URLhaus Database

You are currently viewing the URLhaus database entry for http://draft22.redirectme.net/1.sh which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3727052
URL:	http://draft22.redirectme.net/1.sh
URL Status:	Online (spreading malware for 19 days, 2 hours, 57 minutes)
Host:	draft22.redirectme.net
Date added:	2025-12-06 07:43:13 UTC
Threat:	Malware download
URLhaus blocklist:	Blocked
Spamhaus DBL :	Abused domain (phishing)
SURBL :	Blocked
Quad9 :	Blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Status unknown
ProtonDNS :	Blocked
OpenBLD :	Blocked
DNS4EU :	Blocked
Reporter:	BlinkzSec
Abuse complaint sent (?):	Yes (2025-12-06 07:44:21 UTC to hm-changed{at}vnnic[dot]vn)
Tags:	botnetdomain mirai sh ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2025-12-18	1.sh	sh	d0e164aca64197432f7bd969a66d5395498278368c14e414bd2c706d6b750d74	n/a		Mirai
2025-12-12	1.sh	sh	925d0e32511e0d952206421262363033ea8332b4443b7ea35ba5e20d8e1fc4cd	n/a		Mirai
2025-12-12	1.sh	sh	d608cbe87a439f554a10cbd6c4293a0e1cf437429937789ecb29776b25cc8071	n/a		Mirai
2025-12-11	1.sh	sh	bb9536a1b9e5a1924f22a61c9e09db1ee965383bb68ba71fb1795bdfdc72e939	n/a		Mirai
2025-12-11	1.sh	sh	e9ab6a004dc53a477e72b440de125cd44bcc38d583cbfc54815bfcf21011c772	n/a		Mirai
2025-12-06	1.sh	sh	33bd46c5f00b789cc31bc21ba95d2e9fd9f2f22fb065cb9dc41b463ebc96013f	61.29%		Mirai
2025-12-06	1.sh	sh	ec15a07b61e50dc800ed79dd2179de5d3615587316ca8b20e0b4b261a361a8e4	56.14%		Mirai