URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
| Host: | kavacanada.ca |
|---|---|
| Domain registrar: | Tucows  |
| Domain registration date: | 2009-07-27 23:22:37 UTC |
| Spamhaus DBL : | Abused domain (malware) |
| SURBL : | Not blocked |
| Quad9 : | Blocked |
| AdGuard : | Blocked |
| Cloudflare : | Blocked |
| ProtonDNS : | Blocked |
| OpenBLD : | Blocked |
| DNS4EU : | Not blocked |
| Control D HaGeZi : | Not blocked |
| Firstseen: | 2025-07-17 19:04:06 UTC |
| Total malware sites : | 6 |
| Online malware sites : | 3 (50%) |
| Offline Malware sites : | 3 (50%) |
| Newest active malware site : | 2026-02-18 09:53:20 UTC |
| Oldest active malware site : | 2025-07-17 19:04:08 UTC (Age: 7 months, 17 days, 3 hours, 27 minutes) |
| A record(s) observed : | 1 |
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2025-07-17 19:04:08 | 65.60.56.230 | sh40-1098.ich-3.com | Not listed | AS32475 SINGLEHOP-LLC |  US | yes |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2026-02-18 09:53:20 | https://kavacanada.ca/5a9e6e0a.msi | Online | geofenced msi USA |  abuse_ch |
| 2026-02-17 18:58:20 | http://kavacanada.ca/5a9e6e0a.msi | Offline | msi |  DaveLikesMalwre |
| 2026-02-17 18:58:07 | https://kavacanada.ca/filepath.mp4 | Offline | DaveLikesMalwre | |
| 2026-02-17 17:24:24 | https://kavacanada.ca/22216.mp4 | Online | DaveLikesMalwre | |
| 2025-07-17 19:04:16 | https://kavacanada.ca/catalog/model/cummersMG.exe | Offline | exe KoiLoader KoiStealer | abuse_ch |
| 2025-07-17 19:04:08 | https://kavacanada.ca/catalog/model/cheekpieceG... | Online | KoiLoader KoiStealer powershell ps1 | abuse_ch |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2026-02-28 13:40:57 | 40765b280cdddf1511ce210856138321ce24bbf7f02d8cddd6b4a84d1e7a11ca | doc | ||
| 2026-02-28 01:25:59 | f3d7fc0a8406001eba44760832c23f6097ee27e183fa4a0c95d7b96962d6c9d7 | doc | ||
| 2026-02-19 19:57:54 | 636e615b3889e87b34e756cda4e2055b251266c52b82e18b774e14da67a535e3 | doc | ||
| 2026-02-19 13:31:26 | 35b523df627087fcf7d30f6c35311a58e4ed3e99184bbeb5144f7a5fcc0edaee | doc | ||
| 2026-02-18 10:28:41 | 28012ee3c06a25a8209ca3eb5fb35166d45488b279e43bf8e2b507f515bc9fc0 | msi | ||
| 2026-02-17 20:18:28 | 5c0f85b8e7a527221162dc6e752c25c22e8ffb9731e417a55ce3adf817f93a84 | txt | ||
| 2026-02-17 18:58:07 | 6e79f54859cbf73c8f6414552b49258e35cc0743b475d20f339af7eb33a521cc | txt | ||
| 2025-08-14 15:25:27 | e9e2f3afe2363d473d0ec9c711b55fa6413a3ba2139f8207097c23f908e39ec4 | txt | ||
| 2025-07-21 22:33:33 | d1f32be6a9d1bfdc0489d06224b16d99aaa641d9e7dc6faad142bde79eb09e1e | exe | KoiLoader | |
| 2025-07-17 19:04:16 | 5bcc787c06d08d21246a38f5e132a1f996d6b0c699880735037dfc1b930e03c3 | exe | KoiLoader |