URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	windows401.info
Domain registrar:	REG.RU
Domain registration date:	2021-01-22 17:49:55 UTC
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Control D HaGeZi :	Not blocked
Firstseen:	2021-12-07 07:50:09 UTC
Total malware sites :	2
Online malware sites :	0 (0%)
Offline Malware sites :	2 (100%)
A record(s) observed :	9

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2022-01-23 00:47:55	194.67.71.19		Not listed	AS197695 AS-REGRU	RU	no
2022-01-20 11:17:07	176.99.135.22	176.99.135.22.inetcom.ru	Not listed	AS35598 INETCOM	RU	no
2022-01-10 15:36:56	176.99.135.23	176.99.135.23.inetcom.ru	Not listed	AS35598 INETCOM	RU	no
2021-12-07 07:50:20	185.254.190.47	vps129014.vpsville.ru	Not listed	AS59504 vpsville-AS	RU	no
2022-02-04 10:10:43	194.67.71.141		Not listed	AS197695 AS-REGRU	RU	no
2022-02-22 10:25:25	194.67.71.146		Not listed	AS197695 AS-REGRU	RU	no
2022-02-07 17:13:44	194.67.71.84		Not listed	AS197695 AS-REGRU	RU	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-12-08 17:18:03	http://windows401.info/app/files/dc/id27315003/...	Offline	32 exe RaccoonStealer RedLineStealer	zbetcheckin
2021-12-07 07:50:20	http://windows401.info/dl/ld/id949237005.exe	Offline	exe RedLineStealer	benkow_

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2022-01-10 16:05:10	580a23cfee9a6c7188ea8e88bffe675e3228221d5aa27e76d748c8a8f2fc4b62	exe		RedLineStealer
2022-01-10 15:53:05	6fbe35a424dcf4949c9402c21d0f6102c1d538203e38408f570e8f161abb4517	exe
2022-01-10 04:32:52	922a3412b7f44d7fe508a7cc97ac71fde977dd07025fa84a9d849383f44d2353	exe		RaccoonStealer
2022-01-10 03:13:20	9dd85db25c80607afc1a3efec5b5d03fe882a59beec4347f0a75b6b256d7c5db	exe		RaccoonStealer
2022-01-10 02:52:53	5ea6f1b481a8c4f7cfe46607ef08ca1b72113b3225002923ad9839f6fd0c67dc	exe		RedLineStealer
2022-01-10 02:46:26	d188f505ff2702722bf5ccd43eb3451025e8312fc38cea0d6d47131d0c870ec8	exe
2022-01-09 03:37:57	81ace5cefeb9363abea07fba3f61042d495037ceb815633279e7aa2b9556824e	exe		RedLineStealer
2022-01-07 18:15:11	b1e2335eb58049ec7067133d10d49e92807747ad238778d83b3796770e9e284d	exe		RedLineStealer
2022-01-07 06:46:03	82eef06f31bd95da4b29d29e46203590b9a8f65b7e0d4093bf7588f71094bd38	exe		RaccoonStealer
2021-12-27 01:35:59	de90494cf877b8c279196f82d6ddba86a8b6139843a26816c605c38d8d72fa3a	exe		RedLineStealer
2021-12-18 10:15:00	d90afdd967ba53048d4d0c3d2668f1a11647887cf3fcdcc01ecdc9e829c48fd7	exe
2021-12-11 10:09:47	24ac810ea21f8232c6a399de2ec29171ba065ab21bf019387802d06a80597a0f	exe		RedLineStealer
2021-12-10 04:03:04	fa1a7526d18f385fcd5733d7997da5b15dae20d0fb74b1331e021b23ce50c28e	exe		RedLineStealer
2021-12-08 17:47:59	a8e0baca3d4bf1fb178b979886b8e992b21b37d42a346e12811898cc6cf3cf1a	exe		RedLineStealer
2021-12-07 07:50:20	f42def3584cbdd93edb8c9b22a6334826f90599deff3ae35375fd8606a64fb9d	exe		RedLineStealer