URLhaus Database

You are currently viewing the URLhaus database entry for http://94.154.43.158/x86_64.ghost which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:3877975
URL: http://94.154.43.158/x86_64.ghost
URL Status:flame Online (spreading malware for 2 days, 2 hours, 48 minutes)
Host: 94.154.43.158
Date added:2026-06-29 14:05:24 UTC
Threat:Malware download Malware download
Reporter: abuse_ch
Abuse complaint sent (?): Yes (2026-06-29 14:06:19 UTC to abuse{at}pitline[dot]net,abusep{at}kharkiv[dot]com)
Tags:elf gafgyt link mirai link ua-wget

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-07-01x86_64.ghostelf 32a92b3f1644e659a8efc837dca6d763f630b54d30c8a30f110ffb1d3d012a68n/a
2026-06-29x86_64.ghostelf 0628b4908a495c89d58975e4e48db7b0fffca8d00c23d158e19ae9739960c525n/aGafgyt
2026-06-29x86_64.ghostelf 6e2d74bc041275b644c767329368d9fe7075ffc154cfdb37cc248438a5fa5853n/aMirai