URLhaus Database

You are currently viewing the URLhaus database entry for http://171.22.28.226/download/Services.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2714990
URL:	http://171.22.28.226/download/Services.exe
URL Status:	Offline
Host:	171.22.28.226
Date added:	2023-09-29 08:52:06 UTC
Last online:	2023-11-06 12:XX:XX UTC
Threat:	Malware download
Reporter:	andretavare5
Abuse complaint sent (?):	Yes (2023-09-29 08:53:04 UTC to matrixllp{at}skiff[dot]com)
Takedown time:	1 month, 8 days, 3 hours, 19 minutes (down since 2023-11-06 12:12:25 UTC)
Tags:	dropped-by-PrivateLoader PrivateLoader RedLineStealer

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2023-11-02	n/a	exe	c6185a23c51b8ac77e6c1bdf2cd4a8d39b02af8b8027d4162cf9766d19cf87c8	23.61%	PrivateLoader
2023-10-29	n/a	exe	7caaf81df0b6ddb32e5d0478ba9502d7b3c3f426f21acb887c328cbd1727c02a	n/a	PrivateLoader
2023-09-29	n/a	exe	2157d146a890d32c5ba49f31fa1840e5b0d56e4dd0bbf5f8b14cc4e482a47bef	25.35%	PrivateLoader
2023-09-29	n/a	exe	20b9457fbd3b81996eb9283d1eea3b6da2cf2045a2b7c872540edece5bb3b0e6	80.56%	RedLineStealer