URLhaus Database

You are currently viewing the URLhaus database entry for http://120.26.166.249:8080/02.08.2022.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:3319641
URL: http://120.26.166.249:8080/02.08.2022.exe
URL Status:flame Online (spreading malware for 1 year, 7 month, 20 days, 0 hours, 34 minutes)
Host: 120.26.166.249
Date added:2024-12-04 12:05:25 UTC
Threat:Malware download Malware download
Reporter: abus3reports
Abuse complaint sent (?): Yes (2024-12-04 12:06:25 UTC to anti-spam{at}list[dot]alibaba-inc[dot]com,abuse{at}12321[dot]cn,abuse{at}alibaba-inc[dot]com)
Tags:CobaltStrike link shellcode

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-07-1102.08.2022.exejson f6c3ff4eb732bce920840abe0c9ab582d1129ec5df46820ca5691bda41445b4en/a 
2024-12-04n/aunknown 518be04a5e8f917eb4f06c6b5ea3f0c464ae66e45c1ff46f169652a13c6a6f80n/a