URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-11-04 19:49:51	117.122.125.107	speakers.vnnic.vn	Not listed	AS24066 VNNIC-AS-VN	VN	yes
2022-04-03 19:28:12	139.162.55.23	139-162-55-23.ip.linodeusercontent.com	Not listed	AS63949 AKAMAI-LINODE-AP	SG	no
2022-03-12 03:29:30	172.105.118.10	172-105-118-10.ip.linodeusercontent.com	Not listed	AS63949 AKAMAI-LINODE-AP	SG	no
2021-10-28 15:11:10	172.104.48.236	172-104-48-236.ip.linodeusercontent.com	Not listed	AS63949 AKAMAI-LINODE-AP	SG	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-01-12 03:55:11	http://tbtech.vn/b/HM107/	Offline	emotet epoch4 redir-doc	Cryptolaemus1
2022-01-12 03:55:11	http://tbtech.vn/b/HM107/?i=1	Offline	doc emotet epoch4 heodo SilentBuilder	Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2022-01-12 04:59:34	aa65a34067b0c50e89c1078d0c7ff08de43e5036241404574f846265de6ff6bd	xls		Heodo
2022-01-12 04:31:40	ab506a8e25b64558a0069af7f78035c4ae3848d8873a5ddd3542d01d2e195565	xls		Heodo
2022-01-12 04:12:52	d57efe94adedaeac797cbb79d71e10325536f42c27c9cf5154fddaeb7bc797be	xls		Heodo
2022-01-12 03:55:11	69d914c90cf0989ec8e8768147233a564f1169a25671b09bc9a82881e1d74511	html
2022-01-12 03:55:11	441669b9a3767d3fe26e857bc4cf46626a3cd23843a551f7e0182b2cf5cf2a4f	xls		SilentBuilder