URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	cfeca.win
Domain registrar:	Cloudflare
Domain registration date:	2023-03-13 02:30:12 UTC
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Blocked
OpenBLD :	Blocked
DNS4EU :	Not blocked
Control D HaGeZi :	Not blocked
Firstseen:	2026-01-13 13:59:06 UTC
Total malware sites :	10
Online malware sites :	0 (0%)
Offline Malware sites :	10 (100%)
A record(s) observed :	1

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2026-01-13 13:59:15	192.210.214.149	192-210-214-149-host.colocrossing.com	Not listed	AS36352 AS-COLOCROSSING	US	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2026-01-13 13:59:24	http://cfeca.win/p-p.c-.ISIS	Offline	botnetdomain elf gafgyt ua-wget	BlinkzSec
2026-01-13 13:59:23	http://cfeca.win/a-r.m-7.ISIS	Offline	botnetdomain elf gafgyt ua-wget	BlinkzSec
2026-01-13 13:59:21	http://cfeca.win/a-r.m-6.ISIS	Offline	botnetdomain elf gafgyt ua-wget	BlinkzSec
2026-01-13 13:59:20	http://cfeca.win/a-r.m-5.ISIS	Offline	botnetdomain elf gafgyt ua-wget	BlinkzSec
2026-01-13 13:59:19	http://cfeca.win/m-p.s-l.ISIS	Offline	botnetdomain elf gafgyt ua-wget	BlinkzSec
2026-01-13 13:59:19	http://cfeca.win/s-h.4-.ISIS	Offline	botnetdomain elf gafgyt ua-wget	BlinkzSec
2026-01-13 13:59:18	http://cfeca.win/ISIS.sh	Offline	botnetdomain gafgyt sh ua-wget	BlinkzSec
2026-01-13 13:59:17	http://cfeca.win/x-8.6-.ISIS	Offline	botnetdomain elf gafgyt ua-wget	BlinkzSec
2026-01-13 13:59:16	http://cfeca.win/m-i.p-s.ISIS	Offline	botnetdomain elf gafgyt ua-wget	BlinkzSec
2026-01-13 13:59:15	http://cfeca.win/a-r.m-4.ISIS	Offline	botnetdomain elf gafgyt ua-wget	BlinkzSec

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2026-01-13 13:59:24	8f63467913134275f64e621550fa5fdb9427c3a8a4560812dbe4a31d7f290497	elf		Gafgyt
2026-01-13 13:59:23	7e9296cee4339badfbecc4d338a51cd08b24c0ddfaac54433595da973cd506d9	elf		Gafgyt
2026-01-13 13:59:21	78daddb177fcbed8d06d899a70935c690a312a170ae1fa52756d4bb02d1f7db0	elf		Gafgyt
2026-01-13 13:59:20	6382b41c894650cffefe6b142cd2a5d04e52c9bbdbb68087115500af823299fb	elf		Gafgyt
2026-01-13 13:59:19	299d7b24d3433aced87e8637667b4280997d9a10a8ed194cc5f5819832ca69ab	elf		Gafgyt
2026-01-13 13:59:19	b1d624340813c3a08151e246b33e2caf7d2024809712eef46cd8978c3b31fd4a	elf		Gafgyt
2026-01-13 13:59:18	3e75cc8e83d6f5767823d8d6af243af3eff14885e86bc3edb7b130bafd1f80e4	sh		Gafgyt
2026-01-13 13:59:17	7b541360a623d5f8897b171c585caba9e381655ceb2a48b19e3d6fbef9d2203e	elf		Gafgyt
2026-01-13 13:59:15	8f63467913134275f64e621550fa5fdb9427c3a8a4560812dbe4a31d7f290497	elf		Gafgyt
2026-01-13 13:59:15	dc966bf0d1b7eb048fcf658d7f4676818456a5882aca6717a6408ae923544a98	elf		Gafgyt