URLhaus Database

You are currently viewing the URLhaus database entry for http://205.237.110.232/curl.sh which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:3886290
URL: http://205.237.110.232/curl.sh
URL Status:flame Online (spreading malware for 17 hours, 21 minutes)
Host: 205.237.110.232
Date added:2026-07-14 10:00:17 UTC
Threat:Malware download Malware download
Reporter: sigsec
Abuse complaint sent (?): Yes (2026-07-14 10:01:15 UTC to report{at}zetservers[dot]com)
Tags:cowrie honeypot mirai link ssh telnet

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-07-14curl.shsh 3801a288c16a19c57c7a8a7b0f139cf630d2cd0c4bbcb26876e3593c492ffc5dn/aMirai