URLhaus Database

You are currently viewing the URLhaus database entry for http://149.50.129.58/rofl.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2684385
URL:	http://149.50.129.58/rofl.exe
URL Status:	Offline
Host:	149.50.129.58
Date added:	2023-07-17 09:29:06 UTC
Last online:	2023-07-29 10:XX:XX UTC
Threat:	Malware download
Reporter:	abuse_ch
Abuse complaint sent (?):	Yes (2023-07-17 09:30:14 UTC to abuse{at}cogentco[dot]com)
Takedown time:	12 days, 1 hours, 12 minutes (down since 2023-07-29 10:42:43 UTC)
Tags:	exe RedLineStealer Rhadamanthys

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2023-07-19	n/a	exe	cc47a755cad89d339a18d728e66aa2ff7caadff4af4adfd03ff55c86487fb1b9	33.80%
2023-07-18	n/a	exe	33111fe4f2495f2ee02a2fc527965ba3cf0fed3d0d299a4ad49e69a27af9a460	39.44%
2023-07-18	n/a	exe	0a6a8dd58b7fc1bb81ac528d097a15ca2b7d9698b58da338959d81f011370cce	n/a
2023-07-18	n/a	exe	89f9c9644347930f94f6a7b4da48a9bbb4e7b12fb859f7763b84b54c2784afa3	32.39%	RedLineStealer
2023-07-17	n/a	exe	686f9d8e29ba0fd3e4285ecd2f85716bea5be6c3b6571c955c9f6ea9274dc9cf	38.03%	Rhadamanthys