URLhaus Database

You are currently viewing the URLhaus database entry for https://opticsval.withregw.in.net/verification.google which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3800600
URL: https://opticsval.withregw.in.net/verification.google
URL Status:flame Online (spreading malware for 3 days, 21 hours, 34 minutes)
Host: opticsval.withregw.in.net
Date added:2026-03-20 12:53:07 UTC
Threat:Malware download Malware download
URLhaus blocklist:Blocked
Spamhaus DBL :Abused domain (malware)
SURBL :Blocked
Quad9 :Blocked
AdGuard :Blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Blocked
OpenBLD :Blocked
DNS4EU :Not blocked
Reporter:Anonymous
Abuse complaint sent (?): Yes (2026-03-23 08:52:37 UTC to abuse{at}cloudflare[dot]com)
Tags:ACRStealer ClearFake NetSupport link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-03-24verification.googledll 9aa4d39f8b3502d49128e361b651e6303302794039ca19c599ecc49ad7420bf3n/a ACRStealer
2026-03-24verification.googledll d588b90faf401a690aac3143599681768ff471d5ec53a3810c056ba550e99619n/a ACRStealer
2026-03-23verification.googledll 44b94cbb7826a3536f8d7f35f62cbe4f1f1f87f7ef302681f41ea18c406d3e0cn/a ACRStealer
2026-03-23verification.googledll dc9587d7c62518c935f190bda2925bed1401f48ee24dda76a3a91eaa3a974daen/a ACRStealer
2026-03-23verification.googledll 8e2f63960ffe5e9fddf3e01085991c422625972e24397f81dfc9c39f8fd6f771n/aNetSupport
2026-03-20verification.googledll 2fb7654e31e95421bb32362a6ba8120cdaf78798d531b97e7893788e0c15e1b0n/aACRStealer