URLhaus Database

You are currently viewing the URLhaus database entry for http://141.98.11.129/gay/spc which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	3350418
URL:	http://141.98.11.129/gay/spc
URL Status:	Offline
Host:	141.98.11.129
Date added:	2024-12-15 13:54:05 UTC
Last online:	2024-12-16 20:XX:XX UTC
Threat:	Malware download
Reporter:	BlinkzSec
Abuse complaint sent (?):	Yes (2024-12-15 13:55:14 UTC to admin{at}serveroffer[dot]lt)
Takedown time:	1 day, 6 hours, 34 minutes (down since 2024-12-16 20:30:07 UTC)
Tags:	elf gafgyt mirai ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2024-12-16	n/a	elf	d86d47cd78c6453ef2e3d569e34b95a835c85d9bad12e9a92eb9cc0fabd8ce5d	n/a	Mirai
2024-12-16	n/a	elf	4a63ced157c8bc6859b1195358db8e02e654fb5c72cf411b4dd1b2b9e5527c2b	n/a	Gafgyt
2024-12-15	n/a	elf	d28c22c5849287874ab5f856d57913448f2bebc3bdf03bcf7360a220a6e270ab	n/a	Mirai
2024-12-15	n/a	elf	1d51d8255aff4ef5b0eda9cc84b636f2022c9bac0f592f497ae9ffb19488b21c	n/a	Mirai
2024-12-15	n/a	elf	afa43fbfa98c375116fb4606113a04012b0b88e3c7a594a252180b0fcd1c1c50	30.16%	Gafgyt