URLhaus Database

You are currently viewing the URLhaus database entry for https://147.45.44.104/yuop/66afa0d3934d8_ultfix.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	3101401
URL:	https://147.45.44.104/yuop/66afa0d3934d8_ultfix.exe
URL Status:	Offline
Host:	147.45.44.104
Date added:	2024-08-11 09:50:01 UTC
Last online:	2024-10-22 17:XX:XX UTC
Threat:	Malware download
Reporter:	abus3reports
Abuse complaint sent (?):	Yes (2024-08-11 09:50:11 UTC to karina-rashkovska{at}ukr[dot]net)
Takedown time:	2 months, 12 days, 7 hours, 26 minutes (down since 2024-10-22 17:16:11 UTC)
Tags:	exe GoInjector RedLineStealer

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2024-10-14	n/a	exe	bf4f608b63f631af1e8e841170e440d42517bad8318e8654a9a108f49f6dd6b0	n/a	GoInjector
2024-10-09	n/a	exe	e77d1fc130d3ab36b58c0c9a50b206a101b1039fd1e8a7e3d781630810cbe044	n/a
2024-10-05	n/a	exe	ec754e3fde515d50c4b2544588f82d46f669d8a629b0c497bf2af627a6d2faf9	n/a
2024-10-01	n/a	exe	fcdcde603b8b94aa5c78c5a429f94abf4bf962a3964af62ae1393f20dd2ee78b	n/a
2024-08-12	n/a	exe	5cd25768054f48ebc2d8aafb4973f638dd2dceb38362d681e8fed739121b140a	n/a
2024-08-11	n/a	exe	a0906077d04dbccf4fdcaa15f49f5d214bfdb2baf845126d44ff638f620681bf	41.33%	RedLineStealer