URLhaus Database

You are currently viewing the URLhaus database entry for http://94.154.35.115/user_profiles_photo/cptchbuild.bin which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3739894
URL: http://94.154.35.115/user_profiles_photo/cptchbuild.bin
URL Status:flame Online (spreading malware for 2 months, 1 days, 17 hours, 4 minutes)
Host: 94.154.35.115
Date added:2025-12-22 06:50:11 UTC
Threat:Malware download Malware download
Reporter: abuse_ch
Abuse complaint sent (?): Yes (2025-12-22 06:51:27 UTC to abuse{at}pitline[dot]net,abusep{at}kharkiv[dot]com)
Tags:BRAT dropped-by-Stealc LummaStealer Stealc

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-02-17cptchbuild.binunknown 14fc0065cc0b3ca215ffdf14824e41fb0a7840e8e771dbfdc3bbb06a9e042e9en/a 
2026-02-15cptchbuild.binunknown 4f6afc69c3151bbc71f86417dbf8cca0eed89b47c66d3e0d8712bfd4eba87a00n/a 
2026-02-14cptchbuild.binunknown 665f11cd6ebad03881684c569d6963b51183d8d62ebb7b4978c956a140219654n/a 
2026-02-14cptchbuild.binunknown 9a664bb56365eda992921892038acc5f3391759f80fff07383d6c7346772989fn/a 
2026-02-11cptchbuild.binunknown 5788aabdff9e405ae8e4d1f16d34a78ebac955f9f3c52488dccc9e4e8c82ea22n/a 
2026-02-08cptchbuild.binunknown 23a240d9b928d7e35074d8c05cd5a8e6edb0ffcc75a628cf7d5f6a952e2679b5n/a 
2026-02-01cptchbuild.binunknown 50fc22b653a6436825658260c92c3750169622522aa0bf8147fb36a384e85245n/a 
2026-02-01cptchbuild.binunknown a620ceaac7b0eb37ab2aebb67f6212ba1b0b20c7507554d8f9b987e5d4c0329an/a 
2026-01-31cptchbuild.binexe f7b73d800d6291afdb5dfdce3ce4c1f0447e9c305ad09a9ef3f3965a17e1f2a7n/aBRAT
2026-01-31cptchbuild.binunknown 45a6fb868c1bc2082b021c4b39576f38d5dc6bd998ff66c888b81954c7d551e5n/a 
2026-01-31cptchbuild.binunknown d93d2a18d2579db8fc589de31c425db3672e295419086992bff7cc0e6e31b68dn/a 
2026-01-30cptchbuild.binunknown ea39e4eb8ab6da293bd6f4270f34b41c737dc513260c2364a367c8dbb91762fdn/a 
2026-01-23cptchbuild.binunknown 57439ae4c63579d9995ed4a1e54ecb2b510c1afa5864f1188acebe6660da62c7n/a 
2026-01-20cptchbuild.binexe 5b005fbeb63d8bc0fd3090898aafc87d33f4b4032f9a9379e2b519307616e8c5n/a 
2026-01-17cptchbuild.binexe d76f5b1f2df9983faffd66b70673500c1a774d1d6f54325bbba7b86eb6b4d73an/a Stealc
2026-01-15cptchbuild.binexe 887e25373ff825154b7a6ed86a9cdcceed320d48039a50621da661e1356d6339n/a Stealc
2026-01-06cptchbuild.binexe dc38f3f3c8d495da8c3b0aca8997498e9e4d19738e1e2a425af635d37d0e06b8n/a Stealc
2026-01-05cptchbuild.binexe e26ecee51a7aafdbbcd623351ed6cf19bc912fc1e0dfde3796e9047a2c890f12n/a LummaStealer
2025-12-22cptchbuild.binexe 56d1ba3e7725f963bd7d1897198adc6eeb8645e6e80052fdf6ba734c1575bde2n/a Stealc