URLhaus Database

You are currently viewing the URLhaus database entry for http://198.50.242.157/cfxre.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3519389
URL: http://198.50.242.157/cfxre.exe
URL Status:flame Online (spreading malware for 1 year, 1 month, 12 days, 18 hours, 47 minutes)
Host: 198.50.242.157
Date added:2025-04-20 11:13:19 UTC
Threat:Malware download Malware download
Reporter: abus3reports
Abuse complaint sent (?): Yes (2025-04-20 12:55:35 UTC to abuse{at}ovh[dot]net)
Tags:10pluspositivesinVT Neshta

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-05-24cfxre.exeexe 8e9dd5ac729751e79f3c5759acc6ae13d3e47419a38a90a518777c2d15cb7d26n/a 
2026-03-07cfxre.exeexe 5db7ce2823c4dd1706be5caa7eb06e1d10c2ce1d9f3b02afcf199f509d4f5502n/a Neshta
2025-11-19cfxre.exeexe 47dbc1073ae5629aada60c8b4f5848e2f57df5edca8c059ab39aa2c2ff4c7588n/a Neshta
2025-11-07cfxre.exeexe 55497e8640344eff0d3efe2e089c2b5325557540ddf036b6649b93022a6ba22dn/a Neshta
2025-11-03cfxre.exeexe e9082910ad26af01bf26c84b15a337342184569e9c37016d21a0c2b130625eben/a
2025-10-29cfxre.exeexe 3c1029d521ba448c4150d58bd75fd1646f54d72d95d0f91f5dd60656f55eff9aVirustotal results 2.78% 
2025-08-26cfxre.exeexe 95c00d2792f3a7d97532360939eb7a712b26f03507256a00420920ec09e42bd6n/a 
2025-07-09cfxre.exeexe fd43712130b8f12298e022e0fb78f59606634b888ce92329f68b5241a7108377n/a 
2025-05-21cfxre.exeexe e289e0bc3c05fd0f6dfae74f86680a21cfe534ba7e85010c0ce088d24cfb3d37n/a 
2025-04-20cfxre.exeexe 829bd5f565e165ff8d718e9014ccd4404fa6d942e219e2b39179b5b44024daaaVirustotal results 73.61%