URLhaus Database

You are currently viewing the URLhaus database entry for http://212.70.149.164:8080/Photo.scr which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2911144
URL:	http://212.70.149.164:8080/Photo.scr
URL Status:	Offline
Host:	212.70.149.164
Date added:	2024-06-28 14:46:01 UTC
Last online:	2024-07-17 22:XX:XX UTC
Threat:	Malware download
Reporter:	NDA0E
Abuse complaint sent (?):	Yes (2024-06-28 14:46:40 UTC to abuse{at}4media[dot]bg)
Takedown time:	19 days, 7 hours, 52 minutes (down since 2024-07-17 22:39:32 UTC)
Tags:	CoinMiner exe iframe Photo.scr scr

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2024-07-11	n/a	exe	807126cbae47c03c99590d081b82d5761e0b9c57a92736fc8516cf41bc564a7d	94.59%	CoinMiner
2024-07-08	n/a	exe	d18f87c4b237ee2fe8cd55a09036a74de1234304072e0ae718b756ae8bb28e47	5.48%
2024-07-08	n/a	exe	ed1fc151e5f0837ea7710c1b370968b5ad7197e46a5040992a79bd8cfc2cf9f9	61.76%	CoinMiner
2024-07-07	n/a	exe	92ed844e765bb135ad0511d43529f8d6df3519f64eea74d4313a5d40494c43b0	n/a	CoinMiner
2024-07-07	n/a	exe	e19f3a1bfdef9fd9aac8158ae05d35fbbcca7bc2574f3fc0c789d8d04b274f55	11.43%
2024-06-28	n/a	exe	af94ddf7c35b9d9f016a5a4b232b43e071d59c6beb1560ba76df20df7b49ca4c	81.08%	CoinMiner