URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: 89.197.168.148
Firstseen:2025-08-23 10:51:05 UTC
Total malware sites :55
Online malware sites :0 (0%)
Offline Malware sites :55 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2025-08-23 10:51:07 89.197.168.14889-197-168-148.virtual1.co.ukNot listedAS47474 Virtual1- GByes

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2026-01-09 13:08:59http://89.197.168.148/11_freyja.zipOfflineelf Mozi ext zip Anonymous
2026-01-09 13:07:34http://89.197.168.148/09_medusa.zipOfflineelf zip Anonymous
2026-01-09 13:07:06http://89.197.168.148/Calendar-Update.zipOfflineCoinMiner exe Anonymous
2025-08-23 10:52:12http://89.197.168.148/Backup.zipOfflineua-wget BlinkzSec
2025-08-23 10:51:18http://89.197.168.148/logs.vbsOfflineMetasploit ua-wget BlinkzSec
2025-08-23 10:51:17http://89.197.168.148/Office.exeOfflinemeterpreter ua-wget BlinkzSec
2025-08-23 10:51:17http://89.197.168.148/shortcut.zipOfflineua-wget BlinkzSec
2025-08-23 10:51:17http://89.197.168.148/Backup.exeOfflineMetasploit ua-wget BlinkzSec
2025-08-23 10:51:17http://89.197.168.148/Results.batOfflinebase64 Metasploit powershell ua-wget BlinkzSec
2025-08-23 10:51:15http://89.197.168.148/logs.zipOfflineua-wget BlinkzSec
2025-08-23 10:51:15http://89.197.168.148/Review.vbsOfflineMetasploit ua-wget BlinkzSec
2025-08-23 10:51:15http://89.197.168.148/Cloudshare.zipOfflineua-wget BlinkzSec
2025-08-23 10:51:15http://89.197.168.148/Sample.elfOfflineGetShell ua-wget BlinkzSec
2025-08-23 10:51:15http://89.197.168.148/Important.zipOfflineua-wget BlinkzSec
2025-08-23 10:51:15http://89.197.168.148/CovidPass.zipOfflineua-wget BlinkzSec
2025-08-23 10:51:15http://89.197.168.148/Trial.batOfflineMetasploit ua-wget BlinkzSec
2025-08-23 10:51:15http://89.197.168.148/Splunk.exeOfflinemeterpreter ua-wget BlinkzSec
2025-08-23 10:51:15http://89.197.168.148/windows11.zipOfflineua-wget BlinkzSec
2025-08-23 10:51:15http://89.197.168.148/Cloudshare.vbsOfflineMetasploit ua-wget BlinkzSec
2025-08-23 10:51:15http://89.197.168.148/Discount.vbsOfflineMetasploit ua-wget BlinkzSec
2025-08-23 10:51:15http://89.197.168.148/Important.txt.lnkOfflineua-wget BlinkzSec
2025-08-23 10:51:15http://89.197.168.148/Voucher.exeOfflineMetasploit ua-wget BlinkzSec
2025-08-23 10:51:15http://89.197.168.148/OfficeAccess.zipOfflineua-wget BlinkzSec
2025-08-23 10:51:15http://89.197.168.148/Training.zipOfflineua-wget BlinkzSec
2025-08-23 10:51:15http://89.197.168.148/lazagne.zipOfflineua-wget BlinkzSec
2025-08-23 10:51:15http://89.197.168.148/Target.zipOfflineua-wget BlinkzSec
2025-08-23 10:51:15http://89.197.168.148/TripVPN.zipOfflineua-wget BlinkzSec
2025-08-23 10:51:15http://89.197.168.148/UpdaterLOC.dllOfflineMetasploit ua-wget BlinkzSec
2025-08-23 10:51:15http://89.197.168.148/test.batOfflinebase64 Metasploit powershell ua-wget BlinkzSec
2025-08-23 10:51:15http://89.197.168.148/Review.zipOfflineua-wget BlinkzSec
2025-08-23 10:51:14http://89.197.168.148/TripVPN.exeOfflineMetasploit ua-wget BlinkzSec
2025-08-23 10:51:14http://89.197.168.148/Report.vbsOfflinePowerShellEmpire ua-wget BlinkzSec
2025-08-23 10:51:14http://89.197.168.148/Account.zipOfflineua-wget BlinkzSec
2025-08-23 10:51:14http://89.197.168.148/OfficeAccess.vbsOfflineMetasploit ua-wget BlinkzSec
2025-08-23 10:51:14http://89.197.168.148/Splunk.zipOfflineua-wget BlinkzSec
2025-08-23 10:51:13http://89.197.168.148/CovidPass.exeOfflineMetasploit ua-wget BlinkzSec
2025-08-23 10:51:13http://89.197.168.148/uac_bypass.vbsOfflineua-wget BlinkzSec
2025-08-23 10:51:13http://89.197.168.148/Importantt.txt.lnkOfflineua-wget BlinkzSec
2025-08-23 10:51:12http://89.197.168.148/mimikatz_bypass.vbsOfflineua-wget BlinkzSec
2025-08-23 10:51:12http://89.197.168.148/Training.vbsOfflineMetasploit ua-wget BlinkzSec
2025-08-23 10:51:12http://89.197.168.148/windows11.exeOfflinemeterpreter ua-wget BlinkzSec
2025-08-23 10:51:11http://89.197.168.148/BudgetPlan.zipOfflineua-wget BlinkzSec
2025-08-23 10:51:11http://89.197.168.148/Data.batOfflinebase64 Metasploit powershell ua-wget BlinkzSec
2025-08-23 10:51:11http://89.197.168.148/Results.zipOfflineua-wget BlinkzSec
2025-08-23 10:51:10http://89.197.168.148/Slack.batOfflineMetasploit ua-wget BlinkzSec
2025-08-23 10:51:10http://89.197.168.148/mimikatz.txt.lnkOfflineua-wget BlinkzSec
2025-08-23 10:51:09http://89.197.168.148/lazagne.batOfflinebase64 powershell PowerShellEmpire ua-wget BlinkzSec
2025-08-23 10:51:09http://89.197.168.148/Discount.zipOfflineua-wget BlinkzSec
2025-08-23 10:51:09http://89.197.168.148/Slack.zipOfflineua-wget BlinkzSec
2025-08-23 10:51:09http://89.197.168.148/Account.exeOfflinemeterpreter ua-wget BlinkzSec
2025-08-23 10:51:08http://89.197.168.148/Voucher.zipOfflineua-wget BlinkzSec
2025-08-23 10:51:08http://89.197.168.148/Accounts.exeOfflineMetasploit ua-wget BlinkzSec
2025-08-23 10:51:08http://89.197.168.148/Data.zipOfflineua-wget BlinkzSec
2025-08-23 10:51:08http://89.197.168.148/Office.zipOfflineua-wget BlinkzSec
2025-08-23 10:51:07http://89.197.168.148/Target.batOfflinebase64 Cobalt strike ext powershell ua-wget BlinkzSec

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2026-01-09 13:08:59b62063f4c058624fe494419df9f2f645dcfc0daf09108e24d9ef51be8b6f98a2zip  
2026-01-09 13:07:347379b4784cab2d185a394f3b10b297defa35b4833a53938c10e9534af9c64275zip  
2026-01-09 13:07:064d8ab93b0c080a058e88ff11dc66600fed66714ec6598e95b8a5bd65f08995d8zip  
2025-08-23 13:19:25b7c30801d6febaea892b7c62e725338fba7cb2a7d2ade94a451445b9351a4ceetxtCobalt Strike
2025-08-23 10:52:11d4c27fa8a00501f5b94404eb3829eb9e35e6d4e907ac8564f7606f0a7e037183zip  
2025-08-23 10:51:18da9a88ecb9765e86f41dc8dfe0e12cf753b6dd1eb8783a10372e07d165c94ff7txt Metasploit
2025-08-23 10:51:17f2decde2ad9b56abb32ec27ddba67860404c1919d30b387559cd043206229a78ps Metasploit
2025-08-23 10:51:174ceaa248fe2ac351d332f134b82cf14d4abea6243df7bb9ab5452f0b2b423790exe Metasploit
2025-08-23 10:51:176b69add038bd6372d4e4beba1b0f902714f954bf96b06ad93ad17fff54983510zip  
2025-08-23 10:51:171c1d5d13ca9b1bfcde3629776c31b61dfd4e5631d506fec8ae3d296a4f04a1f8exe Meterpreter
2025-08-23 10:51:1530c1a44847a988679b9d31ee9a5a05dcaba0191571bc7054569cfac2c351a8dbtxt Metasploit
2025-08-23 10:51:15f2041f79a3d5db9d0ffccfdac189f9ecef3ab3e0712b146d66176baedd278338zip  
2025-08-23 10:51:155e1a6c6bb9180dbbdb96739b1b5caf7ba2d9ba0f36daf0a207a467f0027c27efelfGetShell
2025-08-23 10:51:15ed4a5e5a8512385fc35062b9e1887efc9741bac0e377f791fc94f74430a8f04dzip  
2025-08-23 10:51:154bde7a7ca7d26d41cbb36d52015f56abede23708f8129fa638633988977b6f61zip  
2025-08-23 10:51:151ae5bccc24447fd6ecf4fe1f16b284af42332a248652253a774fbafb9c893813ps Metasploit
2025-08-23 10:51:15384147e5a09115536f6e419f2999f98bf41cd6b6998d28018271c57290351c8eexe Meterpreter
2025-08-23 10:51:150724bb4cf2ca73f0a495a493d1de1d0d6a3e60ff94b59186916242826f6e3609zip  
2025-08-23 10:51:1564601f60843f6aec285023493ee85a90e5914604e716ba3d607e4a2a90c29a08txt Metasploit
2025-08-23 10:51:15c631481da8dd93a3806614d1de47529114352a6d8175a53ed2f1b6635325d91ftxt Metasploit
2025-08-23 10:51:158ad607553a55378513a5d4abb10352de29a562e80d52a28bd63b809512e84089lnk  
2025-08-23 10:51:151a56fb47881bb4a9509b59dfd0768272feb76f9aecdac8c8fcce276b3cc0535cexe Metasploit
2025-08-23 10:51:15bfdfe90ed35a6724e3de0e32d8e8505e8f0e6cf571b4d2bd3be136dd82ae80d2zip  
2025-08-23 10:51:157acee85ffbcd9318e5c7db589244984d3d89c919fdcf62f8afa7b973cbf580a5zip  
2025-08-23 10:51:157ef9539cc1cf3884ebafbd63a22a047625a3e1908dbe804a7883bd8856806416zip  
2025-08-23 10:51:152ac292a6880f07e11e10ee99d931493e6dc18095faa8a148d8ae0c5cd753324czip  
2025-08-23 10:51:15426dae7bb088ec52ad5504100507a4937e3484569fc7ab4e0f11ba03d7de41eezip  
2025-08-23 10:51:154f21bcfc2293c1e5840cab543083bb19069e72b2dcaeb45e0acfde98c1a3f8d1dll Metasploit
2025-08-23 10:51:15493ebd6cddd1616b77cfaed17dd92f6cbc02c3f8b28b23dde65fe95350d94170zip  
2025-08-23 10:51:1448c668e232b344dda435759e456358da4e3d8c9ba062e7a267ae7d85f409f1e0txt Metasploit
2025-08-23 10:51:149a3497b7fb3cbc5cdf6471c5b567eefdfcc830e852823c6200ed92acf46f75bbzip  
2025-08-23 10:51:1462639eaf05dad0ea2ce23eb51e630390f8dffa4f5346c65e8a4f4f12ef9d22b3exe Metasploit
2025-08-23 10:51:1493fbf17f966abe2ffcd2680a95a383e35ec85c07a86b53536afc2c4581346c91txt PowershellEmpire
2025-08-23 10:51:143a069ab08c4b77a779e09d20317f41971747f31c0295bfdb5121300049302fbazip  
2025-08-23 10:51:14d8bb8c4e2bd050f63c21d4ec02c00804876b0c1679acdfd4f5f0694fb3f4509etxt Metasploit
2025-08-23 10:51:14baff113bc7279880d94bed2af6a5b57a1124e1e65b86b26e08ec5162e46b9f25zip  
2025-08-23 10:51:13bb73358046904fe62c7b28c19c43e3a3f209ef13d75a2f30f7ae1b4a3005afe3exe Metasploit
2025-08-23 10:51:13d789a5223c0c456bc6c345509cdabacc7e3802402c6712f5afdb2f3536bf6184txt 
2025-08-23 10:51:12d789a5223c0c456bc6c345509cdabacc7e3802402c6712f5afdb2f3536bf6184txt 
2025-08-23 10:51:1207d28486b374f8ce690b512c78a356fa621090b9f51238b39b43d52b108d80c7exe Meterpreter
2025-08-23 10:51:120419f36d7083b90f7caeea5b94e454bdf846347da9cbb1e5c887c07966f5f9cclnk 
2025-08-23 10:51:11b7124c8d6d295cf1e7bb013c96179c45044ada35cf64be76b08a954425e6a5detxt Metasploit
2025-08-23 10:51:11e601a2c8bcc79b03d6c4a3d1de6d6cc7c49c793ddb33c4f1d616c64d9824111bzip  
2025-08-23 10:51:102e0c0cc26fc95d78e41bb257ac142a0fd8af3383ff343ad92534811ddc8b707cps Metasploit
2025-08-23 10:51:10c53ffdf3f9a67a7cf04811d5960fb0e7b6c6cac0e0998ae4716ca21185f25097zip  
2025-08-23 10:51:10720dc997d708d9e6a62e781dcb28e915ae5e14f80adc2439316b74412fe26afetxt Metasploit
2025-08-23 10:51:1066fac28bbd85e453966a1139ef253c374dab0583d97239892473facb6acab1balnk  
2025-08-23 10:51:095ebc77efec011b34f58c7b421307e002793174f895b16a1acaa65f0a5f9393dftxtPowershellEmpire
2025-08-23 10:51:09726a6a2dba5d772404fa932bfc7c180ed3491d99fe23531227fc3b2eb70c7a3fzip  
2025-08-23 10:51:093e22cd95a6acb352765cb343443dd7bf9ea9ae295f2cd68319c2c4474866aa17exe Meterpreter
2025-08-23 10:51:08a8e4fb0561ceb7bebd4fbbd2a97dfeb8407cdcb0d08c4f736e809c7810b04cd9zip  
2025-08-23 10:51:080524043730f55d1db2a0a7cd655749e3491925c2647b940e547b31cf0dafb652zip  
2025-08-23 10:51:0822af44d1fd812ec9d4e30ec0e1c70374d6490ea3c2f3f75dbb22d18e0cc3e8f9exe Metasploit
2025-08-23 10:51:08ddb0270a3c358e0db4c3e7dd10c89bbe0ed38c9d77b84746574c78d8f102c479zip  
2025-08-23 10:51:08b277f76183ee50347e186b09787ba0c4d549827f8db917c175d7fe0b75c148b5zip