URLhaus Database

You are currently viewing the URLhaus database entry for http://skincrawling.top/bestof/gfers.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:902874
URL: http://skincrawling.top/bestof/gfers.exe
URL Status:Offline
Host: skincrawling.top
Date added:2020-12-09 18:58:04 UTC
Last online:2020-12-15 21:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: abuse_ch
Abuse complaint sent (?): Yes (2020-12-11 09:22:24 UTC to anti-spam{at}list[dot]alibaba-inc[dot]com)
Takedown time:4 days, 12 hours, 33 minutes Bad (down since 2020-12-15 21:55:51 UTC)
Tags:exe RedLineStealer link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2020-12-15n/aexe 7ad68e446a975c986f5b7eee1d08a588b40cb5ef301d0e689d92fc3446d7b0fbn/aRedLineStealer
2020-12-14n/aexe c7548d44039ef4712cd3161d51f4d235f7b04fac22234cfcc602a895e87d23f7n/aRedLineStealer
2020-12-13n/aexe 807ba89d095a8f641a35ed199f2a72404b61000f5d08764ee9f4b24cbc47623bVirustotal results 22.86%RedLineStealer
2020-12-11n/aexe f5cdc7b8d5cd7b9f4ca29e9c229365400a6b74101f4490e940a89f52d9b4d47aVirustotal results 42.86%RedLineStealer