URLhaus Database

You are currently viewing the URLhaus database entry for http://66.63.187.141/mips which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	3593219
URL:	http://66.63.187.141/mips
URL Status:	Offline
Host:	66.63.187.141
Date added:	2025-07-30 21:01:07 UTC
Last online:	2025-09-07 14:XX:XX UTC
Threat:	Malware download
Reporter:	threatquery
Abuse complaint sent (?):	Yes (2025-07-30 21:02:10 UTC to abuse{at}virtualine[dot]org)
Takedown time:	1 month, 8 days, 17 hours, 23 minutes (down since 2025-09-07 14:25:58 UTC)
Tags:	32-bit elf gafgyt mirai Mozi

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2025-08-18	n/a	elf	7124a65bf24f9edba23f44feeace7c17c40c84a3977c2220d6742e188928612e	n/a	Mirai
2025-08-16	n/a	elf	6c85c96e46fadb3c2dc8363e876ecb7d54d43f6a6baefbc716a8afee796be330	n/a	Mirai
2025-08-16	n/a	elf	ef641fd5206731c411b36a49faa3aa3277033aa8ff24f7262b3fd441768dbd11	10.94%	Mirai
2025-08-07	n/a	elf	93d46c8c1ca794c1d8babed9f51ea40ce355d0f5c4aeb68c3d3b3494e64854c3	42.19%	Gafgyt
2025-07-30	n/a	elf	b7aea615f215e8ff1fd5757bc2e76c087ef6f2d5795890435d4ab660bc664a18	n/a	Mirai