URLhaus Database

You are currently viewing the URLhaus database entry for http://185.246.220.183/ije/INV.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2520017
URL:	http://185.246.220.183/ije/INV.exe
URL Status:	Offline
Host:	185.246.220.183
Date added:	2023-01-27 15:06:10 UTC
Last online:	2023-02-17 23:XX:XX UTC
Threat:	Malware download
Reporter:	abuse_ch
Abuse complaint sent (?):	Yes (2023-01-27 15:07:06 UTC to abuse{at}des[dot]capital,abuse{at}serverion[dot]com)
Takedown time:	21 days, 8 hours, 29 minutes (down since 2023-02-17 23:36:29 UTC)
Tags:	exe Formbook

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2023-02-01	n/a	exe	2e559533511ab623c9f7a7b15990f32240d17796a901cd19f37ef2c93e5f7374	n/a	Formbook
2023-01-31	n/a	exe	6bc6ca3dfc2f605544d24bd9b675fbf8b49a90c591b3892b438ef494bb5f6cb9	n/a	Formbook
2023-01-31	n/a	exe	c3e63fb19596315605cf56504eff7eef01596f3ef814e8c2938e3f7830093664	n/a	Formbook
2023-01-30	n/a	exe	1a2a1e57a606e82fcb2e16a4b6acff6d4206c23bd33b6bcea2dd8e519f1cdb03	n/a	Formbook
2023-01-27	n/a	exe	d004812639335fc21774851e271241aaead5918a69f978e1aedb6b573b6cca1b	44.93%	Formbook