URLhaus Database

You are currently viewing the URLhaus database entry for http://87.121.221.212/haitianzx.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2676845
URL:	http://87.121.221.212/haitianzx.exe
URL Status:	Offline
Host:	87.121.221.212
Date added:	2023-07-05 05:20:07 UTC
Last online:	2023-07-26 07:XX:XX UTC
Threat:	Malware download
Reporter:	zbetcheckin
Abuse complaint sent (?):	Yes (2023-07-05 05:21:07 UTC to abuse{at}des[dot]capital)
Takedown time:	21 days, 2 hours, 12 minutes (down since 2023-07-26 07:33:56 UTC)
Tags:	32 AgentTesla exe RedLineStealer

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2023-07-19	n/a	exe	02e527c67f5eecb35392b89732d8c992d6aef771991dae48650c6f5deb650e12	n/a	AgentTesla
2023-07-17	n/a	exe	c1490f906402779c57a802b6c3cec59f5e254083dd88d3e63affd39fe2ba4751	42.65%	RedLineStealer
2023-07-10	n/a	exe	da20cc9e32a444a25c56e29ec847555b9b7cb6c260cd16b05ba06b2db8c397c8	n/a	RedLineStealer
2023-07-06	n/a	exe	fada5d526d7f1518854f9fb1bada1dd5c586c21debebbbd3c2e2b9508dc1f378	n/a	RedLineStealer
2023-07-05	n/a	exe	7f83aa03a212d31cbf09dc4b72a9e3158d39e523e66668fa80cc2cb91e2c4c4b	n/a	RedLineStealer
2023-07-05	n/a	exe	e85d71d6d42b44112aa26403f13e61c7034764d1e6f790afec6e661fae697f4e	60.56%	RedLineStealer