URLhaus Database

You are currently viewing the URLhaus database entry for http://area-a-id-ui-sant.serveuser.com/mips which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3307617
URL:	http://area-a-id-ui-sant.serveuser.com/mips
URL Status:	Online (spreading malware for 1 year, 0 month, 17 days, 22 hours, 19 minutes)
Host:	area-a-id-ui-sant.serveuser.com
Date added:	2024-11-27 00:17:13 UTC
Threat:	Malware download
URLhaus blocklist:	Blocked
Spamhaus DBL :	Abused domain (malware)
SURBL :	Blocked
Quad9 :	Blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Not blocked
ProtonDNS :	Blocked
OpenBLD :	Blocked
DNS4EU :	Blocked
Reporter:	DaveLikesMalwre
Abuse complaint sent (?):	Yes (2024-11-27 00:18:11 UTC to admin{at}serveroffer[dot]lt)
Tags:	botnetdomain elf mirai ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2025-12-08	n/a	elf	67df849f3252e566ca8f73336ab31eb7b5ddb277c91f90a9dac885c9d9de3837	56.25%		Mirai
2025-08-19	n/a	elf	31120e0e7d31de9bb315b25bc75af459a0e62200d4fd5e30394e3cde5e1b9ff3	12.50%		Mirai
2025-08-18	n/a	elf	49e32586aebf741dd23c5594b4a989f63667fb10e0d29570116fa1b5e2bf4ab5	n/a		Mirai
2025-08-18	n/a	elf	35191259be0a20383758621a2ab073022797eabebd6e908818824a7257702463	10.94%		Mirai
2025-08-15	n/a	elf	08a2625cb44abc648ae16a6d365484e59aaee048837e81b66a1e264785bba4b8	32.81%		Mirai
2024-11-27	n/a	elf	dcaf32f6eef67e074f46dc1e98e6717f46b60c170b82bab6b8d5884d688a8f48	n/a		Mirai
2024-11-27	n/a	elf	fbdbd0392519e49a09e647d8c83046fb15d6dcbb8246ee2f813d10018ba8ac3d	51.56%		Mirai