URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry


Host: 94.154.43.158
Firstseen:2026-06-29 06:44:09 UTC
Total malware sites :11
Online malware sites :10 (91%)
Offline Malware sites :1 (9%)
Newest active malware site :2026-06-29 14:05:30 UTC
Oldest active malware site :2026-06-29 06:44:25 UTC (Age: 1 day, 18 hours, 31 minutes)

IP addresses


The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2026-06-29 06:44:25 94.154.43.158SBL697626AS219502 STORMCLOUD-AS- UAyes

Malware URLs


The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2026-06-29 14:05:30http://94.154.43.158/armv7l.ghostOnlineelf Ngioweb ua-wget abuse_ch
2026-06-29 14:05:30http://94.154.43.158/powerpc.ghostOnlineelf gafgyt ext mirai ext ua-wget abuse_ch
2026-06-29 14:05:30http://94.154.43.158/mipsel.ghostOnlineelf gafgyt ext mirai ext ua-wget abuse_ch
2026-06-29 14:05:30http://94.154.43.158/m68k.ghostOnlineelf gafgyt ext ua-wget abuse_ch
2026-06-29 14:05:30http://94.154.43.158/sh4.ghostOfflineelf ua-wget abuse_ch
2026-06-29 14:05:30http://94.154.43.158/aarch64.ghostOnlineelf mirai ext ua-wget abuse_ch
2026-06-29 14:05:30http://94.154.43.158/mips.ghostOnlineelf gafgyt ext ua-wget abuse_ch
2026-06-29 14:05:24http://94.154.43.158/armv5l.ghostOnlineelf Ngioweb ua-wget abuse_ch
2026-06-29 14:05:24http://94.154.43.158/i686.ghostOnlineelf gafgyt ext mirai ext ua-wget abuse_ch
2026-06-29 14:05:24http://94.154.43.158/x86_64.ghostOnlineelf gafgyt ext mirai ext ua-wget abuse_ch
2026-06-29 06:44:25http://94.154.43.158/ghost.shOnlineelf iot HoneyLabs

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2026-06-30 01:41:4653cb5ca23f87d31f53f2632ee092def8157285bde34b7b3f50900f5134c50123elfGafgyt
2026-06-29 20:28:35876894a47b1c46f30a174e9d7b3e26e752c25666abc6b555343d09177540114aelfGafgyt
2026-06-29 20:15:20de4512a40cfdc03935663a7368c265d26ee46bd52494d50676f3376fb4d4fc62elfGafgyt
2026-06-29 19:33:51071b29d176e2b5e1d8634ec20b08dd386964b38dbc7ab08540c73a85fc365791elfNgioweb
2026-06-29 19:07:19ad2a6d87aff96ecba9458d0ba78e1b6792ab303d7f2887c83867bc88e049a9b2elfGafgyt
2026-06-29 18:44:18c6f41358fd04da7921ab45eef746302f1f550760997c1caac3440cb68e562ad5elfNgioweb
2026-06-29 18:41:48c4b8ae9b3d504e818e743b2a33c3fec1705fccf116ee12c4e6c0ed26ce1f2a15elfGafgyt
2026-06-29 18:30:29982d450543f24502d82f444a7381b7d0aed3594b14f5b30b0bbe4a0a1a7e720celfMirai
2026-06-29 18:24:110628b4908a495c89d58975e4e48db7b0fffca8d00c23d158e19ae9739960c525elfGafgyt
2026-06-29 18:19:2631178d8de9ef58eb6c51c996fbc5f1448b0fdf06fc2f469ae9e4ec2788324808unknown  
2026-06-29 14:05:30eee339705a00631fb445a64e19a193838a36f0cc5bd8d680c3bb10b434edbb48elfNgioweb
2026-06-29 14:05:3047ac17be7522428a45ce0917a80bf7d9937d1ff88151458a7c9bfc95b6a77f52elfMirai
2026-06-29 14:05:3091c8164c0d9cc58a678c0f4b299aa8c5cc8c3e3991a53b2574548d56a167b000elfMirai
2026-06-29 14:05:305b9562222836095e6f17078b52ca4e29263e1c974ed6c23d30bcc85a946bc1cdelf 
2026-06-29 14:05:3000d9104e5750525574454f7e9e48d9746f034c8116bbf21faf3cda17d9c71122unknown  
2026-06-29 14:05:3017877a7e4c4e39df1f939953cec6fe18e55388cbd9cdc6549a31aa50d5dccb7delfMirai
2026-06-29 14:05:3083a5fb685c965f59f05d9a3dedf8c29ed5264401fa39e5593410e85cd84328e1elf 
2026-06-29 14:05:246e2d74bc041275b644c767329368d9fe7075ffc154cfdb37cc248438a5fa5853elfMirai
2026-06-29 14:05:240120fd818e4ca578ab31e162b26673330fd04defb6a016dd773ea56fcadd075aelfMirai
2026-06-29 14:05:249008c6360192925325f2e57c29d6593015b5a3ca8dc7a81ad28f513f4436a4f3elfNgioweb
2026-06-29 13:43:033d266ba060261b8e843926e426300d39277d2ee54497e0a6543428ba7ec6085bsh