URLhaus Database

You are currently viewing the URLhaus database entry for http://cnc.504.su/sh4 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3740235
URL: http://cnc.504.su/sh4
URL Status:flame Online (spreading malware for 2 days, 10 hours, 20 minutes)
Host: cnc.504.su
Date added:2025-12-22 15:23:21 UTC
Threat:Malware download Malware download
URLhaus blocklist:Blocked
Spamhaus DBL :Abused domain (botnet C&C)
SURBL :Blocked
Quad9 :Blocked
AdGuard :Blocked
Cloudflare :Blocked
dns0.eu :Not blocked
ProtonDNS :Blocked
OpenBLD :Blocked
DNS4EU :Blocked
Reporter: BlinkzSec
Abuse complaint sent (?): Yes (2025-12-22 15:24:19 UTC to abuse{at}lanedo[dot]net)
Tags:botnetdomain elf mirai link ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-12-24n/aelf 1225df584e4052ab709cb869cce98a0f66042d4ac5639d6c000a37c358b2211bn/a
2025-12-24n/aelf 41dc136e24334d833ed3e59f3b795c4aece5a4005f37be3cf44e4dc1c00ea06dn/aMirai
2025-12-24n/aelf 960b0b9e5c0727e300be2e260c242cab05f83320f15d9ad9297dc3f439037dc9n/a
2025-12-24n/aelf 0b764e359454262a1ba16744d5a57358949105ae0d16764431ca89a1ad9eaefdn/aMirai
2025-12-23n/aelf 00d4cd4ad47504d9273b4b123fd8f9e35b1985fecfaaa5f5c84f93de17d054afn/aMirai
2025-12-23n/aelf 765d9ac8e51ba62c5d9bf313b0c2cad28983ce623c098503c36830bacad10a75n/aMirai
2025-12-22n/aelf 1838f43fbd3fa65fa5c68fd654905b3eeac3d66c6ba1489b3d0359d87b368fb3n/aMirai
2025-12-22n/aelf 43f4933990a71e1836a520a101d3e67ff251dbb8703a4b5a2a0b40ee7a3ce3aen/aMirai