URLhaus Database

You are currently viewing the URLhaus database entry for http://205.237.110.232/wget.sh which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:3886291
URL: http://205.237.110.232/wget.sh
URL Status:flame Online (spreading malware for 4 days, 11 hours, 36 minutes)
Host: 205.237.110.232
Date added:2026-07-14 10:01:15 UTC
Threat:Malware download Malware download
Reporter: sigsec
Abuse complaint sent (?): Yes (2026-07-14 10:02:16 UTC to report{at}zetservers[dot]com)
Tags:cowrie honeypot mirai link ssh telnet

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-07-17wget.shsh e1568cae97252fa9350ef2d2d381975c8bd29e11f126fb06bd64e92a73d7beb9n/aMirai
2026-07-14wget.shsh f370b32bab1c20f235c9b88189c9e0769796f183bff521938acd4d69840e7ae4n/aMirai