URLhaus Database

You are currently viewing the URLhaus database entry for http://expay.ru/bins/whisper.x64 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	3451156
URL:	http://expay.ru/bins/whisper.x64
URL Status:	Offline
Host:	expay.ru
Date added:	2025-02-24 18:33:06 UTC
Last online:	2025-07-09 10:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Status unknown
ProtonDNS :	Not blocked
OpenBLD :	Blocked
DNS4EU :	Not blocked
Reporter:	DaveLikesMalwre
Abuse complaint sent (?):	Yes (2025-07-02 11:38:11 UTC to abuse{at}nano[dot]lv)
Takedown time:	4 months, 14 days, 16 hours, 13 minutes (down since 2025-07-09 10:47:19 UTC)
Tags:	botnetdomain DDoSAgent elf mirai

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2025-06-22	n/a	elf	11742623bba0e1ca221814a36cd8239be94898c59fcc61c1328a6230a9981219	50.00%	DDoSAgent
2025-02-26	n/a	exe	58189cbd4e6dc0c7d8e66b6a6f75652fc9f4afc7ce0eba7d67d8c3feb0d5381f	0.00%
2025-02-25	n/a	elf	815a166f35b42f84c2869a3be009d7f37fb2c6f22cfcc568a7580ae75b0e401b	n/a
2025-02-24	n/a	elf	692a57c17f4c02396ea01b9300c3f9eaaa5532f07705ba78c9ea010cec56a9ac	25.00%