URLhaus Database

You are currently viewing the URLhaus database entry for https://engine-api.systemoraengine.in.net/05fe317c-0981-4de2-bc8a-930d369db441/ck-3d80df5d12cdfe6450a782fc87bf66b444.google which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3814708
URL: https://engine-api.systemoraengine.in.net/05fe317c-0981-4de2-bc8a-930d369db441/ck-3d80df5d12cdfe6450a782fc87bf66b444.google
URL Status:flame Online (spreading malware for 23 hours, 15 minutes)
Host: engine-api.systemoraengine.in.net
Date added:2026-04-09 05:17:09 UTC
Threat:Malware download Malware download
URLhaus blocklist:Blocked
Spamhaus DBL :Abused domain (malware)
SURBL :Blocked
Quad9 :Blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Blocked
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter:Anonymous
Abuse complaint sent (?): Yes (2026-04-09 05:17:21 UTC to abuse{at}cloudflare[dot]com)
Tags:ACRStealer ClearFake NetSupport link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-04-09ck-3d80df5d12cdfe6450a782fc87bf66b444.googledll 81e70aac5e3b1450e9a1ecee78924e69160d6586d76479810e2617ae9b3b17ebn/aACRStealer
2026-04-09ck-3d80df5d12cdfe6450a782fc87bf66b444.googledll 320e57b0129c5a28f923e01c7c45139142f28703c4387fa7b3774398cd5e92c1n/a ACRStealer
2026-04-09ck-3d80df5d12cdfe6450a782fc87bf66b444.googledll c131d9943741563152262d0ce82d6ef411431c6f4f28ca168d08eafea73f2a1cn/aNetSupport
2026-04-09ck-3d80df5d12cdfe6450a782fc87bf66b444.googledll 328e097831c74290f102dcf11c41bc4b7b82a37681d8df3690783ea8a9e3bebcn/aNetSupport