URLhaus Database

You are currently viewing the URLhaus database entry for http://213.209.150.18/plugmanff2.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3550872
URL: http://213.209.150.18/plugmanff2.exe
URL Status:Offline
Host: 213.209.150.18
Date added:2025-05-23 14:37:06 UTC
Last online:2025-09-15 15:XX:XX UTC
Threat:Malware download Malware download
Reporter: abuse_ch
Abuse complaint sent (?): Yes (2025-05-23 14:38:08 UTC to abuse{at}virtualine[dot]org)
Takedown time:3 months, 25 days, 0 hours, 29 minutes Bad (down since 2025-09-15 15:07:34 UTC)
Tags:exe MassLogger link SnakeKeylogger link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-05-28plugmanff2.exeexe 85c1d25580d7983c850a596c8097a1d7263dfaf9d0366601136247e9245b1482n/a MassLogger
2025-05-28plugmanff2.exeexe bbc277796d5d2e3add69cf9aee0305552579d3fef9306cba2e354053a28ffd31n/a MassLogger
2025-05-27plugmanff2.exeexe eebc85f56e63bcdbd7218eef45c6978157b53db74c6613cc619c8f47afceafd2n/a MassLogger
2025-05-26plugmanff2.exeexe 497c2792310e885d23e17976421f1c28d2b86e18f1d5960acab469f3113abe99n/a MassLogger
2025-05-25plugmanff2.exeexe 2e395aacc10140e7071504f1159ab31b6d944d1f2ad2b47532613f0adec0f9een/a MassLogger
2025-05-23plugmanff2.exeexe 9c64dd1fef559822292b5f96a03f844f3ff86fc994f669c1127dbe734476c286n/a MassLogger
2025-05-23plugmanff2.exeexe 1691f2f380d7b31448ae41f01fd3021f22887dad2e233e5eeac24801cea795c1Virustotal results 31.94% SnakeKeylogger