URLhaus Database

You are currently viewing the URLhaus database entry for http://cnc.zinomc.com/bot.sh4 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3605918
URL: http://cnc.zinomc.com/bot.sh4
URL Status:Offline
Host: cnc.zinomc.com
Date added:2025-08-18 15:36:22 UTC
Last online:2025-12-24 13:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Abused domain (botnet C&C)
SURBL :Blocked
Quad9 :Blocked
AdGuard :Blocked
Cloudflare :Blocked
dns0.eu :Not blocked
ProtonDNS :Blocked
OpenBLD :Blocked
DNS4EU :Blocked
Reporter: BlinkzSec
Abuse complaint sent (?): Yes (2025-12-20 12:58:16 UTC to mh[dot]kctipl{at}gmail[dot]com)
Takedown time:4 months, 7 days, 21 hours, 25 minutes Bad (down since 2025-12-24 13:02:44 UTC)
Tags:botnetdomain elf mirai link ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-12-20n/aelf 9283905149996949c5ae7f61d4cc9bcb26dbde1fc13d859dcb0e3db6da8dfc6an/aMirai
2025-12-16n/aelf 1ad16126b09c5b7167006b094c4ac676b9f10b962d62203b8075875c81251a57n/aMirai
2025-12-06n/aelf 14ed7004887e11c1533cf69c59671f580ce606bab224e0f119529677553ce33an/aMirai
2025-12-05n/aelf fef373bf40a142121f11c89ab4d5c1f6aff9ee3c5c214aa349bc75baa1c32714n/aMirai
2025-11-01n/aelf fbcdab407cef1578fdc4e0329b4fbb9b0c5c68219079ae411fdb6951a7701f9an/aMirai
2025-10-22n/aelf 1265c6275954387789316d08f8d9e3431df577a609791e3f490f06885685c004n/aMirai
2025-10-21n/aelf 352f52af13e6d0b157e68d5ec886d974559e025ab8765a2314c89b1ee830f34en/aMirai
2025-10-21n/aelf 8aeb29ac9fae13c598c8e7e3857f8a19852b75cc7442f038db422b538ad4ecc7n/aMirai
2025-10-03n/aelf 7c1c5778eb8ea7319e59c3e8991496de52b308eedb6fcf4006377a2a6a74d7a4n/aMirai
2025-08-27n/aelf d27f42e7b210d149f4e0b0f66bd03e56feb2fcdcde89fb9f8e9818a6464c71ddVirustotal results 56.25%Mirai
2025-08-21n/aelf 7c7b3539685574ebc82012d14fb807febd593de193c5700b0b88caeee2ae301bVirustotal results 54.69%Mirai
2025-08-18n/aelf 5075d47355c5017a218c4babebd4d50d4c0b177df1c306f9dc1da28ca4df754bn/aMirai