URLhaus Database

You are currently viewing the URLhaus database entry for http://163.123.143.4/download/WW2.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2536631
URL:	http://163.123.143.4/download/WW2.exe
URL Status:	Offline
Host:	163.123.143.4
Date added:	2023-02-11 04:40:35 UTC
Last online:	2023-09-04 06:XX:XX UTC
Threat:	Malware download
Reporter:	zbetcheckin
Abuse complaint sent (?):	Yes (2023-02-11 07:56:10 UTC to abuse{at}serverion[dot]com)
Takedown time:	6 months, 24 days, 22 hours, 25 minutes (down since 2023-09-04 06:21:23 UTC)
Tags:	32 exe PrivateLoader

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2023-07-24	n/a	exe	901bb2af39f52f86d0173bf737610ff2edfabe7f5a1c406d35ff016f66b115a8	n/a	PrivateLoader
2023-07-14	n/a	exe	eedff513f456a5ad4de8d8ef5fb4f45c4d6d2a5ef930c1f7d43c86e4bf100865	n/a
2023-05-26	n/a	exe	595daef1eccf4f144a39610006cf77e8ab32dabce45675ed48011a3a8e739558	n/a	PrivateLoader
2023-03-12	n/a	exe	549f00b759a2d18d2958ac46b06bc7b043a4eb6b8842c104abd966127aad63b5	n/a	PrivateLoader
2023-02-26	n/a	exe	eaa834cea1c9ab48aed587744f5e7ce33639e8c4d194704ffa4fb6a2889e5e3a	n/a	PrivateLoader
2023-02-11	n/a	exe	27c1ed01c767f504642801a7e7a7de8d87dbc87dee88fbc5f6adb99f069afde4	38.03%	PrivateLoader