URLhaus Database

You are currently viewing the URLhaus database entry for https://firebasestorage.googleapis.com/v0/b/remcos-aa2a0.firebasestorage.app/o/txt%2F61616161.txt?alt=media&token=bc0c56e0-3b8f-423f-b0e5-1d5d9a7d027b which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3713487
URL:	https://firebasestorage.googleapis.com/v0/b/remcos-aa2a0.firebasestorage.app/o/txt%2F61616161.txt?alt=media&token=bc0c56e0-3b8f-423f-b0e5-1d5d9a7d027b
URL Status:	Online (spreading malware for 10 days, 12 hours, 57 minutes)
Host:	firebasestorage.googleapis.com
Date added:	2025-11-21 12:51:10 UTC
Threat:	Malware download
URLhaus blocklist:	Blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Reporter:	abuse_ch
Abuse complaint sent (?):	Yes (2025-11-22 07:03:14 UTC to network-abuse{at}google[dot]com)
Tags:	AsyncRAT rat rev-base64-loader

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2025-11-21	txt%2F61616161.txt	txt	e109c60aa6f1d1dafad5cc0c2cd6efb9f03f5e4c93d90e825a86767618511507	n/a