URLhaus Database

You are currently viewing the URLhaus database entry for http://196.251.87.155/00101010101001/morte.sh4 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3697427
URL:	http://196.251.87.155/00101010101001/morte.sh4
URL Status:	Offline
Host:	196.251.87.155
Date added:	2025-11-05 21:45:23 UTC
Last online:	2025-11-12 11:XX:XX UTC
Threat:	Malware download
Reporter:	tolisec
Abuse complaint sent (?):	Yes (2025-11-06 07:00:16 UTC to abuse{at}cheapy[dot]host)
Takedown time:	6 days, 4 hours, 30 minutes (down since 2025-11-12 11:31:09 UTC)
Tags:	DEU elf geofenced mirai

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2025-11-12	n/a	elf	66399f695954db7bf91e7e52e7e8f1331b4e0fb091610c5b22a4c1172b942531	n/a		Mirai
2025-11-10	n/a	elf	2988f90a969a0b0854e5723f6a848f1e23edfd2d64dfc43d4c041b1a5a5af9e4	61.54%		Mirai
2025-11-09	n/a	elf	77931039f828d4ff7d68fc87b52b5d4f4c51982d420057cf3215d1874d2bc0d6	n/a		Mirai
2025-11-09	n/a	elf	26ee6da9ed5801a1cff5c0fae86dbc7af5f857364380a7fe6a3a7c47ce140f35	n/a		Mirai
2025-11-08	n/a	elf	13ba233a5f5eee120980717639fbda989d5bb94301e7d90cc280c4399a7f948f	n/a		Mirai
2025-11-08	n/a	elf	92a8409c6d850392f4b48a7df4e4a2e5db932015469ca6a90570fe2964abe8cd	n/a		Mirai
2025-11-08	n/a	elf	230a21a1cb505383afcfbc0a955d7a0546cdd39954f62475d9a730f94a049d01	63.49%		Mirai
2025-11-07	n/a	elf	696e8d862ac88c010a36a16d0bf84c80b08d6ab47db4078aea013694f3bc4760	52.54%		Mirai
2025-11-06	n/a	elf	2ce8ccef24e979d2b071aaea88997d51247f2420aa3c4286df310c9e521fe5e7	n/a		Mirai
2025-11-06	n/a	elf	41eb114186f138b88fc1014df1f51e2445b5602cbdd88d6cc611aa1a3d130980	54.69%		Mirai