URLhaus Database

You are currently viewing the URLhaus database entry for http://92.63.197.153/work/w.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry




ID:123666
URL: http://92.63.197.153/work/w.exe
URL Status:Offline
Host: 92.63.197.153
Date added:2019-02-13 17:18:02 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Unknown
SURBL:Not listed
Reporter:@de_aviation
Abuse complaint sent (?): Yes (2019-02-13 17:18:03 UTC to hvfopserver{at}protonmail[dot]com)
Takedown time:8 days, 9 hours, 19 minutes Bad
Tags:exe GandCrab link

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2019-02-20n/aexe 033308abdfd228e5f503c288eb402e4dfac1ef0f93e5e6dbd986628090832198Virustotal results 67.61%CoinMiner.XMRig
2019-02-19n/aexe 9f67f9e92315321a2407d7fdb745841eade53b7c6871bddb6f33f93f195b1773n/aRansomware.GandCrab
2019-02-16n/aexe a153c896e09b0bdba0a93b27e9e12024efe4176b2d0e2e1c2e617d0c8fc92ab1n/aRansomware.GandCrab
2019-02-16n/aexe 9d1fa083b50ec956891652342ee7a3a386f883690818e084b1fc43dfa2652844n/aCoinMiner.XMRig
2019-02-14n/aexe 561ab043142187c8ed2dfbd7db013ae3e96056d22ffced7b480cc28693c0410bn/aRansomware.GandCrab
2019-02-14n/aexe 437d4b617712ae3d6da043b481c4da60602f6f67dd4f3a2921ae2c823ad7b8fcn/aRansomware.GandCrab
2019-02-14n/aexe f4c4b156ea136f70e8cba8ed4d9bb15e4abbe46ac2b076fbc8c2c80e8315590cn/aRansomware.GandCrab
2019-02-13n/aexe 91d96e98d1613a6586270084a323c5295f14d2a3c020d038c2f23cee0c9fd30dVirustotal results 20.00%Ransomware.GandCrab