URLhaus Database

You are currently viewing the URLhaus database entry for http://141.136.0.251/images/linesloters.png which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	1603276
URL:	http://141.136.0.251/images/linesloters.png
URL Status:	Offline
Host:	141.136.0.251
Date added:	2021-09-08 18:53:04 UTC
Last online:	2021-09-09 05:XX:XX UTC
Threat:	Malware download
Reporter:	ffforward
Abuse complaint sent (?):	Yes (2021-09-08 18:54:02 UTC to abuse{at}nano[dot]lv)
Takedown time:	11 hours, 4 minutes (down since 2021-09-09 05:58:48 UTC)
Tags:	exe png rob129 Trickbot

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2021-09-09	n/a	exe	953972e9d24d361f9131b717226139985aa94cff7418ab5742967e5583734ee5	n/a	TrickBot
2021-09-09	n/a	exe	448cc94164af5def069aa874d5c9ac5c5464a8a452ab98186067a451275cc46b	n/a	TrickBot
2021-09-09	n/a	exe	697677a79ab5e420fe78436c8a6585d164e7da0b3b2ba8270cc33065e9ae4463	n/a	TrickBot
2021-09-08	n/a	exe	00960ab2edd9a2ea30633ac5d7e9d3e03b4335ac4bb36d20cd526992c4232d13	n/a	TrickBot
2021-09-08	n/a	exe	f05bb268fcc1eb86fd916d5be6614be9776169d29cd6a2173408af8eb67ca476	n/a	TrickBot
2021-09-08	n/a	exe	4eddb6694900b6e9bb37c02a2fbe63ab8695c84345f5f6a823b618bf686ea165	n/a	TrickBot