URLhaus Database

You are currently viewing the URLhaus database entry for http://136.144.41.201/WW/file9.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	1424948
URL:	http://136.144.41.201/WW/file9.exe
URL Status:	Offline
Host:	136.144.41.201
Date added:	2021-07-04 07:10:04 UTC
Last online:	2021-07-08 17:XX:XX UTC
Threat:	Malware download
Reporter:	abuse_ch
Abuse complaint sent (?):	Yes (2021-07-04 07:11:03 UTC to abuse{at}serverion[dot]com)
Takedown time:	4 days, 10 hours, 17 minutes (down since 2021-07-08 17:28:34 UTC)
Tags:	exe RedLineStealer

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2021-07-08	n/a	exe	31884b5e1742ddd5af98edb0e0a5aee9cab93d9e59727dbb2cc51425867ee1ef	n/a	RedLineStealer
2021-07-07	n/a	exe	114858da0fd1b5ea7a2d05d6dbd8d6d752926a4bc912a297d97b5776746a31bc	n/a	RedLineStealer
2021-07-07	n/a	exe	9cda98989c3b49da5566c23722e52231ecf25934e12e81c09bc845312f6a86d9	41.18%	RedLineStealer
2021-07-07	n/a	exe	d22d7ec3a9db9edb88cd373986a8aee46fc90bcb1339b147880301351d5ee522	35.71%	RedLineStealer
2021-07-04	n/a	exe	7a7a93ad2a1f4e1ba83569aac9ab84c1b52f8533b9b7e2fba2ab80d9c67265e5	n/a
2021-07-04	n/a	exe	1411297c8756bdee826443a8cf548b013117755071a9fa59c6422e769bdee065	63.77%	RedLineStealer