URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: 146.56.118.137
Firstseen:2024-09-10 18:45:05 UTC
Total malware sites :20
Online malware sites :0 (0%)
Offline Malware sites :20 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2024-09-10 18:45:12 146.56.118.137Not listedAS31898 ORACLE-BMC-31898- KRyes

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2025-01-28 16:34:08http://146.56.118.137/7zr.exeOfflineopendir Riordz
2025-01-28 16:34:07http://146.56.118.137/z.zipOfflineopendir Riordz
2025-01-28 16:34:06http://146.56.118.137/tpm2emu.exeOfflineopendir Riordz
2024-11-06 07:25:15http://146.56.118.137/c1.exeOfflineCobalt strike ext opendir abus3reports
2024-11-06 07:25:14http://146.56.118.137/c2.exeOfflineCobalt strike ext opendir abus3reports
2024-11-06 07:25:13http://146.56.118.137/sam.exeOfflineopendir abus3reports
2024-11-06 07:25:12http://146.56.118.137/msf.exeOfflineCobalt strike ext Metasploit opendir abus3reports
2024-11-06 07:25:12http://146.56.118.137/c3.exeOfflineCobaltStrike ext opendir abus3reports
2024-11-06 07:25:11http://146.56.118.137/calc.binOfflineopendir abus3reports
2024-11-06 07:25:11http://146.56.118.137/st.exeOfflineopendir abus3reports
2024-11-06 07:25:11http://146.56.118.137/s.exeOfflineopendir abus3reports
2024-11-06 07:25:11http://146.56.118.137/c.binOfflineopendir abus3reports
2024-11-06 07:25:06http://146.56.118.137/msf.cOfflineopendir abus3reports
2024-11-06 07:25:06http://146.56.118.137/py.txtOfflineopendir abus3reports
2024-11-06 07:25:06http://146.56.118.137/shell.wdsOfflineopendir abus3reports
2024-11-06 07:25:06http://146.56.118.137/nohup.outOfflineopendir abus3reports
2024-10-17 15:22:05http://146.56.118.137/m8.binOfflineexploit marte abus3reports
2024-10-16 17:38:14http://146.56.118.137/cdb.exeOfflineexe abus3reports
2024-10-16 17:38:12http://146.56.118.137/m8.exeOfflineexe meterpreter abus3reports
2024-09-10 18:45:12http://146.56.118.137/32.exe.txtOfflineMetasploit meterpreter Riordzz

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2025-01-28 16:34:0872c98287b2e8f85ea7bb87834b6ce1ce7ce7f41a8c97a81b307d4d4bf900922bexe  
2025-01-28 16:34:075abf47f3cb15eb8f8322f2ee108cd6e949ebd8512c9d26adcbc7f9c6891e8eca7z  
2025-01-28 16:34:06d033e60cb36e2d0f46b89886d0e6bb55964c8e5a6d11f5d860da530c00f71fa6exe 
2024-11-06 07:25:151490105c73976217f35fe31d65939d1d9711d370c61f3d7d892afbb07eaaec63exeCobalt Strike
2024-11-06 07:25:14eb99203676d28f1339f2b606162d1cf7c9a1ab43b6025eeb45012493d2e76327exeCobalt Strike
2024-11-06 07:25:13b9ef9df1d52d9cc69f95c7b8ea9ba339d3e81bba7f8e3a9b542c7b1287630bf6exe  
2024-11-06 07:25:126090b7a906bf8c39d5b0fac9c383305388d478615585d5fd03e9c709834706eaexeCobaltStrike
2024-11-06 07:25:12e1579bd0d471cdfbcadbb1b27454da080a6a5e13021033208b7592ccea607320exeMetasploit
2024-11-06 07:25:11a3c7de8df765b6eeba0b7e4e32192d120911a065c26e5034a0a98a454478e7c8exe 
2024-11-06 07:25:1170488c62e7f56badbde76fb5a5d69fa6d7c1d4243f4a256106a7de2e5b4253caunknown  
2024-11-06 07:25:1154789a9f7db7e8d3688be22d062dc7508ea7dc180320b2b7d05dc11d0c49862aexe 
2024-11-06 07:25:101f23e8e87de4400735db4cb06207c448c79132103e343fc92e2c1589e63e6e80unknown  
2024-10-17 15:22:0588064dda40ccb17d2165dfdec2088f8e2e592746a9279daf58f7170c5c64691dunknown  
2024-10-16 17:38:14cffca467b6ff4dee8391c68650a53f4f3828a0b5a31a9aa501d2272b683205f9exe 
2024-10-16 17:38:1052f78705595a735b445c5853e2aebe03cc87a0e50a983605cb01e1532e7a3affexeMeterpreter
2024-09-10 18:45:088e5e4282481737796b9c14486cb4626caeaa9508dec94f134662e36c9a15fd12exe Meterpreter