URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	gestionycobranzas.com
Domain registrar:	Cnobin Information Technology
Domain registration date:	2024-10-25 14:28:15 UTC
Spamhaus DBL :	Abused domain (malware)
SURBL :	Blocked
Quad9 :	Blocked
AdGuard :	Blocked
Cloudflare :	Blocked
ProtonDNS :	Blocked
OpenBLD :	Blocked
DNS4EU :	Not blocked
Control D HaGeZi :	Not blocked
Firstseen:	2025-08-22 19:53:10 UTC
Total malware sites :	26
Online malware sites :	3 (12%)
Offline Malware sites :	23 (88%)
Newest active malware site :	2025-08-22 19:56:18 UTC
Oldest active malware site :	2025-08-22 19:56:10 UTC (Age: 9 months, 8 days, 9 hours, 54 minutes)
A record(s) observed :	5

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-08-22 19:53:18	178.16.54.253		SBL683901	AS202412 OMEGATECH-AS	NL	yes
2025-11-20 14:49:53	44.211.14.38	ec2-44-211-14-38.compute-1.amazonaws.com	Not listed	AS14618 AMAZON-AES	US	no
2025-11-13 05:48:59	84.32.84.33		Not listed	AS47583 AS-HOSTINGER	LT	no
2025-09-04 08:13:56	84.32.84.32		Not listed	AS47583 AS-HOSTINGER	LT	no
2025-09-04 11:40:05	149.62.37.222		Not listed	AS47583 AS-HOSTINGER	BR	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-08-26 05:40:30	http://gestionycobranzas.com/1/ws.png	Offline		abuse_ch
2025-08-26 05:40:14	http://gestionycobranzas.com/3/tre.txt	Offline	rev-base64-loader	abuse_ch
2025-08-24 07:47:21	https://gestionycobranzas.com/1/MSI1.png	Offline	stego	JAMESWT_WT
2025-08-22 19:56:18	http://gestionycobranzas.com/2/remmbuil.txt	Online	opendir rev-base64-loader	Riordz
2025-08-22 19:56:17	http://gestionycobranzas.com/1/m.txt	Offline	opendir	Riordz
2025-08-22 19:56:15	http://gestionycobranzas.com/2/task.vbsbk	Offline	opendir	Riordz
2025-08-22 19:56:15	http://gestionycobranzas.com/1/SBoFJA	Offline	opendir	Riordz
2025-08-22 19:56:12	http://gestionycobranzas.com/1/n02.jpg	Offline	jpg-base64-loader opendir	Riordz
2025-08-22 19:56:12	http://gestionycobranzas.com/1/n22.jpg	Offline	jpg-base64-loader opendir	Riordz
2025-08-22 19:56:11	http://gestionycobranzas.com/1/ROX.txt	Offline	opendir rev-base64-loader	Riordz
2025-08-22 19:56:11	http://gestionycobranzas.com/2/task.vbs	Online	opendir RemcosRAT	Riordz
2025-08-22 19:56:11	http://gestionycobranzas.com/1/optimized_MSI.png	Offline	opendir	Riordz
2025-08-22 19:56:11	http://gestionycobranzas.com/1/WwUCwx.txt	Offline	opendir	Riordz
2025-08-22 19:56:10	http://gestionycobranzas.com/1/m	Offline	opendir	Riordz
2025-08-22 19:56:10	http://gestionycobranzas.com/2/task.js	Online	opendir RemcosRAT	Riordz
2025-08-22 19:54:19	http://gestionycobranzas.com/3/NIKfyWrG	Offline	opendir	Riordz
2025-08-22 19:54:15	http://gestionycobranzas.com/3/NxzvSZwyK	Offline	opendir	Riordz
2025-08-22 19:54:11	http://gestionycobranzas.com/3/NKGKTO.txt	Offline	opendir	Riordz
2025-08-22 19:54:11	http://gestionycobranzas.com/3/eMDGPBrDN	Offline	opendir	Riordz
2025-08-22 19:54:10	http://gestionycobranzas.com/3/YRwmNxJi.txt	Offline	opendir	Riordz
2025-08-22 19:54:09	http://gestionycobranzas.com/3/mXyMDI	Offline	opendir	Riordz
2025-08-22 19:54:09	http://gestionycobranzas.com/3/vjzyQeRE	Offline	opendir	Riordz
2025-08-22 19:54:09	http://gestionycobranzas.com/3/salvador.exe	Offline	opendir xworm	Riordz
2025-08-22 19:54:09	http://gestionycobranzas.com/3/SbkiaPRE.txt	Offline	opendir	Riordz
2025-08-22 19:54:08	http://gestionycobranzas.com/3/ASPkoaO.txt	Offline	opendir	Riordz
2025-08-22 19:53:18	http://gestionycobranzas.com/3/IPeYvuzkr.txt	Offline	opendir	Riordz

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2026-05-27 13:50:58	1232b4d0263b92835dbdef759d51c25e9fbec8743b6cb7fcb1916ac8491ce7f5	unknown
2026-05-27 13:00:23	067beb9d7703d7dd66b960d946745e77006236931bf75e43bc3d2d157374109e	unknown
2026-05-26 17:45:08	a931338ce349a84428c5257e7b96df8e659f3755bb292d5a48ca7697fbc3e25e	unknown
2026-05-26 14:05:39	5208a7566c915ad491d5aba908ffc98c37a5dd1558d60c694d4061793f8affed	unknown
2026-05-22 18:48:54	7b2b1e7a1ae484a23869c289ed8fe4082d8924b54efc97a27c73b76a51689880	unknown
2026-05-22 13:42:32	23afbf9e324dc8b89896484af3da23ac5968e3fc2386053c55185d569774efb9	unknown
2026-05-19 15:33:26	4e2e8e0a8b684320c425999d2ee4a19a1a0f8e216c4a1c8f9a255f421f224ca2	unknown
2026-05-19 13:06:18	3c8af6dd35984f319eabc9237ba5d729aaf68ce86d8917f2302258096729b2c6	unknown
2026-05-13 15:29:28	5aa47d9abc41ca91399c2e1100db7bf49ee2857af2b021651b43da96c520063e	unknown
2026-05-13 13:49:45	1eda3589ec3fd471459c490d1a12d5108adbb4a0ae3c1adc1164d7b8669d7276	unknown
2026-05-12 19:14:44	c3c7ece914139afb8189e5d842ad0d176171a74cf5b7221e16e22abb2e5a698f	unknown
2026-05-12 18:49:22	7048a3e81dbc53e3afab91dceb3379ab03adfdaf4c0c8ff0534cd2f1f824a0d0	unknown
2026-05-11 19:28:06	7b38a81f8d06068340fd3b109be0ec5f8e87012c0f0090e9c4c86fcca20957c0	unknown
2026-05-11 18:57:34	de5843a336930b53f23254277d54c4eeee609d59dd4eee8a2826b11c1034a60d	unknown
2026-05-08 14:07:24	47ecd46c91d74a8d6467c7e4d6a038e9d5f959007b341e089c97589f31b25970	js
2026-01-26 14:28:43	0c7e13ddbeaa7e1ff1433439e632054b3061fecdf6d2437dc32a2dec2782923e	js		RemcosRAT
2026-01-22 01:09:07	ffc93f07c85d1fd0745093caac3b51f0d1df959aa4f483230ace089872129842	js		RemcosRAT
2025-11-13 02:57:37	0fea82f8fc3080d40ec9fd86a161f5011cd2f3efad982495866fa06d3299368a	js
2025-09-04 07:59:57	6d401c709dd2a40e41f124164168f994dc9996a68025bda2df2f224ccab1908a	js
2025-08-28 02:25:08	60ade6262db0b1603755ece3ef0a64c35c8f5ef6df46ff42da5c0fd72cc08a37	unknown
2025-08-27 19:54:36	74c1c627c31397e518687493b8a5af14b839decdb3227810335967cdd4697cac	txt		RemcosRAT
2025-08-27 19:47:09	b87150092f1670db17050a71ba068b4515d42b104cafae4be5d76a7934674d0e	js		RemcosRAT
2025-08-27 14:35:10	045d2444fe26511003ddfb15e92697fb6f0278754817448d12525d65e75f1fdc	txt		RemcosRAT
2025-08-27 14:02:51	cfa5264d2592a1fe11fed0d39d463cd1303eb428506125cb6c180a0e4c20caf0	js		RemcosRAT
2025-08-26 20:43:57	770b35baa103302f231c6be89e96d55294801a04aee02693842aa745f6dce621	txt		RemcosRAT
2025-08-26 19:38:05	0f18a22d54319e113ae30f9f3bd14fdd3c243924e8b8143692952cce72ecf09f	js		RemcosRAT
2025-08-26 05:40:30	08a5d0d8ec398acc707bb26cb3d8ee2187f8c33a3cbdee641262cfc3aed1e91d	unknown
2025-08-26 05:40:13	e557e3620dc724d8ad07e965dd26ecaa875e82c66bd9a8c7c482e2333ede2547	txt
2025-08-25 20:40:32	87fcbd1f67359062e18c02f3a27bc8e192cf771819fd929cc8a96d884cf35f5f	js		RemcosRAT
2025-08-25 20:23:24	5867427e2a69435285a061f4cc882429558b4f7a2c0569219e74fdb7d68ec877	txt		RemcosRAT
2025-08-25 14:39:32	7fe73890d1d759d4787546b61a296d3ad97d72ce95e5cc60f4c67fc68b371ed4	js		RemcosRAT
2025-08-25 14:16:55	83b9a76e6395ef08f25390d50a3e1ca363b320325b4f978a8abde5ca2150c436	txt		RemcosRAT
2025-08-24 07:47:19	08a5d0d8ec398acc707bb26cb3d8ee2187f8c33a3cbdee641262cfc3aed1e91d	unknown
2025-08-23 20:17:50	a763e16f8a534c9c9ccd5ffca2c48fffa70ca02122983885922d3ad0a1063def	txt
2025-08-23 14:31:38	b637ac96e93426857c85f0c7e98ed3b07b8ea8a7444534292137c6e2a632a7ad	js
2025-08-23 02:37:42	70c230ca07e38d63582972c78a69a738f1ba6165f273b220c98d92fc06e047e6	txt
2025-08-23 01:59:19	bae68d68082dd0febfd2a881346d9d14e7927f56093449a679cafeb3050d4ca4	txt
2025-08-23 01:20:39	23109caeac3e34cdd16544a231d63d98e5df78b3c95543382808d530abd8a77e	txt
2025-08-22 19:56:18	1e4e0ee7880e17947cf6cdf024980c2c39bada0bb4bf457f68a0ecb4ec7b3f70	txt
2025-08-22 19:56:17	2de6406306458bbe79dff19204ed4f6fd43cbaf67e6873f9bf0bc9aa142f2867	txt
2025-08-22 19:56:15	d8b7c7178fbadbf169294e4f29dce582f89a5cf372e9da9215aa082330dc12fd	exe
2025-08-22 19:56:12	a7c900e48ebecdac18b2679dafc25236c88f0ed644d335997d4d4b4b19a5fd63	jpg
2025-08-22 19:56:12	a7c900e48ebecdac18b2679dafc25236c88f0ed644d335997d4d4b4b19a5fd63	jpg
2025-08-22 19:56:11	ed971bcfc5a9eebfbecc9aab050ffb9e6d9cfe38a72fd6f74cfec39cbd31475f	txt		RemcosRAT
2025-08-22 19:56:11	ec4909738ec8c8729a34582c8fdb8131a28eb0eeaab81a0066b884affce55e24	unknown
2025-08-22 19:56:11	c31288cbf912b338dee0681791eabfaced23f5819365f43fefc77d9a646b1a24	txt
2025-08-22 19:56:11	4a27d34ed9b1035946da8548d26177a051c62ceaffc266a8a6eea684d7e8aab6	txt
2025-08-22 19:56:10	d8b7c7178fbadbf169294e4f29dce582f89a5cf372e9da9215aa082330dc12fd	exe
2025-08-22 19:56:10	b5db53c35044419ae5c13ecbb481b063a418cb08623e34cd877c318fc10134df	js
2025-08-22 19:54:19	d8b7c7178fbadbf169294e4f29dce582f89a5cf372e9da9215aa082330dc12fd	exe
2025-08-22 19:54:15	d8b7c7178fbadbf169294e4f29dce582f89a5cf372e9da9215aa082330dc12fd	exe
2025-08-22 19:54:11	d8b7c7178fbadbf169294e4f29dce582f89a5cf372e9da9215aa082330dc12fd	exe
2025-08-22 19:54:10	2de6406306458bbe79dff19204ed4f6fd43cbaf67e6873f9bf0bc9aa142f2867	txt
2025-08-22 19:54:09	66cc8ae0a0de5618f04bae1d2321edbb92d6dd296a7b879b5618af28d2741fa1	exe		XWorm
2025-08-22 19:54:09	d8b7c7178fbadbf169294e4f29dce582f89a5cf372e9da9215aa082330dc12fd	exe
2025-08-22 19:54:09	d8b7c7178fbadbf169294e4f29dce582f89a5cf372e9da9215aa082330dc12fd	exe
2025-08-22 19:54:08	16fcb98453d6a4d24dc2e3cda22a3ac813e5345ee9135402ddc99cae8f02295c	txt
2025-08-22 19:53:17	16fcb98453d6a4d24dc2e3cda22a3ac813e5345ee9135402ddc99cae8f02295c	txt