URLhaus Database

You are currently viewing the URLhaus database entry for http://176.65.35.214:61252/i which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:2821634
URL: http://176.65.35.214:61252/i
URL Status:flame Online (spreading malware for 2 years, 3 months, 5 days, 19 hours, 23 minutes)
Host: 176.65.35.214
Date added:2024-04-22 07:57:16 UTC
Threat:Malware download Malware download
Reporter: ClearlyNotB
Abuse complaint sent (?): Yes (2024-04-22 07:59:11 UTC to office{at}tomgate[dot]net)
Tags:elf hajime

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2024-07-26n/aelf 898e00110e699b1381509252bd0614c8ffe8e04c7692678bf3eeaecf131f8af0Virustotal results 54.69% 
2024-07-26n/aelf 8fb63ac77379ecdcb5e40f0f280bfa9779e0315de8dd4e78b48f34b85e634ccbVirustotal results 53.03% 
2024-04-22n/aelf 020f1fa6072108c79ed6f553f4f8b08e157bf17f9c260a76353300230fed09f0Virustotal results 69.35%Hajime