URLhaus Database

You are currently viewing the URLhaus database entry for http://208.67.105.179/killdemzx.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2447266
URL:	http://208.67.105.179/killdemzx.exe
URL Status:	Offline
Host:	208.67.105.179
Date added:	2022-12-06 07:26:03 UTC
Last online:	2023-01-19 16:XX:XX UTC
Threat:	Malware download
Reporter:	abuse_ch
Abuse complaint sent (?):	Yes (2022-12-06 07:27:04 UTC to abuse{at}serverion[dot]com)
Takedown time:	1 month, 14 days, 9 hours, 16 minutes (down since 2023-01-19 16:43:48 UTC)
Tags:	AgentTesla exe

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2022-12-10	n/a	exe	9a47130a1c6261043e0388cb920260c0514377ac5ad2d56aa7c579c06946f689	21.05%	AgentTesla
2022-12-09	n/a	exe	d5b1e18d554082aca046f9795f7de36aa1c7109871c5c9cb637d223396afb000	n/a	AgentTesla
2022-12-08	n/a	exe	626b38eceda55688275aec055e69b4cfbf2853b6e3d32e7ad0dfee6f1873fc02	n/a	AgentTesla
2022-12-08	n/a	exe	00f867b86b9a1ba73837e87dbd2e02a73f90f46b0827efdbf5f563312e530868	n/a	AgentTesla
2022-12-06	n/a	exe	b02d61086cfa6f876e71f4eb2ba5bae874887cf3ef87c339cc634151a388f679	n/a	AgentTesla
2022-12-06	n/a	exe	3f08f63c3f336f3823c710a40e674421bbc6316e0088e0989d1ac06085bc5b62	n/a	AgentTesla