URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	cghfdyj.b-cdn.net
Domain registrar:	Name.com
Domain registration date:	2016-04-25 23:34:57 UTC
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Blocked
Control D HaGeZi :	Not blocked
Firstseen:	2022-10-24 12:03:09 UTC
Total malware sites :	2
Online malware sites :	0 (0%)
Offline Malware sites :	2 (100%)
A record(s) observed :	36

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2023-01-15 09:14:31	138.199.36.8	138-199-36-8.bunnyinfra.net	Not listed	AS60068 CDN77	DE	yes
2022-12-03 23:44:15	138.199.36.11	138-199-36-11.bunnyinfra.net	Not listed	AS60068 CDN77	DE	no
2023-01-06 12:59:22	169.150.247.34	unn-169-150-247-34.datapacket.com	Not listed	AS60068 CDN77	DE	no
2025-04-28 02:56:51	79.127.216.111	79-127-216-111.bunnyinfra.net	Not listed	AS60068 CDN77	DE	no
2023-01-09 06:02:04	169.150.247.40	unn-169-150-247-40.datapacket.com	Not listed	AS60068 CDN77	DE	no
2025-04-27 19:38:53	79.127.216.112	unn-79-127-216-112.datapacket.com	Not listed	AS60068 CDN77	DE	no
2022-12-10 16:02:04	138.199.37.232	138-199-37-232.bunnyinfra.net	Not listed	AS60068 CDN77	DE	no
2023-01-06 08:01:52	169.150.247.33	unn-169-150-247-33.datapacket.com	Not listed	AS60068 CDN77	DE	no
2022-12-04 11:30:04	138.199.37.227	138-199-37-227.bunnyinfra.net	Not listed	AS60068 CDN77	DE	no
2025-08-30 09:49:57	185.111.111.160	185-111-111-160.bunnyinfra.net	Not listed	AS212238 CDNEXT	DE	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-10-25 07:58:10	http://cghfdyj.b-cdn.net/brave32.exe	Offline	CoinMiner exe	vxvault
2022-10-24 12:03:11	http://cghfdyj.b-cdn.net/brave4.exe	Offline	CoinMiner	JAMESWT_MHT

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2022-10-25 11:13:10	ae7dd0dc6483fba0dc94d7a888ccea2d184ded72416a99ac3c80ad54db9b53a9	exe
2022-10-25 07:58:10	c832fe9f9a39541e3e1ba09c0b2c143d639c235f3634db05b487cb9518779506	exe		CoinMiner
2022-10-24 12:03:10	e21288cc3c6a809ac4572f311b1a00b60674658165fa1ef9c46ec5d81ad62e76	exe		CoinMiner