URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: ddl.safone.dev
Domain registrar:OwnRegistrar -
Domain registration date:2023-09-28 16:49:48 UTC
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Blocked
ProtonDNS :Not blocked
OpenBLD :Blocked
DNS4EU :Blocked
Control D HaGeZi :Not blocked
Firstseen:2024-08-30 07:38:04 UTC
Total malware sites :1
A record(s) observed :5

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2025-11-27 20:16:53 143.179.41.155155-41-179-143.ftth.glasoperator.nlNot listedAS50266 Odido- NLyes
2024-09-16 17:54:22 65.108.207.55static.55.207.108.65.clients.your-server.deNot listedAS24940 HETZNER-AS- FIno
2024-08-30 07:38:08 52.212.52.84ec2-52-212-52-84.eu-west-1.compute.amazonaws.comNot listedAS16509 AMAZON-02- IEno
2024-08-30 07:38:08 54.247.69.169ec2-54-247-69-169.eu-west-1.compute.amazonaws.comNot listedAS16509 AMAZON-02- IEno
2024-08-30 07:38:08 63.32.161.232ec2-63-32-161-232.eu-west-1.compute.amazonaws.comNot listedAS16509 AMAZON-02- IEno

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2024-08-30 07:38:08http://ddl.safone.dev/3808735/US+ONLY1.exe?hash...OfflineAsyncRAT ext exe vxvault

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2024-08-30 07:38:08ad2315d49459ab240df61af4f6e336f310c470ec33f8bec1cb8d4fb16b48ae9dexeAsyncRAT