URLhaus Database

You are currently viewing the URLhaus database entry for http://47.104.173.216:9876/GGWS_UPLOAD.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2865442
URL: http://47.104.173.216:9876/GGWS_UPLOAD.exe
URL Status:flame Online (spreading malware for 2 years, 0 months, 10 days, 3 hours, 54 minutes)
Host: 47.104.173.216
Date added:2024-05-27 10:13:08 UTC
Threat:Malware download Malware download
Reporter: zbetcheckin
Abuse complaint sent (?): Yes (2024-05-27 10:14:10 UTC to anti-spam{at}list[dot]alibaba-inc[dot]com,abuse{at}12321[dot]cn,abuse{at}alibaba-inc[dot]com)
Tags:32 exe RedLineStealer link SnakeKeylogger link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-05-20GGWS_UPLOAD.exeexe 6bcda9498e9a4ce517614fedbad0be227ccf0cf56989805a4c5da18e5623dfe5n/a 
2026-05-07GGWS_UPLOAD.exeexe 3e4e49ab5d8d4fd1373e94cda322de38e65e9e28089191075a9c7e0084d4989en/a SnakeKeylogger
2026-05-07GGWS_UPLOAD.exeexe 1c3687c524d1460014a37016aff495963068e6ebf70738ce0707b68da1425fdan/a 
2026-04-11GGWS_UPLOAD.exeexe eae2480c86b77a360b158a803f7863057724c81cb2fd5c5894f898b0aa63689bn/a 
2026-04-10GGWS_UPLOAD.exeexe 7f94069e597b2657a1a839a9509ec405371347d1674f0227e7561ca4685abdaen/a 
2026-04-09GGWS_UPLOAD.exeexe 317dbdb7797a504f9a15ef0207871ed8910d4a89c63874c16759800512e3def0n/a 
2026-04-08GGWS_UPLOAD.exeexe 06c4777276dbdc6f930571e2b1804f15a1b54c8079d6adad49cddf99b28ddb26n/a RedLineStealer
2026-04-04GGWS_UPLOAD.exeexe 5b95fac31ceabcc878af21555e96232f5baa47335134d358b7ed2d9a24a89556n/a RedLineStealer
2026-02-02GGWS_UPLOAD.exeexe ddc263592663be3d5467623ebb28dec9f826fe0f1bc7a6c5ed4c25cf36bfa46dn/a 
2026-01-29GGWS_UPLOAD.exeexe 8044c4a2607106addd29dd41cec20ae4caacc3eefc2ba2b25afe9246d11b086dn/a 
2025-10-29GGWS_UPLOAD.exeexe f148fca027cbaae739ba5a368672e6023b93115b741a214c63b941e674fa7c65n/a RedLineStealer
2025-08-27GGWS_UPLOAD.exeexe 2c6134e19dfb7b7fd8658846094625b1fff952a1fccbbfe5b1034970e52b8b17n/a RedLineStealer
2025-07-28GGWS_UPLOAD.exeexe 04d87d61b325b5e49291a52f610f3705dde1cdfde95ef782cbc23c2355e61fcbn/a RedLineStealer
2025-07-23GGWS_UPLOAD.exeexe d075ec74c10d7272712ba621ad92cf7d3fe6f55355abc836b1cc1c6820d00427n/a RedLineStealer
2025-07-21GGWS_UPLOAD.exeexe ebbfebc5b78c2dfb300a33f1cba1a92fd80ed1f8881a4f6ef177452dd0fef0b0n/a RedLineStealer
2025-07-14GGWS_UPLOAD.exeexe 32211a673b53526d51490f4bd1d9d169b2e2c4db8c112668c45920363a5866c0n/a RedLineStealer
2025-06-16GGWS_UPLOAD.exeexe f31c73f001de2f738f923c9321b930cff7b840424e339a9950f3905ae8d58a42n/a RedLineStealer
2025-06-05GGWS_UPLOAD.exeexe 82342c69ecde47e6109bf66eb2a4a0efb4830535fc07f8b291b75d487e488ea6n/a RedLineStealer
2025-03-10n/aexe 21289aa17ca3f0ed4a0ccd051fdcc6dda633f0d1deebbda4b3073d0347f3ad81n/a RedLineStealer
2025-02-21n/aexe 12c9af70ba584d9eb79c7b59c52311d5d1b3729da83fec8728f1f1c598ec4ed4n/a RedLineStealer
2025-02-14n/aexe 3f322283d384d182a3b1319a7f38237152de9255a82fc1c886a1e45391b7dcf8n/a RedLineStealer
2025-02-12n/aexe 41f087c33e6074e6700918129fc19e549c22686b5023102e2d724d11c1b113afn/a RedLineStealer
2024-11-12n/aexe 0a4ea651c313b7fdd7515a76b5ed05e8b85c11334458edd1f827d1a9933b58a0n/a RedLineStealer
2024-11-04n/aexe 1479a189340ac46402f82b0918f06915b0fc3bfc19f7c931244da8ae699fe224n/a RedLineStealer
2024-06-13n/aexe 3af432390c234569726b4cebabc472b9d9e892d277e5fca0a4c7e3eb62621dfbn/a 
2024-06-13n/aexe 6f608e4d0daf65b805f042fbb9bece06007b1a7caeccd048dcba213327ba517en/a RedLineStealer
2024-05-29n/aexe f82b4dcf4c2cc5b49ef6bcf281762f00705553ee0a3e122f3a5b0f3c2ceaae2bVirustotal results 37.84% RedLineStealer
2024-05-27n/aexe 44c5191f1061cc9340498b5841ac6b3e2488ca5b5e5e8a812687bbf864125a61Virustotal results 63.51%RedLineStealer