URLhaus Database

You are currently viewing the URLhaus database entry for http://213.209.143.64/zersh4 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3726586
URL: http://213.209.143.64/zersh4
URL Status:Offline
Host: 213.209.143.64
Date added:2025-12-05 18:23:19 UTC
Last online:2025-12-18 00:XX:XX UTC
Threat:Malware download Malware download
Reporter: abuse_ch
Abuse complaint sent (?): Yes (2025-12-05 18:24:15 UTC to abuse{at}virtualine[dot]org)
Takedown time:12 days, 6 hours, 5 minutes Bad (down since 2025-12-18 00:30:13 UTC)
Tags:elf gafgyt link mirai link ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-12-17n/aelf e26b89d66f151074758de67da0e319991ab99abca8e192d7cc72212b7a5c3af5n/aMirai
2025-12-17n/aelf 2aa63c5d27de2445962d25053d8332fc8f9972dd72802fe5bca142fc69e4a2c1n/aGafgyt
2025-12-16n/aelf 83c82305868e05db274e6c5a937233bf42de50803ce0f8abddc0ed650b4520f6n/aGafgyt
2025-12-16n/aelf 5f624f15f2d0031e2251d0f808f1590a9f355c7bd2d1755c9b7b920fe6277adan/aGafgyt
2025-12-15n/aelf 6247b4b5ef90ac362753bd8f167c1cc96e0fa7446ab72ffb3cea5ffa930fc86bn/aGafgyt
2025-12-15n/aelf cd598343fdff44365378271a35e56264800723452294357b5b41523e28610d69n/aGafgyt
2025-12-14n/aelf 03109a671a8a757231431050a531cafbbf1f2dd5178c070bba33af0a27c0615an/aMirai
2025-12-14n/aelf 01d5d14e4d1f80e85e24e119ab9bae3f460d2b01c1ab3b15acae139fb831cea2n/aMirai
2025-12-09n/aelf f7f9df91b9c087e1860059473526ce8bf260aa34effa2d5b46568ffa6ed585fan/aMirai
2025-12-07n/aelf 1ea1fc2e4207c4e655a28c2db88eef83b97a26941032cf215cd57faa5a949486n/aMirai
2025-12-05n/aelf 3a13858de2b641d3b6ef3a4c27aef288cae2debce60370629c4ad901a97e9b4dn/aMirai