Domain > www.buydomains.com

More information on this domain is in AlienVault OTX

Files that talk to www.buydomains.com

MD5	A/V
06c40684a399acd092fa9de536f86a36	[W32.Clod34e.Trojan.903e] [Trojan.Win32.Zbot.3!O] [Trojan/Spy.Zbot.cmz] [Trojan.Win32.Zbot.unwr] [W32/Trojan2.BVEJ] [Trojan.Zbot] [ZBot.GGUT] [Trojan.Zbot-1276] [Trojan-Spy.Win32.Zbot.roh] [Mal/EncPk-NS] [TrojWare.Win32.TrojanSpy.Zbot.Roh] [Trojan.Packed.511] [TSPY_ZBOT.SMT] [TrojanSpy.Zbot.bka] [Trojan[Spy]/Win32.Zbot] [Win32.Troj.Zbot.(kcloud)] [PWS:Win32/Zbot.GA] [Trojan.Inject.01376] [Trojan-Spy.Win32.Zbot] [W32/Zbot.W!tr] [Pakes] [Trojan.Win32.Kryptik.BAOLL] [Win32/Trojan.Spy.2ff]
11fa8f34a9719eebb9731f353dcce930	[W32.malwhe.Trojan] [Trojan.Renos.PIA] [Trojan/W32.Monder.129536] [Trojan.Win32.FraudPack!O] [Trojan.Renos.MH] [Downloader-CEW.f] [Trojan.FraudPack] [Trojan/Monder.dipd] [Trojan.Monder!oEYUQ08dIYg] [Heur.I] [TROJ_FAKEAV.SMD4] [Trojan.Monder-138] [Trojan.Win32.FakeAlert.wmth] [Trojan.Win32.Monder.129536.A] [Mal/EncPk-QP] [MalCrypt.Indus!] [Trojan.DownLoader1.13317] [TR/CodecPack.kuz.4] [Trojan/Monder.chd] [Trojan/Win32.FraudPack] [Win32.Troj.Monder.(kcloud)] [TrojanDownloader:Win32/Renos.MH] [Trojan/Win32.FakeAV] [Trojan.Monder] [Win32/TrojanDownloader.FakeAlert.BAH] [Trojan.CodecPack] [W32/CodecPack.CEW!tr.dldr] [Cryptic.ALO] [Trojan.Win32.FakeAlert.BBAH]
b30321ea3b1b97efcaf267cbc6f126a5	[W32.Clod314.Trojan.aa20] [Trojan.Proxy.Sobit.F] [Trojan-Proxy/W32.Sobit.32560] [Dialer-RAS.di] [Trojan.Sobit.Win32.8] [Trojan/Proxy.Sobit.f] [Trojan.Win32.Sobit.dppi] [W32/Spyware-WebActiveClick-base] [Dialer.WSV] [Possible_Virus] [Trojan-Proxy.Win32.Sobit.f] [Trojan.PR.Sobit!LacnirW6IP4] [Trojan.Win32.Proxy.19968.W] [PE:Trojan.Proxy.Sobit.f!1073922148] [TrojWare.Win32.Small.BK0] [Trojan.Tibsem] [TR/Small.BK] [Dial/Tibsys-I] [TrojanProxy.Sobit.o] [Trojan[Proxy]/Win32.Sobit] [Win32.Troj.Sobit.f.(kcloud)] [TrojanProxy:Win32/Sobit.F] [Win-Trojan/Sobit.32560] [TrojanProxy.Sobit] [Trojan-Proxy.Win32.Sobit] [Malware_fam.gw] [Proxy.KZ] [Trojan.Win32.Sobit.Abf] [Win32/Trojan.ec5]
2fdcac05f7790d152527f0f51bac8df7	[Joke/W32.Renos.129024] [Trojan.Renos.MH] [Downloader-CEW.f] [Trojan] [Trojan/Monder.dist] [Trojan.Win32.Monder.wrva] [Heur.I] [Trojan.Monder-191] [Trojan.Win32.Monder.dist] [Trojan.Renos.PIC] [Trojan.Win32.Monder.129024.AA] [Mal/EncPk-QP] [MalCrypt.Indus!] [Trojan.DownLoader1.13778] [TR/Renos.PIC] [TROJ_FAKEAV.SMD4] [Trojan/Monder.chp] [TrojanDownloader:Win32/Renos.MJ] [Trojan/Win32.FakeAV] [Trojan.Monder] [Trojan.FakeAV] [Trojan.Renos] [W32/CodecPack.CEW!tr.dldr] [Cryptic.ALO] [Trj/Zlob.RF]
24c6684d61805ba2064b951fe8b80328	[W32.OnlineGameFLANZM.Trojan] [Packed.Win32.Katusha.3!O] [Win32.Packed.Katusha.n.5.grpf] [Downloader-CEW.b] [Virtool.Obfuscated] [Trojan/Downloader.FakeAlert.bao] [Trojan.Win32.Katusha.bhlba] [W32/MalwareF.JTYP] [SpywareGuard2008] [Katusha.EV] [Win32/Wardunlo.HR] [TROJ_FAKEAV.SMA3] [Packed.Win32.Katusha.n] [Trojan.DL.FakeAlert!tFEK32gFhuE] [Trojan.Win32.Katusha.123904.A] [MalCrypt.Indus!] [Trojan.DownLoader9.52089] [Trojan.FakeAV.Win32.11072] [TR/Katusha.n.123904] [Mal/FakeAV-CX] [Packed.Katusha.mor] [Trojan[Packed]/Win32.Katusha] [Win32.Troj.Katusha.n.(kcloud)] [TrojanDownloader:Win32/Renos.MJ] [Trojan/Win32.FakeAV] [W32/Risk.OTUS-0098] [TrojanDownloader.FakeAlert] [Trj/Zlob.RE] [Win32/TrojanDownloader.FakeAlert.BAO]
59b54c8ed1fd672a622e65c07c1dd614	[Trojan/W32.FraudPack.102400.K] [Win32.Trojan.FraudPack.aykh.4] [Downloader-CEW.b] [Trojan.Dropper] [Trojan/FraudPack.aykh] [Trojan] [Trojan.Win32.Renos.wyru] [SpywareGuard2008] [Renos.CFTT] [Trojan.Fraudpack-3884] [Packed.Win32.Katusha.n] [Trojan.FraudPack!qMzVjPOkxx0] [Trojan.Win32.FraudPack.102400.A] [MalCrypt.Indus!] [Trojan.DownLoader1.13778] [TR/Dldr.Renos.A.9] [TROJ_FRAUDO.SM4] [Mal/FakeAV-CX] [Trojan/FraudPack.wqb] [TrojanDownloader:Win32/Renos.MJ] [Trojan/Win32.FakeAV] [RogueAntiSpyware.SpywareGuard2008!rem] [Win32/TrojanDownloader.FakeAlert.BAL] [Trojan.Win32.FakeAV] [W32/CodePack.CX!tr] [FakeAlert.SX] [Trj/Zlob.RE]
08048602f0db9ea697226c4e8e3c3bc4	[W32.OnlineGameEBZPLG.Trojan] [Packed.Win32.Katusha.3!O] [Win32.Packed.Katusha.n.5.grpc] [FakeAlert-OV] [Trojan/Downloader.FakeAlert.ban] [Trojan.DL.FakeAlert!V+1KyueItzw] [W32/TrojanX.ENRS] [Renos.CFUB] [Win32/Wardunlo.HK] [TROJ_FAKEAV.SMA3] [Packed.Win32.Katusha.n] [Trojan.Win32.Katusha.xckf] [Trojan.Win32.Katusha.117760] [Mal/FakeAV-CX] [MalCrypt.Indus!] [Trojan.DownLoader1.13778] [TR/CodecPack.kuz.6] [Packed.Katusha.mqj] [Trojan[Packed]/Win32.Katusha] [Win32.Troj.Katusha.n.(kcloud)] [TrojanDownloader:Win32/Renos.MH] [Trojan/Win32.FakeAV] [W32/Trojan.GNFO-7467] [Trj/Katusha.M] [Win32/TrojanDownloader.FakeAlert.BAN] [Packed.Win32.Katusha] [W32/CodePack.CX!t]
4db19c0167b126fb05326f829de9f453	[W32.Clodbd2.Trojan.3721] [Dialer.RAS] [Trojan.Downloader.Small.UF] [Artemis!4DB19C0167B1] [Trojan/Proxy.Sobit.h] [Riskware.Win32.Tibs.utqa] [W32/Trojan.BEKI] [Adware.Sa] [DIALER_RAS] [Win32:Tibs-ACF] [Trojan-Proxy.Win32.Sobit.h] [Trojan.PR.Sobit!JuOpoicn1uc] [TrojWare.Win32.TrojanProxy.Sobit.h] [Trojan.DownLoader.589] [TR/Dldr.Small.UF] [TrojanProxy.Sobit.f] [Trojan[Proxy]/Win32.Sobit] [Win32.HeurC.KVM003.a.(kcloud)] [TrojanProxy:Win32/Sobit.H] [W32/Trojan.SYHQ-1690] [Win32/SillyDl.OX] [TrojanProxy.Sobit] [Trj/CI.A] [not-a-virus:Porn-Dialer.Win32.Tibs] [Malware_fam.gw] [Proxy.AMYY] [Trojan.Win32.Sobit.Akr]
60bb2525397b178785d012c2d90eb153	[Trojan/W32.Iksmas.13312] [Artemis!60BB2525397B] [W32/Trojan2.EMAK] [Trojan.Packed.246] [Artemis!60BB2525397B] [Win32.Troj.Tibs.j.(kcloud)] [TrojanDownloader:Win32/Renos.DD] [Win-Trojan/Malware.13312.R] [W32/Trojan.JHSU-1175] [Malware-Cryptor.Win32.Zherlo] [PE:Trojan.Tibs!1.67E3] [Trojan-Downloader.Win32.FraudLoad]
3096608f3bb97860602aa9bcc79e3060
a77177565d941636cfa0ce5bf7c3b8bc	[W32.Clod832.Trojan.018b] [Backdoor/W32.Floder.73728.C] [Backdoor.Win32.Floder!O] [Worm.Dorkbot.A] [Backdoor.IRCBot] [Backdoor/Floder.fhd] [Backdoor.Floder!WN4u1OfuUXQ] [Trojan.FakeAV] [Inject.UZW] [Win32/Ircbrute.CA] [TROJ_SPNR.11L311] [Trojan.Injector-514] [Backdoor.Win32.Floder.fhd] [Trojan.Win32.Ddoser.vrwnj] [Backdoor.Win32.A.Floder.61440] [Mal/Inject-CY] [UnclassifiedMalware] [BackDoor.Ddoser.181] [TROJ_SPNR.11L311] [Worm/Ngrbot.agm] [Trojan[Backdoor]/Win32.Floder] [Worm:Win32/Dorkbot] [Backdoor/Win32.Floder] [BScope.Trojan.Jorik.IRCbot] [Backdoor.Win32.Floder.AiO] [Trojan.Win32.Pincav] [W32/Injector.FBB!tr] [SHeur4.ILK] [Win32/Trojan.3eb]
5a3320f34d50a7294d54967674c8c249

Whois

Property	Value
Email	corporate@buydomains.com
NameServer	NS4.BUYDOMAINS.COM
Created	1997-03-30 00:00:00
Changed	2015-04-07 00:00:00
Expires	2025-03-31 00:00:00
Registrar	DOMAINADMINISTRATION

DNS Resolutions

Date	IP Address
2013-04-01	64.95.64.68 (ClassC)
2014-07-03	64.95.64.163 (ClassC)
2015-05-20	64.95.64.163 (ClassC)
2021-02-18	207.148.248.132 (ClassC)
2025-05-15	188.114.99.224 (ClassC)
2026-01-15	172.64.146.111 (ClassC)
2026-01-23	104.18.41.145 (ClassC)

HTTP/1.1 200 OKDate: Fri, 24 May 2019 03:57:51 GMTServer: Apache/2.4.6 (CentOS) PHP/5.6.8X-Powered-By: PHP/5.6.8Set-Cookie: PHPSESSIDuj212iooll7aibn6vj4uep59r5; path/Expires: Thu, 19 Nov 1981 08:52:00

!doctype html>html ng-appMainApp ng-cloak>   head>      meta charsetUTF-8>      meta http-equivcontent-type contenttext/html charsetutf-8 />      meta nameformat-detection contenttelephoneno />      link relicon hrefhttps://static.buydomains.com//browser/img/favicon.ico?version201905141 />      meta namegoogle-site-verification contentIZp-K2-pPcHKrOL73Q_Z31v3VmyWSjs9Q9UDaVif5kw />      link relcanonical hrefhttps://www.buydomains.com/ />      link relog:url hrefhttps://www.buydomains.com/ />      meta name  viewport content  initial-scale  1.0 />      meta namedescription contentBuying domain names has never been easier! Its quick and easy to search all of the domain names. Your business starts here - start your domain name search today! />      meta namekeywords contentpremium domain, buy domain />      meta propertyog:locale contenten_US />      meta propertyog:title contentBuy Domains - Find a Premium Domain & Open Your Doors, BuyDomains.com />      meta propertyog:description contentBuying domain names has never been easier! Its quick and easy to search all of the domain names. Your business starts here - start your domain name search today! />      meta propertyog:site_name contentBuyDomains.com />      meta propertyog:image contenthttps://www.buydomains.com/browser/img/logo-header.png />      meta propertyog:type contentwebsite />            meta http-equiv“X-UA-Compatible” content“IEedge” />      title>Buy Domains - Find a Premium Domain & Open Your Doors, BuyDomains.com/title>      script>        // log version currently deployed        function logDeployedVersion() {          var xhttp  new XMLHttpRequest();          xhttp.onreadystatechange  function() {            if (this.readyState  4 && this.status  200) console.log(this.responseText);          };          xhttp.open(GET, /version.html, true);          xhttp.send();        }      /script>      script typetext/javascript>                     var customGATracking  {adRemarket: function(prodid, productpage, totalvalue) {},eventTrack: function(c

Subdomains

Date	Domain	IP
CUSTOMER2.BUYDOMAINS.COM	2025-12-07	52.20.26.87
NS2.BUYDOMAINS.COM	2015-04-19	66.151.181.57
static.buydomains.com	2015-03-16	54.230.6.148

View on OTX | View on ThreatMiner

Data with thanks to AlienVault OTX, VirusTotal, Malwr and others. [Sitemap]

Domain > www.buydomains.com

Is this malicious?

Files that talk to www.buydomains.com

Whois

DNS Resolutions

Port 443

Subdomains