URLhaus Database

You are currently viewing the URLhaus database entry for http://27.102.137.81/main_sh4 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3780814
URL: http://27.102.137.81/main_sh4
URL Status:Offline
Host: 27.102.137.81
Date added:2026-02-18 20:06:13 UTC
Last online:2026-03-15 03:XX:XX UTC
Threat:Malware download Malware download
Reporter: DaveLikesMalwre
Abuse complaint sent (?): Yes (2026-02-18 20:07:14 UTC to irt{at}nic[dot]or[dot]kr)
Takedown time:24 days, 7 hours, 37 minutes Bad (down since 2026-03-15 03:44:17 UTC)
Tags:fbi.gov mirai link moobot ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-02-28n/aelf 76b05b1a1afd7de61c4b9be7c02c3f6515e4aba0f59269416a670e06fc9d709en/aMirai
2026-02-28n/aelf 194420d0393124ffc9586eaabcbe8dc643a9fe25b2db67b971fb5c01dc14689bn/aMirai
2026-02-27n/aelf fa6596f9f49becc7d33d43ffebb63ea856bebfd4b9cc0551361bf364f94296fbn/aMirai
2026-02-27n/aelf addcf578d5290ff2b99a8ad23d9e075d8087e2abed1a789818566e0ee499e431n/aMirai
2026-02-24n/aelf 0a1974f2a8ce22fa40748271a1c9d8108dda5dfb5e755e40f12fe6c315ac7038n/aMirai
2026-02-23n/aelf 765b06d48da8554cdd725bc6a1649a19ff741668a5e0846b7eaccf5877c6eab4n/aMirai
2026-02-22n/aelf fb3e21c2bb40cd81b51934ab4877b02815ad0546eb82d936d529ec7ba1330a09n/aMirai
2026-02-20n/aelf 3d2496c34de57669670070825b43cfec24eff1ab5c8c2803c057c538d916023cn/aMirai
2026-02-19n/aelf 608f6b10a4339eff601178ae11afe3af8e2c9a74b436ff5d893ddab012aa30f6n/aMirai
2026-02-18n/aelf 19c94c2a249536b98ba993637cb8ba27e8cf51ab847a252f6ba620e61c2f9081n/aMirai