URLhaus Database

You are currently viewing the URLhaus database entry for https://d1malk.phoniche1lo.in.net/05fe317c-0981-4de2-bc8a-930d369db441/ck-3d80df5d12cdfe6450a782fc87bf66b444.google which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3820724
URL: https://d1malk.phoniche1lo.in.net/05fe317c-0981-4de2-bc8a-930d369db441/ck-3d80df5d12cdfe6450a782fc87bf66b444.google
URL Status:Offline
Host: d1malk.phoniche1lo.in.net
Date added:2026-04-13 16:52:10 UTC
Last online:2026-04-14 22:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Blocked
Spamhaus DBL :Abused domain (malware)
SURBL :Not blocked
Quad9 :Blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Blocked
OpenBLD :Blocked
DNS4EU :Not blocked
Reporter:Anonymous
Abuse complaint sent (?): Yes (2026-04-13 16:53:14 UTC to abuse{at}cloudflare[dot]com)
Takedown time:1 day, 6 hours, 3 minutes Poor (down since 2026-04-14 22:56:40 UTC)
Tags:ClearFake GuLoader link NetSupport link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-04-14ck-3d80df5d12cdfe6450a782fc87bf66b444.googledll 102251acc94aed4b1e44d223b74dde50a813f56f9a11b7fd4b25d1115db64277n/a NetSupport
2026-04-14ck-3d80df5d12cdfe6450a782fc87bf66b444.googledll 342eb40f4c3b87db54833e922410d6688575b1632dcb1c2b06e2f0b2521bb1c6n/a NetSupport
2026-04-13ck-3d80df5d12cdfe6450a782fc87bf66b444.googledll 2ecc436c6d8c643320713e3faadb88c2575ce31893b14590474253c738d933d4n/aGuLoader
2026-04-13ck-3d80df5d12cdfe6450a782fc87bf66b444.googledll 2bbb37485871adac5f5fb129a01cc638e2ecaafa178ff807d08bad9bd37a1b00n/aGuLoader