URLhaus Database

You are currently viewing the URLhaus database entry for http://103.93.252.167/web3.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	384151
URL:	http://103.93.252.167/web3.exe
URL Status:	Offline
Host:	103.93.252.167
Date added:	2020-06-08 19:37:30 UTC
Last online:	2020-06-13 14:XX:XX UTC
Threat:	Malware download
Reporter:	p5yb34m
Abuse complaint sent (?):	Yes (2020-06-08 19:38:02 UTC to abuse{at}beyotta[dot]net)
Takedown time:	4 days, 18 hours, 43 minutes (down since 2020-06-13 14:21:22 UTC)
Tags:	CoinMiner exe nitol

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-06-12	web3.exe	exe	4f5e5f38185cb40b5cb7a04c1aaa2f5aec69dfc23293658cf92f22fd747b27a5	n/a	Nitol
2020-06-11	web3.exe	exe	bea307fee4afeda590550fbc6adba01fdcd25320c3b4705dd85016c3c90e83e9	n/a	CoinMiner
2020-06-11	web3.exe	exe	a2f899626365237b9096fc6fbc8c0b66c700358f98d6530b6860c9a7ed40e8e0	n/a	Nitol
2020-06-10	web3.exe	exe	f17ba2066c3d93959204130e2dc4466cf109b7cd5f42f47d942dd6acffd3c05e	51.39%	Nitol
2020-06-08	web3.exe	exe	b1c7d1ea4c5e4547ca50cfb7a3f27fa667a8778a154bd49446b2cfc738827f60	55.71%	Nitol
2020-06-08	web3.exe	exe	6de1ce049ca1c37daf392751ee6d32e4f2dbc31cdfb18ac1c6449b0b89cc8f58	51.43%