URLhaus Database

You are currently viewing the URLhaus database entry for http://109.205.213.5/kvariant.sh4 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3620498
URL:	http://109.205.213.5/kvariant.sh4
URL Status:	Offline
Host:	109.205.213.5
Date added:	2025-09-09 05:49:18 UTC
Last online:	2025-10-10 10:XX:XX UTC
Threat:	Malware download
Reporter:	BlinkzSec
Abuse complaint sent (?):	Yes (2025-09-09 05:50:14 UTC to abuse{at}razinetwork[dot]com)
Takedown time:	1 month, 1 days, 5 hours, 8 minutes (down since 2025-10-10 10:58:23 UTC)
Tags:	elf mirai ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2025-10-10	n/a	elf	b6bebb2a57ed917c822563a91d01ec1e819e8a35ee9692cc650c1ec6fc34e8d8	36.36%		Mirai
2025-10-07	n/a	elf	3d6a71ee15c12dd87db5dca99bedb11e93d0909867e472a7991dab65c484b5bb	n/a		Mirai
2025-10-07	n/a	elf	85ccdbe841c454605e977521faa2471d9cafdaf9aaf757079070d34b9369992a	n/a		Mirai
2025-09-27	n/a	elf	0c0de0d01a0854804447ee69e31e188387d5aef99a3e37e65e8cd4453c28eece	n/a		Mirai
2025-09-26	n/a	elf	64edf800df92c8c5ace83eb5826ba7695bb358767e1044149c20c52718a64751	n/a		Mirai
2025-09-19	n/a	elf	b2d829c10b6c9dc07c98983810c88a41fa281e736a84584cad51f8335c18ad5d	n/a		Mirai
2025-09-10	n/a	elf	0864e7ab06e5f39bfa5c9200ecfeb70d0a1de86eb7e7ae038697e1b0db60c86f	n/a		Mirai
2025-09-09	n/a	elf	8c148a15902522eef15e8598bedbbb08ab0053aacbb3adb8edd6fe4f633acb70	43.75%		Mirai