URLhaus Database

You are currently viewing the URLhaus database entry for http://194.169.175.138:3004/file.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2686296
URL:	http://194.169.175.138:3004/file.exe
URL Status:	Offline
Host:	194.169.175.138
Date added:	2023-07-20 07:07:05 UTC
Last online:	2023-08-15 07:XX:XX UTC
Threat:	Malware download
Reporter:	abuse_ch
Abuse complaint sent (?):	Yes (2023-07-20 07:08:05 UTC to netops{at}211760[dot]net)
Takedown time:	26 days, 0 hours, 8 minutes (down since 2023-08-15 07:16:07 UTC)
Tags:	exe RedLineStealer

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2023-07-20	file.exe	exe	f4fed6410af40a0441fd09c9f8d2b203938d46b8ae18dd75f6ea78ac9f675a2b	n/a	RedLineStealer
2023-07-20	file.exe	exe	b1ef8e8fc35cc8f9646a29e93322ce23de31a21825ef867ba9bf903a203d5efa	40.00%	RedLineStealer
2023-07-20	file.exe	exe	7c1f977a3b607dab39ee80ccef392929f038c69d75730e3881011b292c518710	54.93%	RedLineStealer
2023-07-20	file.exe	exe	69a41b421b0a89e91a5bda32b1d8ab7067cfa1d484134733f5a2b6355ed9025b	48.57%	RedLineStealer
2023-07-20	file.exe	exe	a080fb72f5167c76a0076864e959058168d7fdf22699e51b865adc0688eebac9	n/a	RedLineStealer