768f108c960992b6c612c2aa1990bd	zip
2023-09-26 12:35:07	68c2a97252cfef191ad5dd8fd7facd69019f2592eadc8b86cfbae04daf92c56e	exe		AsyncRAT
2023-09-26 12:35:07	e54c2e47c2410718663472035c0df5a8b722c11199c62a03ee959d6b83a5fdba	zip