URLhaus Database

You are currently viewing the URLhaus database entry for http://87.227.140.66:9999/AV.scr which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3665805
URL: http://87.227.140.66:9999/AV.scr
URL Status:flame Online (spreading malware for 7 months, 21 days, 1 hours, 58 minutes)
Host: 87.227.140.66
Date added:2025-10-09 05:56:39 UTC
Threat:Malware download Malware download
Reporter: Riordz
Abuse complaint sent (?): Yes (2025-10-09 05:57:18 UTC to RIPE[dot]Abuse{at}a1[dot]bg)
Tags:CoinMiner

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-05-26AV.screxe 1fed143e0f95ce0e7e6070d89745c74b6a086df0387a2e091720be20a27774b4n/a CoinMiner
2026-04-14AV.screxe 16be23e013ec85889740b50ab2138c57f88d276175514f1ebfa2ef4094d4281en/a CoinMiner
2026-04-01AV.screxe f2442237cbf0901fdc132c8fa4094ba9dfd80666f533f80da5779ba031b2a3e0n/a CoinMiner
2026-03-10AV.screxe 4cc24affee20c2a96fbb384407cbb1e540df4bf3277020ef27f301bdd452abf0n/a CoinMiner
2026-01-31AV.screxe 4b5349ba4a037c3d3a174365d127d776b6230d2a36d6f58b72580d1acd4e29cdn/a CoinMiner
2026-01-29AV.screxe a63dfdf89bfdf0c333b9338d4f22ad9bd08e2f0ddaa386ae5ea65f33c777f824n/a CoinMiner
2026-01-07AV.screxe d9d87a76b63c19e99912f3e82ca50c2b72ffc9769bc34ee402114fb8ed5a5223n/a CoinMiner
2026-01-07AV.screxe c9bd723f0647dd80cf043a45d034511c04fb64cc0e752cbe957743e378d2d079n/a CoinMiner
2026-01-03AV.screxe 5dc18ef366db34dcd717cf919af62209688b058154a5b6badbee8447c419fbc3n/a CoinMiner
2025-12-21AV.screxe f1cb08acf68dbdd471bbdfe6d7b96724fd7a3097b0719203b8e7b34b66a9a5b4n/a CoinMiner
2025-12-17AV.screxe 02c19dac7ee6f966c0cc731d148d128d8ab6a58c58d1c8d822b4577fd0b0b9f3n/a CoinMiner
2025-12-14AV.screxe db1384877abfc087b03948ccd5d0710585bd1970cb39391ef5bd0116ae72fddbn/a CoinMiner
2025-11-30AV.screxe 56b3a0666f3d2a0c43fabcfe420e9795c9fc5220ae873b8aec7e57c6aa722d6an/a CoinMiner
2025-11-23AV.screxe 7a1ac2863921fe0d9c3a66fb7dcddecb39c1b090f3ea40fec424b635560f820fn/a CoinMiner
2025-11-23AV.screxe 523a01073bcb0ffe666f18e5469c291908015ef103d1b7cc5519624d95b9fc1cn/a CoinMiner
2025-11-23AV.screxe 5d1f2161bc640d365a71ad0337eb64c18b9c1608da07c68fc61d6761638a4c48Virustotal results 2.78% 
2025-11-22AV.screxe 945ec8c794a455eeac52c98a63d18d4d34262793e7518609c143389e87653e6fVirustotal results 2.78% 
2025-11-22AV.screxe a482c1ee328da5b790e136b5b97fb00c8faba79e84851fb94eb228ff2d54a5e3n/a CoinMiner
2025-11-18AV.screxe 74faeb14a06ca192a123542af2d8d2804e636357d0c822dfe081f2e5dc82863fn/a CoinMiner
2025-11-13AV.screxe 9c7686bb4a35129165e008784439fb298abecaa8b7c1d6e486de1c65cb34415bn/a CoinMiner
2025-11-08AV.screxe 1153f599d8aa1c8bedd8c493bd9ba84b7f467e5d4038a01361f66b1eb97a3325n/a CoinMiner
2025-10-26AV.screxe 7bf82f5f6677e92ad99bed26ecdd6024d23f20635f2d854a45a89415be025c2bn/a CoinMiner
2025-10-09AV.screxe 5d9fe2735d4399d98e6e6a792b1feb26d6f2d9a5d77944ecacb4b4837e5e5fcaVirustotal results 81.69%CoinMiner