URLhaus Database

You are currently viewing the URLhaus database entry for https://c0nvoy5-field.codcomparable.in.net/verification.google which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3809185
URL:	https://c0nvoy5-field.codcomparable.in.net/verification.google
URL Status:	Online (spreading malware for 1 day, 9 hours, 47 minutes)
Host:	c0nvoy5-field.codcomparable.in.net
Date added:	2026-03-31 13:31:26 UTC
Threat:	Malware download
URLhaus blocklist:	Blocked
Spamhaus DBL :	Abused domain (malware)
SURBL :	Blocked
Quad9 :	Blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Status unknown
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Reporter:	Anonymous
Abuse complaint sent (?):	Yes (2026-04-01 10:00:18 UTC to abuse{at}cloudflare[dot]com)
Tags:	ACRStealer ClearFake

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2026-04-01	verification.google	dll	74f82374074f0f3fd8e66c9b25ccf068aadb5f38217f7bce7384a614207dbe7c	n/a	ACRStealer
2026-04-01	verification.google	dll	dd4ce1513732440da10a37042fc4d6ae082cc919b31c03dee7d56ea7076db3c8	n/a	ACRStealer
2026-04-01	verification.google	dll	9da0a2d5d86790d615e32d54870656a7917f515c1a44ca2849c2c3e704b0286b	n/a	ACRStealer
2026-04-01	verification.google	dll	68e47e20011cd303284737ff3cdba23527ecaa2a39df924edd2e749291c80f11	n/a	ACRStealer
2026-03-31	verification.google	dll	147b20174a0c78fc72b79ca1f78130f601097771d75ae8bf8b173db47d7da199	n/a	ACRStealer
2026-03-31	verification.google	dll	d1fffe10c5413fd0c5d3e9026b8edff1a6864ca5b9efde1bc47bd2bb16e6a16a	n/a	ACRStealer
2026-03-31	verification.google	dll	2bfd69fbbdb76955490233d563a559c70f172c10d60fced20461d6bdc88cac80	n/a	ACRStealer