URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	goldhunt.s3.eu-north-1.amazonaws.com
Domain registrar:	MarkMonitor
Domain registration date:	2005-08-18 02:10:45 UTC
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Blocked
Control D HaGeZi :	Not blocked
Firstseen:	2024-09-12 19:44:03 UTC
Total malware sites :	3
Online malware sites :	0 (0%)
Offline Malware sites :	3 (100%)
A record(s) observed :	201

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-09-23 12:14:12	3.5.218.250		Not listed	AS16509 AMAZON-02	SE	yes
2024-09-25 14:01:00	52.95.171.72	s3-r-w.eu-north-1.amazonaws.com	Not listed	AS16509 AMAZON-02	SE	yes
2025-10-10 08:32:39	3.5.216.152	s3-r-w.eu-north-1.amazonaws.com	Not listed	AS16509 AMAZON-02	SE	no
2024-10-20 15:03:39	52.95.171.36	s3-r-w.eu-north-1.amazonaws.com	Not listed	AS16509 AMAZON-02	SE	no
2025-09-16 07:39:53	3.5.216.78		Not listed	AS16509 AMAZON-02	SE	no
2025-11-15 22:39:51	3.5.218.201		Not listed	AS16509 AMAZON-02	SE	no
2025-10-19 12:42:24	3.5.216.101		Not listed	AS16509 AMAZON-02	SE	no
2025-10-07 06:13:37	3.5.217.18	s3-r-w.eu-north-1.amazonaws.com	Not listed	AS16509 AMAZON-02	SE	no
2025-09-30 11:22:50	3.5.216.192		Not listed	AS16509 AMAZON-02	SE	no
2025-09-25 01:45:38	3.5.218.82	s3-r-w.eu-north-1.amazonaws.com	Not listed	AS16509 AMAZON-02	SE	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2024-09-24 04:57:06	http://goldhunt.s3.eu-north-1.amazonaws.com/sik...	Offline	exe Formbook	abuse_ch
2024-09-16 20:17:07	http://goldhunt.s3.eu-north-1.amazonaws.com/bal...	Offline	exe Formbook	SunshineRay
2024-09-12 19:44:06	http://goldhunt.s3.eu-north-1.amazonaws.com/fro...	Offline	exe Formbook	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2024-09-26 11:23:13	92960e18d70798a676acf47434e4cfe51e79c2cf6ca79186c66109a307a3aa2a	exe		Formbook
2024-09-26 04:07:46	1b8fe99e88152072e7b47b496a64304435825f964b0f6f5df099cc15c521f6b4	exe		Formbook
2024-09-25 11:16:31	9de843d2b81c6ddd820d43de8198766a3148b77e1ba78c37ce5e16ae4ed12cfc	exe		Formbook
2024-09-25 09:33:19	9578a4026ca89cd0a0427bc5ea9ce36a9e83292248777d683f0fb9973c2bd842	exe		Formbook
2024-09-24 14:15:55	55c9940c0f3883ab008156f65e2c020a72a1d58e9ae645490c100ac08c8dc4e5	exe		Formbook
2024-09-24 04:57:06	0b282196cbe02ca7c879bc0eee7cf25c9faf531c245c66e14982307944b494b6	exe		Formbook
2024-09-16 20:17:07	b9e46e8d5b0ea705e9265a2658f6741b81f5b72f9341235ece7b75d4c0e4aa8d	exe		Formbook
2024-09-12 19:44:06	b14dba44c08182c9c21b34e90409943400645c7d88a6b1388bddc64464f26a73	exe		Formbook