URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	kaysons-group.com
Domain registrar:	HostGator
Domain registration date:	2014-08-13 10:36:44 UTC
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Blocked
Control D HaGeZi :	Not blocked
Firstseen:	2024-09-10 17:14:06 UTC
Total malware sites :	5
Online malware sites :	0 (0%)
Offline Malware sites :	5 (100%)
A record(s) observed :	7

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-04-27 14:46:16	188.114.96.3		Not listed	AS13335 CLOUDFLARENET	n/a	yes
2025-04-27 14:46:16	188.114.97.3		Not listed	AS13335 CLOUDFLARENET	n/a	yes
2025-04-28 05:50:07	104.21.88.165		Not listed	AS13335 CLOUDFLARENET	n/a	no
2025-04-28 05:50:07	172.67.186.55		Not listed	AS13335 CLOUDFLARENET	n/a	no
2024-09-10 17:14:09	162.240.152.163	server-604848.kaysons-group.com	Not listed	AS46606 UNIFIEDLAYER-AS-1	US	no
2025-11-05 07:18:53	188.114.96.12		SBL687667	AS13335 CLOUDFLARENET	n/a	no
2025-11-05 07:18:53	188.114.97.12		SBL687666	AS13335 CLOUDFLARENET	n/a	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2024-09-23 11:16:12	https://kaysons-group.com/lgfjd.exe	Offline	exe LummaStealer	dms1899
2024-09-10 18:11:04	https://kaysons-group.com/vgerw15.exe	Offline	dropped-by-PrivateLoader Vidar	Bitsight
2024-09-10 17:37:06	https://kaysons-group.com/vfdwg12.exe	Offline	dropped-by-PrivateLoader Vidar	Bitsight
2024-09-10 17:14:10	https://kaysons-group.com/sgfds.exe	Offline	dropped-by-PrivateLoader MarsStealer	Bitsight
2024-09-10 17:14:09	https://kaysons-group.com/vgtew.exe	Offline	dropped-by-PrivateLoader Vidar	Bitsight

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2024-09-23 11:16:12	e411128093d3247f7a4ffade6252146784262d6d8647143ac8dd2157499f3b82	exe		LummaStealer
2024-09-10 19:31:50	41915ffe249fb3ca4d56f818f326fc362fbb65da11e1bc46c556cc73a871f5ea	exe		Vidar
2024-09-10 17:37:06	abca40b38e430b2eca2c726dfbda0179abc347028f401bb3ddc143c293e218b5	exe		Vidar
2024-09-10 17:14:08	8eb8822fcff05d89036329669bd654ca07ac68acbe7266d62223e2b5ad9eb67b	exe		Vidar
2024-09-10 17:14:08	daf4e8849a3b6011bff41cc2c7decee8c769a4ebf2be3d7316930f40448ddb25	exe		MarsStealer