URLhaus Database

You are currently viewing the URLhaus database entry for http://92.63.197.60/r.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	16890
URL:	http://92.63.197.60/r.exe
URL Status:	Offline
Host:	92.63.197.60
Date added:	2018-06-08 15:20:05 UTC
Last online:	2019-09-03 15:XX:XX UTC
Threat:	Malware download
Reporter:	JayTHL
Abuse complaint sent (?):	Yes (2018-06-17 06:16:38 UTC to hvfopserver{at}protonmail[dot]com)
Tags:	cutwail IRCbot phorpiex Ransomware.GandCrab

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2019-08-29	n/a	exe	d12100599ef8bf6d65b49159a00713e7e147d19d387af087e7313fa3a5ef473b	17.91%
2019-08-26	n/a	exe	eee23a8f3e0b0cb2929057cb468f17297c7b46b1fc5c357e17b56ee6a605121b	n/a	Phorpiex
2019-08-25	n/a	exe	d746e41e18bb637062881aca207186dc3d005e79c857e025f89ce2a1b3e52ecf	38.57%	Phorpiex
2019-07-17	n/a	exe	64d187bed40d023e14d41b1a80d528f5c12dcf743fcb4de91530567d3244e09e	12.86%
2019-07-09	n/a	exe	9dbbb31e9df0c42d83a0fa7b610a9438dc3d727d8dd7eaa81418df25f87d5981	n/a
2019-07-07	n/a	exe	9e38c7f093d4f02631406ca00ed549386e794bf7bc0c53e6147b1cbaf10c8a69	n/a
2019-07-05	n/a	exe	48393fed57d7c4309373e400080449afa794f665f1a573ab26cfb316de4cef80	30.56%
2019-07-02	n/a	exe	b1650c6085710bd89fdec14ce9a1a5f52d7199ab98671d994181b1e7116a0a86	n/a
2019-07-01	n/a	exe	7f9af5447e0da4702f9fefab0bb095b1323813c657c7387e74dcc0774f691349	29.17%
2018-11-13	n/a	exe	7afb56dd48565c3c9804f683c80ef47e5333f847f2d3211ec11ed13ad36061e1	1.52%
2018-08-31	n/a	exe	c73c9e2ba1a42e4183d445696ba84908919e7d1cd6ba3f61e59e4837dc58a35f	42.65%
2018-08-29	n/a	exe	cdef6a57b2916a39e89c01b9e2798c70a286cc114fe32f27864289fc6db26ba8	44.78%
2018-07-11	n/a	exe	d739c50e4e0abae20442f9d397129b0ce4563338dc163a6b935b77f4a720ef29	n/a
2018-07-10	n/a	exe	2c6b23e7ee5c333ab885cc33829ea166eb09b70fae35a685a0e0f08a0622ed01	n/a
2018-07-04	n/a	exe	a771a51473ab688e632ba4e6717f3fc7d687e75fa8fb9a263dca1cbe391631e0	26.98%	Cutwail
2018-07-02	n/a	exe	aab61f5aeea9642d2886261ef10893e261383c425c31c29728f5486c518c6bef	31.25%	IRCbot
2018-06-30	n/a	exe	570d788a4f7c80274c2d1e00a4bfab2b93ac5ba713b052cab83dac6a8cc62ed5	n/a	Ransomware.GandCrab
2018-06-28	n/a	exe	c8c3a21f016eee6d35ac8049397bf5e99330188185df53324554c6d3354c768e	n/a	IRCbot
2018-06-27	n/a	exe	438930af834953d232ded6a0e15b35593b6659431122dd045f02eb4ed661cfa4	n/a	IRCbot
2018-06-23	n/a	exe	37aa13626192b5ec81899eb6ac4b6ad5c80666881beb29199d45ea7525d3fce9	30.30%
2018-06-22	n/a	exe	a34845bc8c0c5e01c6d60201345afb935c65557c99a20a7d4952cc40c3204d4e	22.39%
2018-06-21	n/a	exe	ad8afd8cb598cee881ab45cadad294fd370ef9ad2a1a806c9e932f2107f5c31d	n/a	IRCbot
2018-06-17	n/a	exe	80fe3d31328dec0be3b8fc5142e6caf7538bad4730cd921ba7e3cf2eea2fdbcd	43.94%	IRCbot