URLhaus Database

You are currently viewing the URLhaus database entry for https://wlikkfq.n1ghtbloom.in.net/verification.google which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3807441
URL: https://wlikkfq.n1ghtbloom.in.net/verification.google
URL Status:flame Online (spreading malware for 1 day, 9 hours, 39 minutes)
Host: wlikkfq.n1ghtbloom.in.net
Date added:2026-03-29 08:13:08 UTC
Threat:Malware download Malware download
URLhaus blocklist:Blocked
Spamhaus DBL :Abused domain (malware)
SURBL :Blocked
Quad9 :Blocked
AdGuard :Blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Blocked
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter:Anonymous
Abuse complaint sent (?): Yes (2026-03-29 08:14:13 UTC to abuse{at}cloudflare[dot]com)
Tags:ACRStealer ClearFake

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-03-30verification.googledll 33c47942c21d84fb64295b61e73a2135a32559d010dd0d10e5b15c4c0c9f0660n/aACRStealer
2026-03-30verification.googledll 57acd72ee87496352fdd2e2daad44ade78ba53f00e517c49eace632b274225f4n/a ACRStealer
2026-03-30verification.googledll 69a5b974b9fc2fd64bef7c21f66821136d2691c9bfae068053c628a99b24d626n/a ACRStealer
2026-03-30verification.googledll e904222262967fdd0d6e618a01dfb21404e5a520505af644ac989f38a8ca717fn/aACRStealer
2026-03-29verification.googledll a6d9a8457d7e73564c72a290a1135dab7a28ba98456327263adf0ed872684799n/a ACRStealer
2026-03-29verification.googledll 9d6abc00b4defa18975f8d162cb82a4151f5b10b079e83f534393d2b3a617b67n/a ACRStealer
2026-03-29verification.googledll 4c5867f6010aa643d85f03ffea6ec0924d2663d30e8ce2ee3eee408055124052n/a ACRStealer