URLhaus Database

You are currently viewing the URLhaus database entry for http://77.83.39.185/shel/fros/ENCRYPTED.ps1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3766134
URL: http://77.83.39.185/shel/fros/ENCRYPTED.ps1
URL Status:Offline
Host: 77.83.39.185
Date added:2026-01-30 12:47:06 UTC
Last online:2026-02-08 01:XX:XX UTC
Threat:Malware download Malware download
Reporter: abuse_ch
Abuse complaint sent (?): Yes (2026-02-02 01:18:10 UTC to abuse{at}lanedo[dot]net)
Takedown time:5 days, 23 hours, 52 minutes Bad (down since 2026-02-08 01:10:14 UTC)
Tags:ascii opendir PhantomStealer powershell ps1

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-02-06ENCRYPTED.ps1ps1 85998b012fd8c20899b3f9c264a1e7c594ddcff8eb4ebf4e34c56efb1ba74010n/a PhantomStealer
2026-02-06ENCRYPTED.ps1ps1 965c36375e059921fb79fae235962d6f239bf66ef8921fd5203c4a8773a0dc89n/a PhantomStealer
2026-02-05ENCRYPTED.ps1ps1 1977061e6372841cdb5762fb9f177efe2e9bbbb4603fc1fc66b2880f9c4ae5a2n/aPhantomStealer
2026-02-05ENCRYPTED.ps1ps1 6a2ad4bf1ce6762ef84004adb6fad86c07da1e4e6142fcecff7e1ab68a6de799n/aPhantomStealer
2026-02-04ENCRYPTED.ps1ps1 4a34e6614acd4a138eb1f308c21be91a8f0c53f00c307a1a5cf2a178182b62c4n/aPhantomStealer
2026-02-03ENCRYPTED.ps1ps1 c0b1fa407b6f1c7a2c0636febc35adf5494f887dd5001be9bd5fab0870ad2ecdn/aPhantomStealer
2026-02-03ENCRYPTED.ps1ps1 f27fcf6c0186768380cb60cba7410148a51c84edbe94535f2c9fcb5af464b40bn/a 
2026-02-02ENCRYPTED.ps1ps1 379b7783b0ad1be91022dbfeb8d4159738968898e7c1375aade28b8bd6ecc669n/a