URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	1.94.97.137
Firstseen:	2023-11-26 14:57:03 UTC
Total malware sites :	18
Online malware sites :	0 (0%)
Offline Malware sites :	18 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2023-11-26 14:57:07	1.94.97.137	ecs-1-94-97-137.compute.hwclouds-dns.com	Not listed	AS55990 HWCSNET	CN	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2024-01-13 06:06:54	http://1.94.97.137:8000/cobalt_strike_4.7_www.d...	Offline	CobaltStrike jar	adm1n_usa32
2024-01-13 05:59:30	http://1.94.97.137:8000/PSTools/psfile.exe	Offline		adm1n_usa32
2024-01-13 05:58:14	http://1.94.97.137:8000/cobalt_strike_4.7_www.d...	Offline	CobaltStrike jar	adm1n_usa32
2024-01-13 05:54:43	http://1.94.97.137:8000/PSTools/pssuspend.exe	Offline		adm1n_usa32
2024-01-13 05:54:34	http://1.94.97.137:8000/PSTools/psping.exe	Offline		adm1n_usa32
2024-01-13 05:54:31	http://1.94.97.137:8000/PSTools/pslist.exe	Offline		adm1n_usa32
2024-01-13 05:54:24	http://1.94.97.137:8000/PSTools/psloglist.exe	Offline		adm1n_usa32
2024-01-13 05:54:12	http://1.94.97.137:8000/PSTools/pskill.exe	Offline		adm1n_usa32
2024-01-13 05:53:50	http://1.94.97.137:8000/PSTools/PsExec.exe	Offline	exe	adm1n_usa32
2024-01-13 05:53:48	http://1.94.97.137:8000/PSTools/psshutdown.exe	Offline		adm1n_usa32
2024-01-13 05:53:39	http://1.94.97.137:8000/PSTools/pspasswd.exe	Offline		adm1n_usa32
2024-01-13 05:53:35	http://1.94.97.137:8000/PSTools/PsInfo.exe	Offline		adm1n_usa32
2024-01-13 05:53:12	http://1.94.97.137:8000/PSTools/PsService.exe	Offline		adm1n_usa32
2024-01-13 05:53:09	http://1.94.97.137:8000/PSTools/PsGetsid.exe	Offline		adm1n_usa32
2024-01-13 05:53:09	http://1.94.97.137:8000/PSTools/PsLoggedon.exe	Offline		adm1n_usa32
2023-11-26 14:58:23	http://1.94.97.137:8000/PsExec.exe	Offline		abus3reports
2023-11-26 14:58:12	http://1.94.97.137:8000/64_6666.exe	Offline	meterpreter	abus3reports
2023-11-26 14:57:07	http://1.94.97.137:8000/axx.exe	Offline	CobaltStrike	abus3reports

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2024-01-25 07:11:45	0c902ce2df6616f859337d5262bad20feda402aa2fff6d650c308ceea7c0f765	zip
2024-01-25 07:11:44	e6ba4e961e5d0e08fac98676bf42ebe0823d5b83efaa977247d7f4db107a5bb5	exe
2024-01-25 07:11:43	796e27d2c1740fe728d3daf7c63e1689278e0dfabcfbea8b2cc99516e5cbb195	exe
2024-01-25 07:11:39	513f84e1174150fb623d21d3489233eba6665e9f074e1a85033ffa23a0cb3913	zip
2024-01-25 03:23:38	765adb5b853a950fc70c2596a4c2bd89a07eb715882a86906201e83b6fbe05bb	zip
2024-01-24 12:12:43	c6242d44adb8e2d05857bfc6fbcf7991d11cc64528e67a43a7146841b7b609cd	exe
2024-01-24 11:26:15	38225c944054a0c174e1cbba405fa2fb607ff7a78ca3095e54d5ce8fa522c5c5	exe
2024-01-24 06:19:34	a55dc36e03b16c79b9037f89ddac4318bf9b2fc113f5b1fb3fa72f3e6f572044	zip
2024-01-23 14:29:12	1bdd5e709ff102341e43a928b3d57796bc0fc9c395b9dc7540911b664ea8d7ba	zip
2024-01-23 10:05:47	4ea3dd52523ec8de26268f3381f4bdf3c433486e4e8de103c4b42b9c753ee773	zip
2024-01-23 10:01:26	ab65a18783b00c3b2627c45365706197a4ad25a70a65739665350f0bb3f7932f	zip
2024-01-21 01:00:33	d152c72cb4a157e4c47c21614faba9f97c95a07168a408d22a7bf7c968598467	zip
2024-01-20 22:01:27	849df22891b3cf3d2ec4b4aa3efd8a955b764e2e87da3999ba58fad90dfc3b8d	exe
2024-01-20 17:03:37	55f1de888ab45b3169b1000c1673e3c61b25c0c08e343b7b302b067efc08e098	exe
2024-01-14 04:11:23	d01571dfc95d39ebc3befdf691d2ce2183c84b82fc7d46904efe63c41222fc0f	zip	CobaltStrike
2024-01-13 08:35:52	7794fe069e5166fc40b877f6fbe5b675d6ded7290fc4961058cfffa01b8e0008	zip
2024-01-13 07:08:06	7bf634e0d7a0b311e08ad0d0d453628f4fd559bcdd4bf9f05744571bc0e0f885	exe
2024-01-13 05:59:30	7bf634e0d7a0b311e08ad0d0d453628f4fd559bcdd4bf9f05744571bc0e0f885	exe
2024-01-13 05:54:43	7bf634e0d7a0b311e08ad0d0d453628f4fd559bcdd4bf9f05744571bc0e0f885	exe
2024-01-13 05:54:34	7bf634e0d7a0b311e08ad0d0d453628f4fd559bcdd4bf9f05744571bc0e0f885	exe
2024-01-13 05:54:31	7bf634e0d7a0b311e08ad0d0d453628f4fd559bcdd4bf9f05744571bc0e0f885	exe
2024-01-13 05:54:24	7bf634e0d7a0b311e08ad0d0d453628f4fd559bcdd4bf9f05744571bc0e0f885	exe
2024-01-13 05:54:12	7bf634e0d7a0b311e08ad0d0d453628f4fd559bcdd4bf9f05744571bc0e0f885	exe
2024-01-13 05:53:50	7bf634e0d7a0b311e08ad0d0d453628f4fd559bcdd4bf9f05744571bc0e0f885	exe
2024-01-13 05:53:48	7bf634e0d7a0b311e08ad0d0d453628f4fd559bcdd4bf9f05744571bc0e0f885	exe
2024-01-13 05:53:35	7bf634e0d7a0b311e08ad0d0d453628f4fd559bcdd4bf9f05744571bc0e0f885	exe
2024-01-13 05:53:12	7bf634e0d7a0b311e08ad0d0d453628f4fd559bcdd4bf9f05744571bc0e0f885	exe
2024-01-13 05:53:09	7bf634e0d7a0b311e08ad0d0d453628f4fd559bcdd4bf9f05744571bc0e0f885	exe
2024-01-13 05:53:09	7bf634e0d7a0b311e08ad0d0d453628f4fd559bcdd4bf9f05744571bc0e0f885	exe
2023-11-26 14:58:23	7bf634e0d7a0b311e08ad0d0d453628f4fd559bcdd4bf9f05744571bc0e0f885	exe
2023-11-26 14:58:10	91429407c3dcd1947735028b7b8632187edd45bbd0e19b7ae64a9a86574c3186	exe	Meterpreter
2023-11-26 14:57:06	a38d5972dfa2fda1c5416ac91034c36462586575097d8b46775b2e689e5d9496	exe	CobaltStrike