URLhaus Database

You are currently viewing the URLhaus database entry for http://193.233.132.167/cost/well.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2773974
URL:	http://193.233.132.167/cost/well.exe
URL Status:	Offline
Host:	193.233.132.167
Date added:	2024-03-02 04:41:07 UTC
Last online:	2024-04-07 14:XX:XX UTC
Threat:	Malware download
Reporter:	zbetcheckin
Abuse complaint sent (?):	Yes (2024-03-02 04:42:05 UTC to abuse{at}sunhost[dot]ltd)
Takedown time:	1 month, 6 days, 9 hours, 34 minutes (down since 2024-04-07 14:16:45 UTC)
Tags:	32 exe

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT
2024-04-07	n/a	exe	8837b0ff08097fd14c90eb3453a28cdd83261603e640cd5affccdb1c7fb0ea85	34.72%
2024-04-07	n/a	exe	402589822f41ce29fea82d3ddfb8f9a8aa9e53630c74a124769b45b973eba287	n/a
2024-03-18	n/a	exe	0b4adae22515d9140f64c5ea98f213a240e7e5f10513f2877c86069236ff7b35	n/a
2024-03-14	n/a	exe	dc755421b2372b20cd445cabb028cf1fe178769f875a425cc67f8854d5bdb3e7	n/a
2024-03-05	n/a	exe	322242b7ca61d0f84162a8f2048647cb447382fd4a1498b14478efcdb9e579e5	n/a
2024-03-02	n/a	exe	c836900da8f2382e93e8dff89f3f57e2cc647782466935e138fc1233eb77ed09	54.17%