URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-04-27 19:26:31 | 198.7.119.146 | vmi2331413.contaboserver.net | Not listed | AS51167 CONTABO |  DE | yes |
| 2023-02-11 18:15:47 | 194.233.70.136 | cloudgate179.cloud-computing.expert | Not listed | AS141995 CAPL-AS-AP |  SG | no |
| 2023-01-27 19:29:23 | 15.235.145.82 | ns5011885.ip-15-235-145.net | Not listed | AS16276 OVH | SG | no |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2023-01-29 16:18:15 | https://cyberaya.com/NickhTyr84965232.exe | Offline | ArkeiStealer  drop-by-malware PrivateLoader |  andretavare5 |
| 2023-01-27 19:29:23 | https://cyberaya.com/TyrlNickh89535665.exe | Offline | ArkeiStealer drop-by-malware PrivateLoader | andretavare5 |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2023-01-29 16:18:15 | d5b91fba7466b663294137d24edce9e9822d30b2e2f8c87c8799044221e36921 | exe | ArkeiStealer | |
| 2023-01-28 05:39:19 | ba6000d2c43661a585115d8f7ee1941c50c83c0704fce3b7620ca4830b300d25 | exe | ArkeiStealer | |
| 2023-01-28 04:14:09 | 8eb995eea0b0973e28f2e922b33bcdec5b42cac58dabd420e248b657a6813266 | exe | ArkeiStealer | |
| 2023-01-27 19:29:14 | 28481cfb09fe12acea1347b45a6f5e71f9442ef13a5c4e77ab226a4eb135db5b | exe | ArkeiStealer |