Domain > notes.bhf.im

More information on this domain is in AlienVault OTX

Date	IP Address
2024-06-10	199.59.243.225 (ClassC)
2024-08-08	199.59.243.226 (ClassC)
2024-10-08	172.67.134.232 (ClassC)
2024-12-27	199.59.243.227 (ClassC)
2025-03-28	74.207.241.245 (ClassC)
2025-04-01	23.239.3.104 (ClassC)
2025-04-22	192.155.84.236 (ClassC)
2025-05-02	66.175.216.36 (ClassC)
2025-11-25	199.59.243.228 (ClassC)

Port 80

HTTP/1.1 200 OKdate: Sun, 14 Apr 2024 17:50:44 GMTcontent-type: text/html; charsetutf-8content-length: 1038x-request-id: 44ea6a0b-1440-4d9b-a361-15da5aaa2886cache-control: no-store, max-age0accept-ch:

!doctype html>html data-adblockkeyMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ_zB1tFWXH2jO2u4z7IaQcxtkOpbqj9iEbQgRrRiZRdJGKLX85DL2gw81DOYGLxl9JBsMBBgxnlELRjQvLNLt8jA langen stylebackground: #2B2B2B;>head>    meta charsetutf-8>    meta nameviewport contentwidthdevice-width, initial-scale1>    link relicon hrefdata:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC>    link relpreconnect hrefhttps://www.google.com crossorigin>/head>body>div idtarget styleopacity: 0>/div>script>window.park  eyJ1dWlkIjoiNDRlYTZhMGItMTQ0MC00ZDliLWEzNjEtMTVkYTVhYWEyODg2IiwicGFnZV90aW1lIjoxNzEzMTE3MDQ0LCJwYWdlX3VybCI6Imh0dHA6Ly9ub3Rlcy5iaGYuaW0vIiwicGFnZV9tZXRob2QiOiJHRVQiLCJwYWdlX3JlcXVlc3QiOnt9LCJwYWdlX2hlYWRlcnMiOnt9LCJob3N0Ijoibm90ZXMuYmhmLmltIiwiaXAiOiI1Mi40MC4yMzQuMTA1In0K;/script>script src/bWNzzbIBR.js>/script>/body>/html>

Port 443

HTTP/1.1 200 OKDate: Sun, 14 Apr 2024 17:50:44 GMTContent-Type: text/html; charsetutf-8Content-Length: 1042X-Request-Id: 366fcd2d-a70f-4df5-8d06-59cda28237feCache-Control: no-store, max-age0Accept-Ch:

!doctype html>html data-adblockkeyMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ_zB1tFWXH2jO2u4z7IaQcxtkOpbqj9iEbQgRrRiZRdJGKLX85DL2gw81DOYGLxl9JBsMBBgxnlELRjQvLNLt8jA langen stylebackground: #2B2B2B;>head>    meta charsetutf-8>    meta nameviewport contentwidthdevice-width, initial-scale1>    link relicon hrefdata:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC>    link relpreconnect hrefhttps://www.google.com crossorigin>/head>body>div idtarget styleopacity: 0>/div>script>window.park  eyJ1dWlkIjoiMzY2ZmNkMmQtYTcwZi00ZGY1LThkMDYtNTljZGEyODIzN2ZlIiwicGFnZV90aW1lIjoxNzEzMTE3MDQ1LCJwYWdlX3VybCI6Imh0dHBzOi8vbm90ZXMuYmhmLmltLyIsInBhZ2VfbWV0aG9kIjoiR0VUIiwicGFnZV9yZXF1ZXN0Ijp7fSwicGFnZV9oZWFkZXJzIjp7fSwiaG9zdCI6Im5vdGVzLmJoZi5pbSIsImlwIjoiNTIuNDAuMjM0LjEwNSJ9Cg;/script>script src/bYwPzUOjt.js>/script>/body>/html>

View on OTX | View on ThreatMiner

Data with thanks to AlienVault OTX, VirusTotal, Malwr and others. [Sitemap]

MD5	A/V
c6f8504f6258f20c9967769a6ea9515e
51d59dcf7733f2cf43a083c51c0c6f17	[Trojan/Win32.Ruftar.R30190] [Artemis!51D59DCF7733] [Troj.Spy.W32.Zbot.ld0o] [Win32.Trojan-Dropper.Delf.as] [W32/Trojan.VBFN-0944] [Win32/TrojanDropper.Delf.OEF] [Trojan-Dropper.Win32.Delf.efnz] [Trojan.Win32.Usteal.wpkmu] [TrojWare.Win32.TrojanDropper.Delf.SOC] [Trojan.Packed.20771] [Trojan.Fignotok.Win32.341] [BehavesLike.Win32.Backdoor.wh] [Trojan[Dropper]/Win32.Delf.efnz] [Trojan.Symmi.DF67C] [Trojan.Win32.A.Scar.451584.A[h]] [Trojan:Win32/Bagsu!rfn] [Backdoor.DarkKomet] [W32/DROPPER.PAG!tr] [Trj/CI.A]

Domain > notes.bhf.im

Is this malicious?

Files that talk to notes.bhf.im

DNS Resolutions

Port 80

Port 443