URLhaus Database

You are currently viewing the URLhaus database entry for http://94.154.35.154/x86_64.uhavenobotsxd which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3714269
URL: http://94.154.35.154/x86_64.uhavenobotsxd
URL Status:Offline
Host: 94.154.35.154
Date added:2025-11-22 20:55:07 UTC
Last online:2025-12-25 07:XX:XX UTC
Threat:Malware download Malware download
Reporter: botnetkiller
Abuse complaint sent (?): Yes (2025-11-22 20:56:12 UTC to abuse{at}pitline[dot]net,abusep{at}kharkiv[dot]com)
Takedown time:1 month, 2 days, 10 hours, 37 minutes Bad (down since 2025-12-25 07:33:39 UTC)
Tags:elf geofenced mirai link ua-wget USA x86

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-12-24n/aelf f1bbfddc882d5ac60dea077c09ea820b39bf6c8a5d5632bd0a832ee991059077n/aMirai
2025-12-24n/aelf 81fe91716b2cf8a797c5946a1a395b6338ea2da4ddf891812ebac767fbee6841n/aMirai
2025-12-22n/aelf ea95889e1be7ae3975562b861493eb7ee6d2ef2e01b5d2960b52cd53305db4a3n/aMirai
2025-11-29n/aelf 9e0535b2bee4dee7d6c1cd2b53c810571cb307d27262595d47da46ec5110751bn/aMirai
2025-11-28n/aelf 11172d8bad4ff762104b31401b38dbfdbcb510c705415bd1e007f984fc18718fn/aMirai
2025-11-25n/aelf 257ae90d3a3a93c93ddfa6a9c7702d35ca382843d8e87ae13e34851bc35a841en/aMirai
2025-11-23n/aelf 4591c54052c787376ea64aae9e4297bedf835551d9e1c7db3c2e5e3f90bff02an/aMirai
2025-11-23n/aelf 85bc6f74b611809d8f5c930877e3b7198e886764235fb0c3266085400d01f8b4n/aMirai
2025-11-23n/aelf 4900de10166d8cc5412846c94b4b27469d1a63c95ac4656b9f064ed8e16ead98n/aMirai
2025-11-22n/aelf bc8e5cffd7dd12080436c205564f09b950c32b2aeb61630d696cc18f4d651941Virustotal results 20.00%Mirai