URLhaus Database

You are currently viewing the URLhaus database entry for http://scan.504.su/sh4 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3740257
URL: http://scan.504.su/sh4
URL Status:flame Online (spreading malware for 2 days, 10 hours, 19 minutes)
Host: scan.504.su
Date added:2025-12-22 15:23:26 UTC
Threat:Malware download Malware download
URLhaus blocklist:Blocked
Spamhaus DBL :Abused domain (malware)
SURBL :Blocked
Quad9 :Blocked
AdGuard :Blocked
Cloudflare :Blocked
dns0.eu :Not blocked
ProtonDNS :Blocked
OpenBLD :Blocked
DNS4EU :Blocked
Reporter: BlinkzSec
Abuse complaint sent (?): Yes (2025-12-22 15:24:22 UTC to abuse{at}lanedo[dot]net)
Tags:botnetdomain elf mirai link ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-12-25n/aelf 1225df584e4052ab709cb869cce98a0f66042d4ac5639d6c000a37c358b2211bn/a
2025-12-24n/aelf 41dc136e24334d833ed3e59f3b795c4aece5a4005f37be3cf44e4dc1c00ea06dn/aMirai
2025-12-24n/aelf 7bf5c7e5ea849feef750b4e0e69ea5f0f0adec14edb1eb433ba905b9e8320ff7n/aMirai
2025-12-24n/aelf 0b764e359454262a1ba16744d5a57358949105ae0d16764431ca89a1ad9eaefdn/aMirai
2025-12-23n/aelf 00d4cd4ad47504d9273b4b123fd8f9e35b1985fecfaaa5f5c84f93de17d054afn/aMirai
2025-12-23n/aelf 134414883d23289c88c7306f0c1b56446b6eb45febb104ac07dd7dc891502a62n/aMirai
2025-12-22n/aelf 99d01abe3bf91d3cd971f524e96f80ebcde30886de5d3ee9c46bd32a9849de92n/aMirai
2025-12-22n/aelf 43f4933990a71e1836a520a101d3e67ff251dbb8703a4b5a2a0b40ee7a3ce3aen/aMirai