URLhaus Database

You are currently viewing the URLhaus database entry for http://gferhrolklm.top/bestof/gfersd.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:759776
URL: http://gferhrolklm.top/bestof/gfersd.exe
URL Status:Offline
Host: gferhrolklm.top
Date added:2020-10-28 07:00:08 UTC
Last online:2020-11-02 14:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter: abuse_ch
Abuse complaint sent (?): Yes (2020-10-28 07:02:02 UTC to support-link[dot]ac{at}yandex[dot]com)
Takedown time:5 days, 7 hours, 10 minutes Bad (down since 2020-11-02 14:12:38 UTC)
Tags:exe RedLineStealer link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2020-11-02n/aexe 9ea7a66f0c3dc13ddfc6f05d95049dd7f641053a380578a12013db9f72367f65Virustotal results 52.31%RedLineStealer
2020-10-29n/aexe bcd0816d97ffba1d11214540f3bf25344f835281fdd67edba638054527833222Virustotal results 31.43%RedLineStealer
2020-10-28n/aexe e956a58b3dfb4b71d0fddad3a02ffd5cc0c3413684b59e2f9f14fd3626250f1dVirustotal results 36.23%RedLineStealer
2020-10-28n/aexe d1ff8fc9653175919374088eade3f15aaf022129f0e3d23669717416b7161c72n/aRedLineStealer