URLhaus Database

You are currently viewing the URLhaus database entry for http://45.141.233.196/download.php?file=999.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3603930
URL: http://45.141.233.196/download.php?file=999.exe
URL Status:Offline
Host: 45.141.233.196
Date added:2025-08-15 06:43:20 UTC
Last online:2025-08-19 13:XX:XX UTC
Threat:Malware download Malware download
Reporter: BlinkzSec
Abuse complaint sent (?): Yes (2025-08-15 06:44:12 UTC to abuse{at}virtualine[dot]org)
Takedown time:4 days, 7 hours, 12 minutes Bad (down since 2025-08-19 13:56:54 UTC)
Tags:Amadey AsyncRAT link CoinMiner exe PureLogsStealer ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-08-19random.exeexe 65b8ad8462153cc12ae882c205fcb7908b1ced49beb79b171711db2917e35589n/aAmadey
2025-08-19random.exeexe 30ecbd8423c6743cf8ca96fa85c63566b73f3e214c7a21d553df35814129f936n/a Amadey
2025-08-19random.exeexe 634f38130e9aa2df80bdedc32e91c68fca95f476a7e35b4023ee1c096474721bn/a Amadey
2025-08-18random.exeexe 040659ddf3674b13d237db7b5b1aa7644e3beb51ba0787e9172e851d8baac6d6n/a Amadey
2025-08-18random.exeexe b3bfa1c76a8ce451b6e0464b8dfe458ecc40dd330421eff29d78f0defc3df6ddn/a Amadey
2025-08-18random.exeexe 2843daf4f8259a9db7d1a71420a2c5fb23054282ba51695af58c9f3fd81dcb23n/a Amadey
2025-08-18random.exeexe 0fa0492464aa19f03bb618f6ac9ca68048051d6548b100b0c2e67ce18e53112dn/a Amadey
2025-08-18random.exeexe 36b4e86126d71cc40ab0e2a0212be1c252e4037da6d29a815cd64264dec80751n/a Amadey
2025-08-17random.exeexe ddd506b5725b15b617836a6d62a1f0165c3a78998a75f84d633f55509f88f4b5n/aAmadey
2025-08-17random.exeexe 449173a7e2d1d4a518d096a910818becf33400cdcc17e0524620a549d72c6616n/a Amadey
2025-08-16random.exeexe 448f220ecf557ab0786e88ea782f27ee502bab89e71b19d621b7ea32f98a7cb5n/a CoinMiner
2025-08-16random.exeexe 0b7c29bcc978b42c88e39ed1605412aa01a1045cb960f2adf59ba8a054baa8cbn/a Amadey
2025-08-16random.exeexe e762afb682efd699dfe1cdcf888b131a6be7c52927bef436452331b5dca6032cn/a CoinMiner
2025-08-15random.exeexe a8f73ead89abad73aeb8436d7502842b269b3b05d3b088f2027c2f303aff3c5bn/a Amadey
2025-08-15random.exeexe b1851c4d74b07e581f90523edf9bc8de158cce55f7c8c19880e0f6b415a41d2an/aAsyncRAT
2025-08-15random.exeexe 9ca30875d5f440a1306384147d2301d028405024571d181fde4f52524f6bb4a0Virustotal results 59.72%PureLogsStealer