URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: www.bornagroup.ir
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Blocked
Control D HaGeZi :Not blocked
Firstseen:2022-03-17 13:50:04 UTC
Total malware sites :4
Online malware sites :0 (0%)
Offline Malware sites :4 (100%)
A record(s) observed :2

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2025-04-27 13:36:09 89.32.250.167cp104.mihan.meNot listedAS204213 netmihan- CHyes
2022-03-17 13:50:05 217.144.104.53cp31.hostmihan.comNot listedAS204213 netmihan- IRno

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2022-03-17 13:50:18https://www.bornagroup.ir/11d/loads/d.exeOfflinebitrat ext Anonymous
2022-03-17 13:50:16https://www.bornagroup.ir/11d/loads/s.exeOfflinebitrat ext lowmal3
2022-03-17 13:50:16https://www.bornagroup.ir/11d/loads/a.exeOfflinebitrat ext Anonymous
2022-03-17 13:50:05https://www.bornagroup.ir/11d/az.exeOfflineAZORult ext Anonymous

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2022-03-17 13:50:17dae84e7d788ebacc7079cc34a271010ec37e05eef3a679a8732b736e94eb3057exeBitRAT
2022-03-17 13:50:16461e0c83c06e8d9a92f96883f823db68d910fee85faea7af4b6ccc5fa8284905exeBitRAT
2022-03-17 13:50:15386b39cb3cc76bda5984f68ee427314c61166aff557d9c243fad0d6b731293c9exeBitRAT
2022-03-17 13:50:059742316e3734c943eed54ea0ab9d8fa857db256aca5c7f7cf5577a9cae79102bexeAZORult