URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	176.122.27.90
Firstseen:	2024-12-13 08:48:04 UTC
Total malware sites :	21
Online malware sites :	11 (52%)
Offline Malware sites :	10 (48%)
Newest active malware site :	2025-11-08 12:07:07 UTC
Oldest active malware site :	2025-11-08 12:06:06 UTC (Age: 15 days, 23 hours, 29 minutes)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2024-12-13 08:48:07	176.122.27.90		Not listed	AS48096 ITGRAD	RU	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-11-08 12:07:07	http://176.122.27.90/http.server/tmp4.elf	Online	GetShell opendir	BlinkzSec
2025-11-08 12:06:13	http://176.122.27.90/http.server/elf.exe	Online	meterpreter opendir	BlinkzSec
2025-11-08 12:06:13	http://176.122.27.90/http.server/temp.elf	Online	ConnectBack opendir	BlinkzSec
2025-11-08 12:06:06	http://176.122.27.90/http.server/tmp5.elf	Online	Metasploit opendir	BlinkzSec
2025-11-08 12:06:06	http://176.122.27.90/123.bin	Online	meterpreter opendir	BlinkzSec
2025-11-08 12:06:06	http://176.122.27.90/http.server/tmp.exe	Online	meterpreter opendir	BlinkzSec
2025-11-08 12:06:06	http://176.122.27.90/http.server/sup.exe	Online	meterpreter opendir	BlinkzSec
2025-11-08 12:06:06	http://176.122.27.90/http.server/reverse.elf	Online	ConnectBack opendir	BlinkzSec
2025-11-08 12:06:06	http://176.122.27.90/http.server/tmp1.elf	Online	Metasploit opendir	BlinkzSec
2025-11-08 12:06:06	http://176.122.27.90/http.server/sys.exe	Online	meterpreter opendir	BlinkzSec
2025-11-08 12:06:06	http://176.122.27.90/http.server/tmp.elf	Online	ConnectBack opendir	BlinkzSec
2024-12-17 07:01:23	http://176.122.27.90:9999/sup.exe	Offline	meterpreter	abus3reports
2024-12-17 07:01:18	http://176.122.27.90:9999/sys.exe	Offline	meterpreter	abus3reports
2024-12-17 07:01:13	http://176.122.27.90:9999/elf.exe	Offline	meterpreter	abus3reports
2024-12-13 08:50:07	http://176.122.27.90:9999/tmp.elf	Offline	ConnectBack elf malware Metasploit opendir	Joker
2024-12-13 08:49:06	http://176.122.27.90:9999/temp.elf	Offline	ConnectBack elf malware Metasploit opendir	Joker
2024-12-13 08:48:07	http://176.122.27.90:9999/tmp5.elf	Offline	elf malware Metasploit opendir	Joker
2024-12-13 08:48:07	http://176.122.27.90:9999/tmp.exe	Offline	elf malware Metasploit meterpreter opendir	Joker
2024-12-13 08:48:07	http://176.122.27.90:9999/tmp4.elf	Offline	elf GetShell malware Metasploit opendir	Joker
2024-12-13 08:48:07	http://176.122.27.90:9999/tmp1.elf	Offline	elf malware Metasploit opendir	Joker
2024-12-13 08:48:07	http://176.122.27.90:9999/reverse.elf	Offline	ConnectBack elf malware Metasploit opendir	Joker

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2025-11-08 12:07:07	ac3f9676d7ad6c8964dfdd08d02c03e35ee8bcbec85e69704d893e5ce9c201e6	elf	GetShell
2025-11-08 12:06:13	053542ef7ed95b8bb4cc040e732cf4fad01e24c3a60b3b1c3b1c794b6bcf8d55	exe	Meterpreter
2025-11-08 12:06:12	13071bfbab50392760533f3f0b0f137808ef67852ce92ef6eddb9155266ec066	elf	ConnectBack
2025-11-08 12:06:06	448e0fc4cf6c14b29d710aff969b8b503f1e37d48e54d11cb7d3e97998c027fb	elf	Metasploit
2025-11-08 12:06:06	2aedff96fbbdf9b8ff5c973a011de14b98f49b8e2f4e38a2676fdc0f49274910	dll	Meterpreter
2025-11-08 12:06:06	d459bd8e6ababe027af56fc683181351be1d4ad230da087e742aaef5c0979811	exe	Meterpreter
2025-11-08 12:06:06	d46988f81eb72e8587a297dfb345ea39eba96a9ba248041424fd8e2191a49cf7	exe	Meterpreter
2025-11-08 12:06:06	5b1f63d14a2fcfa377f101f9db31a5ba6e415795a2f1c2869946430155b6f626	elf	ConnectBack
2025-11-08 12:06:06	e134c4df61f494f43fe6fece16a1b8b33e69f022dab25df995c0e09468785edc	elf	Metasploit
2025-11-08 12:06:06	8d8f1b404e0e59a6ca4bf5f19120d8d89dd8a412d7516d900f53a004a6f02fee	exe	Meterpreter
2025-11-08 12:06:06	6fd4de5b20bb60bbc9d1cdc1619c2647652c08f454c96f927283af796cf1cf3e	elf	ConnectBack
2024-12-17 07:01:22	d46988f81eb72e8587a297dfb345ea39eba96a9ba248041424fd8e2191a49cf7	exe	Meterpreter
2024-12-17 07:01:17	8d8f1b404e0e59a6ca4bf5f19120d8d89dd8a412d7516d900f53a004a6f02fee	exe	Meterpreter
2024-12-17 07:01:13	053542ef7ed95b8bb4cc040e732cf4fad01e24c3a60b3b1c3b1c794b6bcf8d55	exe	Meterpreter
2024-12-13 08:50:07	6fd4de5b20bb60bbc9d1cdc1619c2647652c08f454c96f927283af796cf1cf3e	elf	ConnectBack
2024-12-13 08:49:06	13071bfbab50392760533f3f0b0f137808ef67852ce92ef6eddb9155266ec066	elf	ConnectBack
2024-12-13 08:48:06	448e0fc4cf6c14b29d710aff969b8b503f1e37d48e54d11cb7d3e97998c027fb	elf	Metasploit
2024-12-13 08:48:06	d459bd8e6ababe027af56fc683181351be1d4ad230da087e742aaef5c0979811	exe	Meterpreter
2024-12-13 08:48:06	ac3f9676d7ad6c8964dfdd08d02c03e35ee8bcbec85e69704d893e5ce9c201e6	elf	GetShell
2024-12-13 08:48:06	e134c4df61f494f43fe6fece16a1b8b33e69f022dab25df995c0e09468785edc	elf	Metasploit
2024-12-13 08:48:06	5b1f63d14a2fcfa377f101f9db31a5ba6e415795a2f1c2869946430155b6f626	elf	ConnectBack