URLhaus Database

You are currently viewing the URLhaus database entry for http://176.65.144.232/w.sh which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry




ID:3491013
URL: http://176.65.144.232/w.sh
URL Status:Offline
Host: 176.65.144.232
Date added:2025-03-26 08:56:03 UTC
Last online:2025-04-21 11:XX:XX UTC
Threat:Malware download Malware download
Reporter: NDA0E
Abuse complaint sent (?): Yes (2025-03-26 08:57:09 UTC to abuse{at}dolphinhost[dot]net)
Takedown time:26 days, 2 hours, 9 minutes Bad (down since 2025-04-21 11:06:33 UTC)
Tags:mirai link sh

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-04-16w.shsh abb735e212418de737c0f8027232e5a02400100eef7e41fd484a99e404db1adbn/aMirai
2025-04-11w.shsh 401d5319c083ebc6cdbd595b017fd638d2d105d2cb83655cade7458eaf98ec25n/aMirai
2025-04-10w.shsh 0d7895cc3f707aa5fcf5abb1ca15f576de51e3ab70c631408f5aa75c81774c4bn/aMirai
2025-04-06w.shsh 10ea26655418ffdf096dca04b3802c75aaf27e10682f2e7a0f6a5daa965e1fffn/aMirai
2025-03-26n/ash a08d952176fe66a4095033602d51a166ac19f23655167d32f5abea605208f539n/aMirai