URLhaus Database

You are currently viewing the URLhaus database entry for http://185.243.99.154/kinsing_aarch64 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3749961
URL: http://185.243.99.154/kinsing_aarch64
URL Status:flame Online (spreading malware for 1 month, 8 days, 7 hours, 31 minutes)
Host: 185.243.99.154
Date added:2026-01-04 05:48:10 UTC
Threat:Malware download Malware download
Reporter: botnetkiller
Abuse complaint sent (?): Yes (2026-01-04 05:49:11 UTC to abuse{at}ntup[dot]net)
Tags:elf geofenced kinsing link ua-wget USA

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-02-10n/aelf 6966d265ffbe5c933f0e098473fd9c31344fe0c4e6d66654150b6f42e0c4ccf2n/aKinsing
2026-02-01n/aelf 6775ad82c2fc4df72d91b8e1dcb8699f445fe4bf460f39d0b9bf2d12d590d65fn/a
2026-02-01n/aelf f076586cc642769efca8fc6dce36af4a3e0cc672b6fd4ac4d1393a5ce08395d6n/a
2026-01-30n/aelf ac3476b32ee23dffc19d65316b0d4d4ee10776874815ded9aa4ea5a2a61b4a8dn/a
2026-01-29n/aelf 701bffa64e6998d89c55252435caf3cfe139a64fc4c30016549903528c21ec95n/a
2026-01-23n/aelf d61098f9461e825c611ed01f5f7f78a24102f7ccc84b725746134968c3c7adfbn/a
2026-01-22n/aelf a6212c039c3ad17c76441ec03e5ee863c00ae92b36712c52876133976c333d18n/a
2026-01-18n/aelf c37e8e7d0a670a127634fbf1f87660024cdb83d5b2fdccd7eda4ffbcc5e83fc6n/a
2026-01-06n/aelf 972c4473c6575de7fa1add05221b128502e28a0a9f80cf822fe68d1ee6c18332n/a
2026-01-05n/aelf 214b4b60c9bbeab17f68bf41e8aae76170c2bd3647659916537eb7bf65ca7879n/aKinsing
2026-01-04n/aelf c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bfn/aKinsing