URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	getvalve.co
Domain registrar:	Namecheap
Domain registration date:	2022-08-27 16:38:15 UTC
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Blocked
Control D HaGeZi :	Not blocked
Firstseen:	2023-06-13 17:52:42 UTC
Total malware sites :	1
A record(s) observed :	34

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2023-09-28 06:43:59	54.236.131.166	ec2-54-236-131-166.compute-1.amazonaws.com	Not listed	AS14618 AMAZON-AES	US	no
2023-10-01 16:39:11	44.212.192.5	ec2-44-212-192-5.compute-1.amazonaws.com	Not listed	AS14618 AMAZON-AES	US	no
2023-10-02 07:43:12	52.205.68.17	ec2-52-205-68-17.compute-1.amazonaws.com	Not listed	AS16509 AMAZON-02	US	no
2023-09-20 05:40:56	34.233.29.203	ec2-34-233-29-203.compute-1.amazonaws.com	Not listed	AS16509 AMAZON-02	US	no
2023-09-21 18:03:57	18.205.216.141	ec2-18-205-216-141.compute-1.amazonaws.com	Not listed	AS14618 AMAZON-AES	US	no
2023-09-28 06:43:59	54.160.94.210	ec2-54-160-94-210.compute-1.amazonaws.com	Not listed	AS14618 AMAZON-AES	US	no
2023-09-20 05:40:56	54.158.195.221	ec2-54-158-195-221.compute-1.amazonaws.com	Not listed	AS14618 AMAZON-AES	US	no
2023-09-21 18:03:57	54.161.115.162	ec2-54-161-115-162.compute-1.amazonaws.com	Not listed	AS14618 AMAZON-AES	US	no
2023-10-02 07:43:12	52.202.104.231	ec2-52-202-104-231.compute-1.amazonaws.com	Not listed	AS14618 AMAZON-AES	US	no
2023-10-01 16:39:11	44.193.53.108	ec2-44-193-53-108.compute-1.amazonaws.com	Not listed	AS16509 AMAZON-02	US	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2023-06-13 17:52:52	https://getvalve.co/do/	Offline	BB32 geofenced js Qakbot Quakbot USA	Cryptolaemus1

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2023-06-15 14:42:49	b49ddfc3ac4f3eee6f3d916e44827f02bb9bc447bfcb5a52586c0663c2549659	zip		Quakbot
2023-06-15 14:29:11	60aa83135a668c1834e06a7af0c34639c0e6e01d4436d2cd4544a3c550f59278	zip		Quakbot
2023-06-15 13:20:47	c9644657972919045e8f52080ec06b37bb730aadf1a11e54095459328e8b59a7	zip		Quakbot
2023-06-15 10:57:00	e1324d6a6474765da326d65ae5ade666b873154f82e2b80d3be721b1e87b872f	js
2023-06-15 09:03:46	2dfa4d329b4df3b6cd02d77e4a36eb89631126a35d526433d87b622772df3622	js		Quakbot
2023-06-15 08:54:04	327a4b48dfa16fb2efa6b8c5097d722de072c874a92548fdf73f06473e8dfe9e	js		Quakbot
2023-06-15 07:19:28	c020b80a4b247dc41cb9f9dae71a6a597c42a0388eb6eb730bc3c0b16e03e621	js		Quakbot
2023-06-15 02:47:43	658b5601852cda3167017566a91b61b1b93b970b092be146e3d9606e13cf7225	js		Quakbot
2023-06-14 14:34:54	49c6bb4a14c70b49be707a1fdb82b374a14e3cd2dfb09aa87111a5c0286e689e	js		Quakbot
2023-06-14 12:52:28	c4d67e01714e14f46603e0e760ac501063f32afe5e6e2365742f3aa9ba1779f9	js		Quakbot
2023-06-14 11:21:53	c8c692255b433f79008d463eadba1850ab6cb484f32b787a318d3984d1740705	js		Quakbot
2023-06-14 09:50:53	da1529f7e451e7221a561f3fdc0bab98ec5d8962b2173be96e62271564ffbe19	js		Quakbot
2023-06-14 09:30:36	e552985ff266e1634976236fad4ea1b67d242a95399d255c9b984d18e93fb934	js		Quakbot
2023-06-14 08:22:45	1931cee49f7e8c236682655e3d81dd703ea9e3566bd3dce49a504331d2d747ff	js		Quakbot
2023-06-14 07:58:41	db4f8c0c1ae2a40d44321117fd1fc22c03c44cddf6fe50d8058a3d8c370c38e9	js		Quakbot
2023-06-14 06:29:22	8f929428a217ff296d65c32306eda42ed9b315bdbcb403bfcdfa02f897dbf926	js
2023-06-14 04:54:15	d6e9212c85de9d72891dee0d7f8514417581aed4a91ad10f9e779c7cde7d52ae	js
2023-06-14 04:10:03	539cc769b7c26c392efde9f1b3b55419c4bb839db80aa01d2090c6ca2882d7c0	js		Quakbot
2023-06-14 03:11:24	08b534781c91fa59da7feac81cd6e9fea528fdcc84bb91f19705a9e00ded819b	js		Quakbot
2023-06-14 02:03:41	6d0ca821cf16f5705471d86c3b715cefbd20f9caa3b98f08a88999d75a8f263d	js
2023-06-14 01:56:49	2f48117178c372504ce4f5b8cd3617f09a52334e9758a3d0c2ea4893e8c1c665	js
2023-06-14 00:48:58	d7995244004b6c7094809163e7f9587abc2a4759932ead8e535cad0e9011a40e	js		Quakbot
2023-06-13 23:09:24	977e2a9d32b2a1f31f955ae93c6ca9c68aed5c1383bbd537ed305d24b4b7fe2d	js		Quakbot
2023-06-13 22:04:27	675c342a1af08dc069a293b257048b4d2b9d06a88b3d1e41d2f91e95f53b5ee9	js		Quakbot
2023-06-13 20:22:49	ed9e567f75b2292cbe3188606457ecba5295658cefdc14f02104de778ea16998	js		Quakbot
2023-06-13 19:07:29	89746e03f20213f3ca6a69b03d54b2a2594b12cefeec6aada6048430008b9443	js		Quakbot
2023-06-13 17:52:46	02583a853790764033b5696278dbaa6bf113b59d727050e4b11a63f5fc060da7	js