URLhaus Database

You are currently viewing the URLhaus database entry for http://158.94.209.216/arc which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3623682
URL:	http://158.94.209.216/arc
URL Status:	Online (spreading malware for 2 months, 15 days, 18 hours, 17 minutes)
Host:	158.94.209.216
Date added:	2025-09-14 11:34:12 UTC
Threat:	Malware download
Reporter:	BlinkzSec
Abuse complaint sent (?):	Yes (2025-09-14 11:35:12 UTC to support{at}ipv4[dot]global)
Tags:	elf mirai

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2025-10-03	n/a	elf	ee9180bd2b165795dfaaf5d6de60148d34353c66373cc322e49eaf532de435f9	n/a		Mirai
2025-09-29	n/a	elf	0e7d46c9fee8ecc60482722197404de5c001e80bcd414c1940fce38f33747e30	n/a
2025-09-28	n/a	elf	470ca307988e1d77e4aa32834d08bfd87ecb828d0b72eb76ef526a926a7aff6d	n/a		Mirai
2025-09-26	n/a	elf	9be7abe546c41f6a372c674e76bd9c531dd5fab06d1db92a6879410b46b4629b	n/a
2025-09-25	n/a	elf	868a24a3acca181f4ea347dce53ffac86e7e584889bb16835073f08daac471cb	n/a
2025-09-14	n/a	elf	295bc2ac0bde4ab7ddf579004efe82a356444663256fd2d36f75d7dd4d893e9f	3.12%