URLhaus Database

You are currently viewing the URLhaus database entry for http://192.227.132.46/chi1/chi1.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2379541
URL:	http://192.227.132.46/chi1/chi1.exe
URL Status:	Offline
Host:	192.227.132.46
Date added:	2022-10-20 13:34:04 UTC
Last online:	2022-10-26 15:XX:XX UTC
Threat:	Malware download
Reporter:	abuse_ch
Abuse complaint sent (?):	Yes (2022-10-20 13:35:12 UTC to abuse{at}colocrossing[dot]com)
Takedown time:	6 days, 2 hours, 2 minutes (down since 2022-10-26 15:37:33 UTC)
Tags:	exe Formbook Loki opendir

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2022-10-26	n/a	exe	849d05c9798a3dbd1b304802741e08b9b108411cc8fe65a2c74d8e556123d59c	n/a	Loki
2022-10-24	n/a	exe	9460380ecaa71efc2b25dd19f0782e93380b5743ae4e2cfb218e40ca46cea7fc	n/a	Loki
2022-10-23	n/a	exe	8f814b069d8ff80f32a16eaf24d24c68d7840821d766152c8fad6d75affe82ab	27.78%	Loki
2022-10-20	n/a	exe	33afc6737c360e6f5cb75e8bc630f14367730b0769231abc42aec3b174f7df24	33.80%	Loki
2022-10-20	n/a	exe	bc0ad70445c69b4112579f7a99cab22bc3bab986a0bb80602394722449bb1b93	53.52%	Formbook