URLhaus Database

You are currently viewing the URLhaus database entry for http://91.92.240.104/IEYKxpnUH9R9m17.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3631849
URL:	http://91.92.240.104/IEYKxpnUH9R9m17.exe
URL Status:	Online (spreading malware for 1 month, 26 days, 8 hours, 4 minutes)
Host:	91.92.240.104
Date added:	2025-09-25 14:49:08 UTC
Threat:	Malware download
Reporter:	abuse_ch
Abuse complaint sent (?):	Yes (2025-09-25 14:50:14 UTC to abuse{at}metaspinner[dot]net)
Tags:	exe MassLogger

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2025-10-01	IEYKxpnUH9R9m17.exe	exe	cbbec8fcc0e23e23bcdce82ab97533c7b49f0bcac924cf254a2a8d02b9594ac5	n/a		MassLogger
2025-09-30	IEYKxpnUH9R9m17.exe	exe	6c83a9184b6211c78f327049671f8e577019c1a8c4302877c9f7cbf526f19847	52.11%		MassLogger
2025-09-29	IEYKxpnUH9R9m17.exe	exe	cf38cbbec69960f5e13dea99b14f887f427737cf32f5ab2259a9c5ff20680614	41.67%		MassLogger
2025-09-29	IEYKxpnUH9R9m17.exe	exe	818e87f260550fb8333e48a70d5ffdbf0a22b766d4eeac974f30db64aa617584	n/a		MassLogger
2025-09-25	IEYKxpnUH9R9m17.exe	exe	8f69a8e1be4f5d02c3600b4e41d3f70a60ac7e0d9c7f25b6268f657917c4b749	30.56%		MassLogger
2025-09-25	IEYKxpnUH9R9m17.exe	exe	29bbc49417bb4f1158a5da342b4cec8b01a1efc8736e63116bb62f35199011fa	50.00%		MassLogger