URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	down.flash-plays.com
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Blocked
Control D HaGeZi :	Not blocked
Firstseen:	2020-11-04 12:38:04 UTC
Total malware sites :	1
A record(s) observed :	3

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2021-10-01 04:35:20	45.133.238.169		Not listed	AS932 XNNET	HK	no
2021-01-21 08:01:07	8.8.8.8	dns.google	Not listed	AS15169 GOOGLE	US	no

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2020-11-04 12:38:06	https://down.flash-plays.com/flashplay_install_...	Offline	CobaltStrike	JAMESWT_MHT

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2021-10-11 10:44:37	821041e3f83df48ff40eede2931334d16abf61a71bb2cdcecf9fa63350d79e9c	exe
2021-01-04 06:13:14	02a76cee60decc4fb8b548f66b103495983a647acf60c5b2c1123351b0d4ea13	exe
2020-11-04 12:38:06	ec50240df30bcbc5ece80e6a6702b7230b81e68b712083f01a5780761693c5ae	exe	CobaltStrike