URLhaus Database

You are currently viewing the URLhaus database entry for http://lawfirm.paperbirdtech.com/wash.php which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:1602778
URL: http://lawfirm.paperbirdtech.com/wash.php
URL Status:flame Online (spreading malware for 4 years, 9 months, 12 days, 1 hours, 12 minutes)
Host: lawfirm.paperbirdtech.com
Date added:2021-09-08 15:06:04 UTC
Threat:Malware download Malware download
URLhaus blocklist:Blocked
Spamhaus DBL :Abused domain (malware)
SURBL :Not blocked
Quad9 :Blocked
AdGuard :Blocked
Cloudflare :Blocked
dns0.eu :Not blocked
ProtonDNS :Blocked
OpenBLD :Blocked
DNS4EU :Not blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2026-04-09 13:47:11 UTC to abuse{at}ipxo[dot]com,report{at}abuseradar[dot]com)
Tags:doc hancitor link html

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-05-27wash.phphtml 461e26718029aa65fd50fd748da492930e717ac5871586d9041534382b7af94cn/a 
2026-05-22wash.phphtml 9717a8f5c0bcd008e9431e92528c2b56d7c8ab53b6552bb3145a16b2d6b9fb4an/a 
2026-05-18wash.phphtml 81676931fac9e6b29eb2f74bd4f361459ff31c388937d844e94134274bd8cec3n/a 
2026-05-15wash.phphtml 8b183c6680735a6f66f81b537df2b11c714dcbc4fb24a579760dbe91fa98ed1an/a 
2026-05-12wash.phphtml 251fd86a516977106cf305e68c8104eeb836c52567d0a5708d21166873b956dcn/a 
2026-05-11wash.phphtml 63488d84c7fd3337354c6a42fd21edf7b4263c6fab3d1f92fb8d91a974c1f3fan/a 
2026-04-09wash.phphtml 62e1afaa0557c0e9db644b8f5aee18738559785d365a0e091af06bd5705918a8n/a