URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	water.s3.cubbit.eu
Domain registrar:	Gandi
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Blocked
DNS4EU :	Not blocked
Control D HaGeZi :	Not blocked
Firstseen:	2026-04-13 13:38:27 UTC
Total malware sites :	2
Online malware sites :	0 (0%)
Offline Malware sites :	2 (100%)
A record(s) observed :	19

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2026-04-21 18:17:45	151.115.166.114	114-166-115-151.instance.scw.eu	Not listed	AS12876 AS12876	IT	yes
2026-04-21 18:17:45	151.115.164.214	214-164-115-151.instance.scw.eu	Not listed	AS12876 AS12876	IT	yes
2026-04-21 18:17:44	151.115.164.223	223-164-115-151.instance.scw.eu	Not listed	AS12876 AS12876	IT	yes
2026-04-21 18:17:45	151.115.165.88	88-165-115-151.instance.scw.eu	Not listed	AS12876 AS12876	IT	yes
2026-04-21 18:17:45	151.115.165.82	82-165-115-151.instance.scw.eu	Not listed	AS12876 AS12876	IT	yes
2026-04-21 18:17:44	151.115.164.189	189-164-115-151.instance.scw.eu	Not listed	AS12876 AS12876	IT	yes
2026-04-21 18:17:45	151.115.166.144	144-166-115-151.instance.scw.eu	Not listed	AS12876 AS12876	IT	yes
2026-04-21 18:17:45	151.115.166.111	111-166-115-151.instance.scw.eu	Not listed	AS12876 AS12876	IT	yes
2026-04-21 18:17:44	151.115.165.87	87-165-115-151.instance.scw.eu	Not listed	AS12876 AS12876	IT	yes
2026-04-21 18:17:44	151.115.165.156	156-165-115-151.instance.scw.eu	Not listed	AS12876 AS12876	IT	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2026-04-13 13:38:41	https://water.s3.cubbit.eu/bmiSkak.txt	Offline	AgentTesla ascii Encoded	abuse_ch
2026-04-13 13:38:30	https://water.s3.cubbit.eu/ccAoheF.txt	Offline	ascii Encoded rat RemcosRAT	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2026-04-13 13:38:40	82475c6a3c2717b8b425ae29586ec1f599ab2267e056fb1f766d6e2b2f14e6d3	txt
2026-04-13 13:38:29	0ba97480238aa6495842685f0791ccfa68f98703660038d0f32acf9f303c4c3f	txt