URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-05-03 14:55:33	50.31.177.133	bh8702.banahosting.com	Not listed	AS23352 SERVERCENTRAL	US	yes
2022-11-23 13:34:15	50.31.188.73	hd-4910.banahosting.com	Not listed	AS23352 SERVERCENTRAL	US	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-11-25 06:58:09	http://redsaludchanchamayo.com.pe/1/data64_4.exe	Offline		abuse_ch
2022-11-25 06:58:08	http://redsaludchanchamayo.com.pe/1/data64_6.exe	Offline		abuse_ch
2022-11-25 06:58:08	http://redsaludchanchamayo.com.pe/webArg1.txt	Offline		abuse_ch
2022-11-25 06:58:08	http://redsaludchanchamayo.com.pe/1/data64_1.exe	Offline		abuse_ch
2022-11-25 06:58:08	http://redsaludchanchamayo.com.pe/1/data64_dll.dll	Offline		abuse_ch
2022-11-25 06:58:08	http://redsaludchanchamayo.com.pe/1/data64_3.exe	Offline		abuse_ch
2022-11-25 06:58:08	http://redsaludchanchamayo.com.pe/1/data64_5.exe	Offline		abuse_ch
2022-11-24 04:24:05	http://redsaludchanchamayo.com.pe/1/data64_2.exe	Offline	32 exe RedLineStealer	zbetcheckin
2022-11-23 13:34:18	http://redsaludchanchamayo.com.pe/16/data64_dll...	Offline	CryptOne	abuse_ch
2022-11-23 13:34:18	http://redsaludchanchamayo.com.pe/2/data64_1.exe	Offline	ArkeiStealer RedLineStealer	abuse_ch
2022-11-23 13:34:18	http://redsaludchanchamayo.com.pe/webArg2.txt	Offline		abuse_ch
2022-11-23 13:34:17	http://redsaludchanchamayo.com.pe/16/data64_1.exe	Offline	ArkeiStealer RedLineStealer	abuse_ch
2022-11-23 13:34:17	http://redsaludchanchamayo.com.pe/17/data64_dll...	Offline	CryptOne	abuse_ch
2022-11-23 13:34:17	http://redsaludchanchamayo.com.pe/2/data64_dll.dll	Offline	CryptOne	abuse_ch
2022-11-23 13:34:17	http://redsaludchanchamayo.com.pe/17/data64_3.exe	Offline		abuse_ch
2022-11-23 13:34:17	http://redsaludchanchamayo.com.pe/16/data64_3.exe	Offline		abuse_ch
2022-11-23 13:34:17	http://redsaludchanchamayo.com.pe/2/data64_2.exe	Offline	RedLineStealer	abuse_ch
2022-11-23 13:34:17	http://redsaludchanchamayo.com.pe/16/data64_2.exe	Offline	RedLineStealer	abuse_ch
2022-11-23 13:34:17	http://redsaludchanchamayo.com.pe/16/data64_5.exe	Offline		abuse_ch
2022-11-23 13:34:16	http://redsaludchanchamayo.com.pe/2/data64_3.exe	Offline		abuse_ch
2022-11-23 13:34:16	http://redsaludchanchamayo.com.pe/17/data64_1.exe	Offline	ArkeiStealer RedLineStealer	abuse_ch
2022-11-23 13:34:16	http://redsaludchanchamayo.com.pe/webArg16.txt	Offline		abuse_ch
2022-11-23 13:34:15	http://redsaludchanchamayo.com.pe/2/data64_5.exe	Offline		abuse_ch
2022-11-23 13:34:15	http://redsaludchanchamayo.com.pe/2/data64_4.exe	Offline		abuse_ch
2022-11-23 13:34:15	http://redsaludchanchamayo.com.pe/17/data64_2.exe	Offline		abuse_ch
2022-11-23 13:34:15	http://redsaludchanchamayo.com.pe/16/data64_6.exe	Offline		abuse_ch
2022-11-23 13:34:15	http://redsaludchanchamayo.com.pe/16/data64_4.exe	Offline		abuse_ch
2022-11-23 13:34:15	http://redsaludchanchamayo.com.pe/2/data64_6.exe	Offline		abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2022-11-24 08:40:19	3b1eac6edce17b9c76f22939bb99c4254d45c33d188c92b833cdfb7f005b02fa	exe		RedLineStealer
2022-11-24 08:22:34	fd1a09c372f39636d4d547a96121d7da03bea79dabb95717a8636b0d7aed8194	exe		ArkeiStealer
2022-11-24 08:11:02	1099a19d47e999dce7ba3327b6915836ea1d3a96cfbe49662652b95d4acde45f	exe		RedLineStealer
2022-11-24 08:05:59	fd1a09c372f39636d4d547a96121d7da03bea79dabb95717a8636b0d7aed8194	exe		ArkeiStealer
2022-11-24 07:58:29	dc73c1e9809a7a24d125ed5dc9a3944feee65d21b789f9b6374a2b5135f01809	exe
2022-11-24 07:58:11	dc73c1e9809a7a24d125ed5dc9a3944feee65d21b789f9b6374a2b5135f01809	exe
2022-11-24 07:49:45	40c03dbb680742a48c181cb4a5f48ddad532deee22803916eab87fd3c86f252a	exe		RedLineStealer
2022-11-24 07:47:36	dc73c1e9809a7a24d125ed5dc9a3944feee65d21b789f9b6374a2b5135f01809	exe
2022-11-24 07:43:24	fd1a09c372f39636d4d547a96121d7da03bea79dabb95717a8636b0d7aed8194	exe		ArkeiStealer
2022-11-24 04:24:04	c67b7b5aea6cc07e24c1a0fee9ede4c909533cdedca2c41e787e18bbedc155a2	exe		RedLineStealer
2022-11-23 17:22:30	8fd3f5051481a5fdd39bc3546a6aafc6b36f2ee8a4d29eb85d8a42f196bcd2dd	dll		CryptOne
2022-11-23 17:22:25	8fd3f5051481a5fdd39bc3546a6aafc6b36f2ee8a4d29eb85d8a42f196bcd2dd	dll		CryptOne
2022-11-23 17:09:23	8fd3f5051481a5fdd39bc3546a6aafc6b36f2ee8a4d29eb85d8a42f196bcd2dd	dll		CryptOne
2022-11-23 13:34:13	dd158cfbdcd34d40c35e6e0c2aaccdff0049114e9e196cf4d582a8101e79f4ba	dll		CryptOne
2022-11-23 13:34:12	dd158cfbdcd34d40c35e6e0c2aaccdff0049114e9e196cf4d582a8101e79f4ba	dll		CryptOne
2022-11-23 13:34:12	05aed5bb6d590c1b0781804889957f73a85aa49c248f0e1c453ffc2777f4d5fb	exe		RedLineStealer
2022-11-23 13:34:12	dd158cfbdcd34d40c35e6e0c2aaccdff0049114e9e196cf4d582a8101e79f4ba	dll		CryptOne
2022-11-23 13:34:12	05aed5bb6d590c1b0781804889957f73a85aa49c248f0e1c453ffc2777f4d5fb	exe		RedLineStealer
2022-11-23 13:34:12	90ca60dc8424411c71eecfcddfdb40e1fadc48e4ed287a282309b24f0cb2c5a2	exe
2022-11-23 13:34:12	90ca60dc8424411c71eecfcddfdb40e1fadc48e4ed287a282309b24f0cb2c5a2	exe
2022-11-23 13:34:11	a62a32aaa084cf58502545836b26e682051f67065a17a3b0bc595223e4263d4f	exe		RedLineStealer
2022-11-23 13:34:11	90ca60dc8424411c71eecfcddfdb40e1fadc48e4ed287a282309b24f0cb2c5a2	exe
2022-11-23 13:34:11	f3f7fa2e6ad4bfa9c3ab22fbe8056d8d1d9cb8a2c0221dd094892027ce1fed4e	exe		RedLineStealer
2022-11-23 13:34:10	05aed5bb6d590c1b0781804889957f73a85aa49c248f0e1c453ffc2777f4d5fb	exe		RedLineStealer