URLhaus Database

You are currently viewing the URLhaus database entry for http://176.65.139.59/hiddenbin/boatnet.sh4 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3809127
URL:	http://176.65.139.59/hiddenbin/boatnet.sh4
URL Status:	Offline
Host:	176.65.139.59
Date added:	2026-03-31 12:21:18 UTC
Last online:	2026-05-03 11:XX:XX UTC
Threat:	Malware download
Reporter:	BlinkzSec
Abuse complaint sent (?):	Yes (2026-03-31 12:22:19 UTC to abuse{at}stormindustries[dot]llc)
Takedown time:	1 month, 2 days, 23 hours, 7 minutes (down since 2026-05-03 11:30:07 UTC)
Tags:	elf gafgyt mirai ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2026-05-02	n/a	elf	4eb18a9b9fc84f8dea3d6ca013c188eda15a2b0a5ee2a43acfe7948ca20125b3	n/a	Mirai
2026-05-02	n/a	elf	d09ba127026dc067f615b6171cfe9394e1da5125335580810b1bbe6c2268bda0	n/a
2026-05-01	n/a	elf	996a1f8b12625b22c404186d82221ebc97c6b1f9bed29ab4db966b309393f23f	n/a	Gafgyt
2026-04-29	n/a	elf	8c926fb6559e1a6dd7a70f8a85ce45b2aa980700c9c4df21d5f14976febc8f85	n/a	Mirai
2026-04-28	n/a	elf	68bcc8dbd235e1ae581a7c2d77a358cd9cc060d79a3a60f74ba3336dbfa3dede	n/a	Mirai
2026-04-24	n/a	elf	cb772aa889ec546f1d5511427155889a20a6ede481e48287bbb00f6c021cf9d0	n/a	Mirai
2026-04-23	n/a	elf	0ca513a03941e73ccc2b94c6a035f7673dcde57e35c6cece1734af87891a1c65	n/a	Mirai
2026-04-19	n/a	elf	666a72be748db10a1e1498dd0fa51c7a4db618ec7ecd332997f80bf82c776caf	n/a	Mirai
2026-03-31	n/a	elf	c5fabb7238edaf7d1f9b477a492fc8bfa1bdb6137784dca152e6187ccc4b6cdb	n/a	Mirai