URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	updatessoftware.b-cdn.net
Domain registrar:	Name.com
Domain registration date:	2016-04-25 23:34:57 UTC
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Blocked
DNS4EU :	Not blocked
Control D HaGeZi :	Not blocked
Firstseen:	2025-08-12 06:35:05 UTC
Total malware sites :	2
Online malware sites :	0 (0%)
Offline Malware sites :	2 (100%)
A record(s) observed :	26

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-08-17 19:14:32	185.111.111.160	185-111-111-160.bunnyinfra.net	Not listed	AS212238 CDNEXT	DE	yes
2025-11-27 19:58:33	169.150.247.37	169-150-247-37.bunnyinfra.net	Not listed	AS60068 CDN77	DE	no
2025-08-13 00:45:01	169.150.247.34	unn-169-150-247-34.datapacket.com	Not listed	AS60068 CDN77	DE	no
2025-08-19 19:40:59	169.150.247.33	unn-169-150-247-33.datapacket.com	Not listed	AS60068 CDN77	DE	no
2025-08-12 12:39:08	138.199.36.11	138-199-36-11.bunnyinfra.net	Not listed	AS60068 CDN77	DE	no
2025-08-12 11:31:14	138.199.37.227	138-199-37-227.bunnyinfra.net	Not listed	AS60068 CDN77	DE	no
2025-08-16 21:33:23	79.127.216.111	79-127-216-111.bunnyinfra.net	Not listed	AS60068 CDN77	DE	no
2025-08-14 16:56:41	185.111.111.159	185-111-111-159.bunnyinfra.net	Not listed	AS212238 CDNEXT	DE	no
2025-08-14 01:18:22	138.199.36.9	138-199-36-9.bunnyinfra.net	Not listed	AS60068 CDN77	DE	no
2025-11-20 18:30:59	169.150.247.39	169-150-247-39.bunnyinfra.net	Not listed	AS60068 CDN77	DE	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-08-12 06:35:15	https://updatessoftware.b-cdn.net/lev/shadow/rm...	Offline	RemoteManipulator	JAMESWT_WT
2025-08-12 06:35:14	https://updatessoftware.b-cdn.net/john/pr/04.08...	Offline	HijackLoader	JAMESWT_WT

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2025-08-12 06:35:15	969d33185b13535bcf1d50d26186fdf19b5cc6a8f3071bf73180294234ae52d7	msi		RemoteManipulator
2025-08-12 06:35:14	caf3877f85e14b20b648485b77ae01af8db4ac302a4afc55b3f751e78e2c9925	msi		HijackLoader