URLhaus Database

You are currently viewing the URLhaus database entry for http://130.12.180.64/zersh4 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3739404
URL: http://130.12.180.64/zersh4
URL Status:flame Online (spreading malware for 24 days, 2 hours, 48 minutes)
Host: 130.12.180.64
Date added:2025-12-21 15:13:19 UTC
Threat:Malware download Malware download
Reporter: NDA0E
Abuse complaint sent (?): Yes (2025-12-21 15:14:17 UTC to abuse{at}virtualine[dot]org)
Tags:elf mirai link ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-01-12n/aelf dd7a12e5f521a68643c2aa92e447e733df25f175879499302da5d38b432c6144n/aMirai
2026-01-12n/aelf a81cc73d764986c262ec9b66cfca9b54165a9211c9dbe7b41f449ee4346f212cn/aMirai
2026-01-11n/aelf 683396da3b65e11d1b66861a0254cfb7bc47b0eec426e246cdcd0b11b1f0b2a3n/aMirai
2026-01-11n/aelf 96b50ed2463e3e660a5cf0ca9b0f6b3c7f54a3511eedadb099ff76f00db2e5ffn/aMirai
2026-01-11n/aelf 100f777509e005a36ce8a8673a0c22ea4af18f12ac6af919af7c5dc98f7bd323n/aMirai
2026-01-06n/aelf 8a5c7212f989321383ecca141af7005ce989202cfc83e33c9e26462a55527847n/aMirai
2026-01-01n/aelf a854e2d60895fe7a6458654743f8f815ea1a4d15ba39426008693c2f30992234n/aMirai
2025-12-24n/aelf 26f170f5c06638dd25b1a509fbb21e702c677ede6bf57be97e6ba6c1abc2e26fn/aMirai
2025-12-24n/aelf 81bfa711967bb0fbc4603c0a3852932dfe8ea2a4246c642b9a1af35803d9cb77n/aMirai
2025-12-24n/aelf 33dfbe0bb1570713a9590a1765aca7a5524efafafcce529476f17df090b817c5n/aMirai
2025-12-22n/aelf fb961a1fa4a39b037ea4ea268bb554c17286531e783b784dd16472c9b515ada1n/aMirai
2025-12-21n/aelf e236100a8e4f0b50fa34578357b985d38d282dae316808ce8eafd06144bdaebdn/aMirai