URLhaus Database

You are currently viewing the URLhaus database entry for https://forms.saurashtrauniversity.edu/belt.php which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2008131
URL: https://forms.saurashtrauniversity.edu/belt.php
URL Status:flame Online (spreading malware for 4 years, 4 months, 22 days, 11 hours, 18 minutes)
Host: forms.saurashtrauniversity.edu
Date added:2022-01-27 03:47:13 UTC
Threat:Malware download Malware download
URLhaus blocklist:Blocked
Spamhaus DBL :Abused domain (malware)
SURBL :Not blocked
Quad9 :Blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Blocked
OpenBLD :Blocked
DNS4EU :Not blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2025-04-27 23:20:08 UTC to abuse{at}microsoft[dot]com)
Tags:doc hancitor link html

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-05-19belt.phphtml 8a5c4cdacc6a98a95fd745ffcd4b66e432b4a243397fce7c1a87d21b57f9c581n/a 
2026-04-10belt.phphtml 74b6bb5f2f40662cf291e18cd659a7b9a7267dbc9d163a70f9bc8773a5d8aa25n/a 
2026-04-05belt.phphtml f12e7dc3991b1b180d3622002354d5a07f8a546441a115e2f26e63cec123f06fn/a 
2026-01-12belt.phphtml 8a26aab2e0c81f15cf47abe0dfee2997a1691a345d19e8f3144c5c0c4cc94769n/a 
2026-01-12belt.phphtml 83a5ae28def7212402a0d1b598bc9331aa8b14a3ebc914c7639485b45a0188ecn/a 
2026-01-01belt.phphtml 2fbfd8bc316479ad62afba1a85426120aeff11ae042602ed5385054c916d85a8n/a 
2025-04-27belt.phphtml 76cb8c33e901d63657b56bcde1da6cd3924566c18b8e95afcceb4bccf9587eafn/a