URLhaus Database

You are currently viewing the URLhaus database entry for http://103.171.1.14/xata/fred.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2635588
URL:	http://103.171.1.14/xata/fred.exe
URL Status:	Offline
Host:	103.171.1.14
Date added:	2023-05-17 12:40:13 UTC
Last online:	2023-06-09 12:XX:XX UTC
Threat:	Malware download
Reporter:	abuse_ch
Abuse complaint sent (?):	Yes (2023-05-17 12:41:16 UTC to hm-changed{at}vnnic[dot]vn)
Takedown time:	22 days, 23 hours, 34 minutes (down since 2023-06-09 12:15:34 UTC)
Tags:	exe Loki opendir

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2023-05-29	n/a	exe	773138409fdfff166094dd720d55edb343a5ac859c6e61ffc880df4be163f65c	23.44%	Loki
2023-05-23	n/a	exe	f6f18795a315335a3dafb1a6b29b26ae849e5262e8094aee3bdd2e20da018a52	n/a	Loki
2023-05-22	n/a	exe	05b7aca6ab73f6af9d21b04f6f48cafb1c04394e929f76ab5f7a69071b3d6076	22.54%	Loki
2023-05-18	n/a	exe	d92380f84b9edde0fde90d9f6b5346980c2e66f55270ec08fdb0d74b0074aa5d	28.57%	Loki
2023-05-17	n/a	exe	5aa4e5f27db90a607fd574718308c861585f46b8577136f0dba2ea9390206764	46.48%	Loki