URLhaus Database

You are currently viewing the URLhaus database entry for http://185.215.113.209/inc/ji2xlo1f.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	3338130
URL:	http://185.215.113.209/inc/ji2xlo1f.exe
URL Status:	Offline
Host:	185.215.113.209
Date added:	2024-12-09 08:18:13 UTC
Last online:	2025-04-18 12:XX:XX UTC
Threat:	Malware download
Reporter:	abus3reports
Abuse complaint sent (?):	Yes (2024-12-09 08:19:13 UTC to automatic-abuse{at}eliteteam[dot]to)
Takedown time:	4 months, 10 days, 4 hours, 17 minutes (down since 2025-04-18 12:36:59 UTC)
Tags:	185.215.113.16 LummaStealer

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2025-03-14	n/a	exe	9dd9acc752a295199bf1f8f267409169600ac6934fde7179139dd4509b9dc4ef	n/a
2025-02-17	n/a	exe	a73b18123363645d3d848e464f222eacb499a2119ab0561ecd9370bc5c016c54	n/a
2025-01-28	n/a	exe	e880be1b95c2b498dddfecd6b977bffc074f24e676fde586b15db529d6bbe3f4	n/a
2025-01-26	n/a	exe	c545725885c9997b798265bf8a5fda87b47e1a0399d29b938b39f1bf87e261da	n/a
2025-01-25	n/a	exe	c454300adcabe12c6513b3024715160049cb6155f2cd9fa72d359d5545774546	n/a
2024-12-09	n/a	exe	cd4061786081eb01aa278dfff5adca5a80d827e456719e40d06f3dc9353bed22	46.48%	LummaStealer