URLhaus Database

You are currently viewing the URLhaus database entry for http://43.139.50.42/02.08.2022.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:3759757
URL: http://43.139.50.42/02.08.2022.exe
URL Status:flame Online (spreading malware for 5 months, 29 days, 17 hours, 8 minutes)
Host: 43.139.50.42
Date added:2026-01-18 12:33:06 UTC
Threat:Malware download Malware download
Reporter: DaveLikesMalwre
Abuse complaint sent (?): Yes (2026-01-18 12:34:11 UTC to abuse{at}tencent[dot]com,abuse{at}qq[dot]com,jsquare{at}tencent[dot]com,dreamsruan{at}tencent[dot]com,noc{at}tencent[dot]com,ipas{at}cnnic[dot]cn)
Tags:censys CobaltStrike link

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-06-2502.08.2022.exeunknown 0c69b20326551f0b6fc0905fb529f5d02a74dfe45de155436e934cf2251312d6n/a 
2026-01-1802.08.2022.exeunknown 8d7617d5fe43f1762665148412e9d4efd6eadff85aceae9bd7e889dfccc51c40n/a 
2026-01-1802.08.2022.exeunknown 528d176970de2b6eb4bb2e70bdb368b41e81ad965cf485685f7ba657140c4b0en/a