URLhaus Database

You are currently viewing the URLhaus database entry for http://103.149.252.178/wget.sh which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3561453
URL: http://103.149.252.178/wget.sh
URL Status:Offline
Host: 103.149.252.178
Date added:2025-06-12 12:10:05 UTC
Last online:2025-07-01 16:XX:XX UTC
Threat:Malware download Malware download
Reporter: NDA0E
Abuse complaint sent (?): Yes (2025-06-12 12:11:07 UTC to hm-changed{at}vnnic[dot]vn)
Takedown time:19 days, 4 hours, 2 minutes Bad (down since 2025-07-01 16:13:42 UTC)
Tags:mirai link sh ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-06-30wget.shsh b753598a4fbed7ac94a38d7ff805c905afb2127604ac69050d463c75b4b726b6n/aMirai
2025-06-29wget.shsh 0c05853f0a0f9de2d70ab2330eb13c621884ca72c1bc7980e1721a8e5d3c6dd3n/aMirai
2025-06-27wget.shsh 03f1b29c04b19364018ea2490a1ed052d13593b65dfa69b559f93116860d811cn/a
2025-06-23wget.shsh aefe19e1e266ac294e84c7d5d05358a0a316deda7c4003ff461565589bbcacbbn/a
2025-06-22wget.shsh 5fb7ef38e1397c6bd636bd31de186865e91d7cca9e20701dd1a594468f424c90n/a
2025-06-20wget.shsh c689f30df176e7ce997b7f0a3c7bd6e0c6fb86bf1a71e0c35ab91cbe634be517n/aMirai
2025-06-18wget.shsh 0b768ac1a55b164a39dc9af29102016a5417b6c038b427683641333881b3867bn/aMirai
2025-06-18wget.shsh 0d1414266f81e3c38a0b0d5dafae47ea8ce86d484ec5bbf345aebee75c9bace5n/aMirai
2025-06-15wget.shsh 12920f5a6ce8579b3ca0b0d9ee37cfffbcab028a6e875418d4d0c34072c4f6d0Virustotal results 20.97%Mirai
2025-06-12wget.shsh bc9a95a18814c039e8f496ff1c3d1e6f0c2bf6194a4f1527db080a4b57b8399cn/aMirai