URLhaus Database

You are currently viewing the URLhaus database entry for http://154.205.128.91/zd/mips which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3469858
URL:	http://154.205.128.91/zd/mips
URL Status:	Offline
Host:	154.205.128.91
Date added:	2025-03-06 21:28:04 UTC
Last online:	2025-04-16 14:XX:XX UTC
Threat:	Malware download
Reporter:	NDA0E
Abuse complaint sent (?):	Yes (2025-03-06 21:29:04 UTC to abusepoc{at}afrinic[dot]net)
Takedown time:	1 month, 10 days, 17 hours, 21 minutes (down since 2025-04-16 14:50:51 UTC)
Tags:	elf gafgyt mirai

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2025-04-14	n/a	elf	0fffd18abdfc4fdd7fc86b7c6e5522c3aa8ab08df1575ab74df4be533932b8f0	n/a		Mirai
2025-04-12	n/a	elf	549743cff5ba6ea7a35140490d0f716deae01b543270174a3859bfabb42fbb4c	n/a		Mirai
2025-04-02	n/a	elf	262668cd1b21f5ca7ab0e1e78a2194dc7635a6ce195f5b31a67222659a88631c	n/a		Mirai
2025-03-25	n/a	elf	03bf3f9cd78298d3eef06e03c0c22da0cc937f4496a36f5d121f2dde51da85e2	n/a		Gafgyt
2025-03-24	n/a	elf	18ac42553a13aa34671816e9370a5bb1459e75e3308392c64e824f02b1ddbe26	n/a		Mirai
2025-03-17	n/a	elf	6ae090d12adb78441bf809f6de2fa8f4e1146a42cf257ce738d09bd0028088f6	34.38%		Mirai
2025-03-14	n/a	elf	c743ef43957537efeda1dc78f6d9f7f9888c98baf043ee6c9737f4f38be13ba2	n/a		Mirai
2025-03-11	n/a	elf	4f92f5d9e30af41e052d65ca13e7863aae7f7b6859daa050ab67cd2475065411	n/a		Mirai
2025-03-09	n/a	elf	5448bd7379fff53cdcc7031830f223a4f58490ce2c7729e52327f3affa0a05cb	n/a		Mirai
2025-03-09	n/a	elf	6fad9b847c5f0bbcbd73493c4104db815a12b324245820cfc4ecb4406cdbc5d3	14.29%		Mirai
2025-03-06	n/a	elf	3e3f944ea2b181396f7e11d82ac72027d1cff0e02edbf7e7882aa73249bbc213	n/a		Mirai