URLhaus Database

You are currently viewing the URLhaus database entry for http://194.116.215.195/12dsvc.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	3189155
URL:	http://194.116.215.195/12dsvc.exe
URL Status:	Offline
Host:	194.116.215.195
Date added:	2024-09-24 11:12:05 UTC
Last online:	2024-10-03 22:XX:XX UTC
Threat:	Malware download
Reporter:	vxvault
Abuse complaint sent (?):	Yes (2024-09-24 11:13:06 UTC to abuse{at}cloudbackbone[dot]net)
Takedown time:	9 days, 11 hours, 7 minutes (down since 2024-10-03 22:20:55 UTC)
Tags:	exe RedLineStealer

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2024-10-02	n/a	exe	54cbc05805ba8d90a35ee888c4676f3abb19375be756ebe841a5db5908e9f80d	n/a
2024-10-01	n/a	exe	c94f21254373c228e200a85422f611768978e785385d2802883cb1b75a0b31b0	n/a
2024-09-30	n/a	exe	cd85e3ca4693263c5bcda5e1dbc7d9abfb8def02891cb1ec37809d122b55b5b6	n/a
2024-09-27	n/a	exe	799d10acbb0e2886c4d32c771964f4c2cb47f93c817cdc26a9acaefa3ba042cb	58.90%	RedLineStealer
2024-09-25	n/a	exe	7d6e4e01c452dd502361640ee095e2bee35e3f55fd11edc9e94c3580d2c132b5	n/a	RedLineStealer
2024-09-24	n/a	exe	c0f8b5afad6fab4136affd308519c36e3779d597413d00e79e7f939bd7bae782	65.28%	RedLineStealer