URLhaus Database

You are currently viewing the URLhaus database entry for http://94.154.43.158/i686.ghost which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:3877974
URL: http://94.154.43.158/i686.ghost
URL Status:flame Online (spreading malware for 3 days, 23 hours, 22 minutes)
Host: 94.154.43.158
Date added:2026-06-29 14:05:24 UTC
Threat:Malware download Malware download
Reporter: abuse_ch
Abuse complaint sent (?): Yes (2026-06-29 14:06:19 UTC to abuse{at}pitline[dot]net,abusep{at}kharkiv[dot]com)
Tags:elf gafgyt link mirai link ua-wget

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-07-03i686.ghostelf 2759a1bc0be90cca057cbf9a76cd4d7cb50a8c052e4d9896d2c69e7ae11adc8bn/aGafgyt
2026-07-01i686.ghostelf 72de71fc785e1f0181cde0eacf789798d7d724f542f48959a16f7643e50c73c6n/aGafgyt
2026-06-29i686.ghostelf ad2a6d87aff96ecba9458d0ba78e1b6792ab303d7f2887c83867bc88e049a9b2n/aGafgyt
2026-06-29i686.ghostelf 0120fd818e4ca578ab31e162b26673330fd04defb6a016dd773ea56fcadd075an/aMirai