URLhaus Database

You are currently viewing the URLhaus database entry for https://codeload.github.com/sonriseclient/xwhoez-startup-4673/zip/refs/heads/main which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3310140
URL: https://codeload.github.com/sonriseclient/xwhoez-startup-4673/zip/refs/heads/main
URL Status:Offline
Host: codeload.github.com
Date added:2024-11-28 10:33:48 UTC
Last online:2024-12-06 23:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter: JAMESWT_MHT
Abuse complaint sent (?): Yes (2024-12-05 08:13:09 UTC to noc{at}github[dot]com)
Takedown time:21 days, 8 hours, 44 minutes Bad (down since 2024-12-19 19:18:46 UTC)
Tags:CanStealer sonriseclient stealer

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2024-12-10xwhoez-startup-4673-main.zipzip 9deac079521c853af5c28e3aa2d9240a4dfa5299b3586966959fce7ef3f6ed0fn/a 
2024-12-04xwhoez-startup-4673-main.zipzip c6608aa30210c052de79f383f38edd0a42fc355af7ca5d91f1087ade9a57ed44n/a 
2024-11-28xwhoez-startup-4673-main.zipzip 9f168a33ba7ca42b4f2eb55806680fb84d16567f7421be726f6c9b4d14e2275en/a 
2024-11-28xwhoez-startup-4673-main.zipzip 5bab2eb71be52725f219073084912a7f6c4e6e5121ac7ced3c320b824e838898n/a CanStealer