URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	buyfon.ir
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Control D HaGeZi :	Not blocked
Firstseen:	2023-10-23 15:47:06 UTC
Total malware sites :	8
Online malware sites :	0 (0%)
Offline Malware sites :	8 (100%)
A record(s) observed :	1

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2023-10-23 15:47:17	89.39.208.40	cl38.parsblog.com	Not listed	AS204213 netmihan	IR	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2024-01-25 19:02:48	https://buyfon.ir/1vnyk/	Offline	TA577 TR	k3dg3
2023-11-27 16:39:45	http://buyfon.ir/nail/	Offline	IcedID TR	k3dg3
2023-11-27 16:39:25	https://buyfon.ir/nail/	Offline	IcedID TR	k3dg3
2023-11-17 19:16:25	https://buyfon.ir/mu/	Offline	Pikabot TR	k3dg3
2023-11-17 19:14:21	http://buyfon.ir/mu/	Offline	Pikabot TR	k3dg3
2023-10-24 17:47:03	https://buyfon.ir/ipo/	Offline	Pikabot TA577 TR	k3dg3
2023-10-24 17:46:29	http://buyfon.ir/atv	Offline	Pikabot TA577 TR	k3dg3
2023-10-23 15:47:17	https://buyfon.ir/atv/	Offline	TA577 TR	k3dg3

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2024-01-26 19:16:09	18785530de0c06d99d817d29d0785470ae108d05f7bc2db218b00d2185ae50af	zip
2024-01-26 07:15:54	ee82a6e34b7b605973a87a488664317ca33467f0070bc9b578eae25079fdc0d7	zip
2024-01-25 19:12:29	cb324238988a58e67d5dcc079c3209738bb55c78f346a6cf4e3e2ddccc311c83	zip
2024-01-25 19:02:47	29a7b10f202a5f80cbbad32ce46528cf373b141bb13fa569435af484976d8df4	zip
2023-11-28 05:03:00	bfd23843146c6595ef03fcc1cbec42eb89073ff23d4d4af9e09e049349fc6f21	unknown	IcedID
2023-11-27 16:59:14	358e0b3ff48d118c2a9e981a7e631ba2251073ed808b9a63980eaf45cb9e9f13	unknown	IcedID
2023-11-27 16:40:32	d7e1833733bc57a8bc64b99f40ac7495f82018e58c89c81b68fef50780b10341	unknown	IcedID
2023-11-27 16:39:44	52aab7528ff4fe7d78f08d39ee41d0053e3d054d09c37f1a05fe7aab5db2b34c	unknown	IcedID
2023-11-27 16:39:25	67beea7775ba05b83a19de5a5cb248169885dae3ef5d92f86c194d6c7190952d	unknown	IcedID
2023-11-18 20:15:37	75d381be3e660425f60fb20dc314191d881ce11e9428c9c09a7b5b1a1c3a4088	js
2023-11-18 19:20:39	fd8de97f0ca39c4ee71694f52015088a861c8f163bd2773d71766f8ff3ea7e20	js
2023-11-18 08:12:58	d31bac9a04da732e7e111710d2eef81ad936f0456b20d7edfbe6ff3ae965dcb7	js
2023-11-18 07:18:31	647a227a527e68065a0f9a22bc6030fcf0a8dee21ebd088feaf8a56b79f5f5f2	js
2023-11-17 20:11:00	585313b4d910bab26d386bada85700279dc99d91a79316753a38e948f88b3371	js
2023-11-17 19:17:20	5c940a5349b2a9f5b6c05d8b0b0167fb1748d44d80979f5e3dc91d04f627e2af	js
2023-11-17 19:16:25	490923f506debc8e9ef81ecdf85fdf46ffad8e37d66391c7318c316a8f7ea235	js
2023-11-17 19:14:21	5423d5afdf67b983d681b026659e01b3f62584fb84b04d7ccb0850df1a6c6215	js
2023-10-24 18:28:53	5b42cbe6a2a03af9ef79926f297fc3c331ecca054c21f66935a2c5682cb4b845	zip
2023-10-24 18:21:28	10528bcc6673f56de44bcbeb758adb34f5ed427590d7383d9c176226362e8f20	zip
2023-10-24 17:47:03	91939c349b02c1927c4f1d2f313426a573ddb7d8c929c9f41f6b99f3bc348d78	zip
2023-10-24 05:49:27	e3e5cb7b1aed8f995bfe116368df40b8afc08983a391c0bf8146e75b20555dcd	zip
2023-10-23 17:46:29	42d9f82472c3fa99f7a8b2182b2856d06e7ba4037e6fe15af8afaae05761c107	zip
2023-10-23 15:47:16	a34b7abf596d9f147a480d60672987d7b733188da6367699913b6c5ef08fea31	zip