URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
| Host: | documents.cavradocuments.top |
|---|---|
| Spamhaus DBL : | Phishing domain |
| SURBL : | Not blocked |
| Quad9 : | Status unknown |
| AdGuard : | Not blocked |
| Cloudflare : | Blocked |
| ProtonDNS : | Status unknown |
| OpenBLD : | Blocked |
| DNS4EU : | Blocked |
| Control D HaGeZi : | Not blocked |
| Firstseen: | 2025-04-10 18:57:03 UTC |
| Total malware sites : | 5 |
| Online malware sites : | 0 (0%) |
| Offline Malware sites : | 5 (100%) |
| A record(s) observed : | 1 |
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-04-10 18:57:05 | 217.119.129.87 | . | Not listed | AS207957 ServHost-AS |  DE | yes |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2025-04-10 18:57:12 | https://documents.cavradocuments.top/quiet/VZSI... | Offline | HijackLoader |  JAMESWT_WT |
| 2025-04-10 18:57:09 | https://documents.cavradocuments.top/5342c7fthn... | Offline | Rhadamanthys | JAMESWT_WT |
| 2025-04-10 18:57:08 | https://documents.cavradocuments.top/reports/Re... | Offline | JAMESWT_WT | |
| 2025-04-10 18:57:05 | https://documents.cavradocuments.top/Qah1Hoak0w... | Offline | JAMESWT_WT | |
| 2025-04-10 18:57:05 | https://documents.cavradocuments.top/Qah1Hoak0w... | Offline | JAMESWT_WT |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2025-04-10 18:57:12 | 70715750bf70adf1f646d35e5387d6130eff1c5d4d2b844f198b4116987583fb | msi | HijackLoader | |
| 2025-04-10 18:57:08 | 04ebc778a5f47b413d86ee377b7d966b93bca86d06e33592fb09698a9c7bb166 | msi | Rhadamanthys | |
| 2025-04-10 18:57:06 | 856219583cd31f4aca03627d9366394d3a8469264ef0ddb093bb62b2ce627ea4 | lnk | ||
| 2025-04-10 18:57:05 | 8c9e60ab53923a7d7bb108864e34a43f7958ad8ff17977e020b7c185e8b84aff | lnk | ||
| 2025-04-10 18:57:05 | bde242e90cb1902d6571e810c3c043def2cac8bf831708b6c0ab909682e7a7fa | zip |