URLhaus Database

You are currently viewing the URLhaus database entry for http://192.3.22.40/Godly/doc.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	969999
URL:	http://192.3.22.40/Godly/doc.exe
URL Status:	Offline
Host:	192.3.22.40
Date added:	2021-01-18 09:55:07 UTC
Last online:	2021-01-19 13:XX:XX UTC
Threat:	Malware download
Reporter:	abuse_ch
Abuse complaint sent (?):	Yes (2021-01-18 09:56:02 UTC to abuse{at}colocrossing[dot]com)
Takedown time:	1 day, 3 hours, 5 minutes (down since 2021-01-19 13:01:08 UTC)
Tags:	AgentTesla exe opendir

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2021-01-19	n/a	exe	eda77a2a6a764257be0cc3de5d0d316cf149e28912804bda421607d6c8657f4a	n/a	AgentTesla
2021-01-18	n/a	exe	1aee0ad95d98707311be075ed1ca7e01b294c561c0248eda525f476c5a90ed82	n/a	AgentTesla
2021-01-18	n/a	exe	e89ccb74c57a4bd8ae32b247688abb9ce7f600704ff3b9fea788a717f3af61ac	n/a	AgentTesla
2021-01-18	n/a	exe	a90a76baa627c920147d32f42d72199eb9cf32091dff86cc3c387c0f7718ec58	n/a	AgentTesla
2021-01-18	n/a	exe	59ec533d85ccdbb4984fbe0589d761649d12789b05fa0f1a77eb1b945152e01a	16.90%	AgentTesla