URLhaus Database

You are currently viewing the URLhaus database entry for http://185.215.113.209/inc/clcs.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	3338107
URL:	http://185.215.113.209/inc/clcs.exe
URL Status:	Offline
Host:	185.215.113.209
Date added:	2024-12-09 08:17:19 UTC
Last online:	2025-04-28 13:XX:XX UTC
Threat:	Malware download
Reporter:	abus3reports
Abuse complaint sent (?):	Yes (2024-12-09 08:18:12 UTC to automatic-abuse{at}eliteteam[dot]to)
Takedown time:	4 months, 20 days, 5 hours, 33 minutes (down since 2025-04-28 13:51:12 UTC)
Tags:	185.215.113.16 cryptbot

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2025-02-27	n/a	exe	ce0dc72d9551f3bc45580d793fb03b97dc90477ca0586876bf4ee2ccbf02f0a5	n/a	CryptBot
2025-02-17	n/a	exe	63b83059f202f29ca0993c16399c4af869838df8a2ce5e4046e21be10303e9c1	n/a
2025-01-25	n/a	exe	220e7c641b0c84bcbccfe30ae270cee3d54403197f8701d3e0cc2d4638b5cc82	n/a
2025-01-20	n/a	exe	fe86751d8344ab6fe12272f5e893b97de4bd249165b0e66c3667941c9b533a00	n/a
2025-01-07	n/a	exe	c339fb5f251c64aee8f37134d7026194dbf48b6ce8ef2a5c23234c41b43e712d	n/a	CryptBot
2024-12-09	n/a	exe	29036a1125ac5f5b8a4bfb794fa965efd1f5e24853db3fa901b17d96ba901ca8	77.78%	CryptBot