URLhaus Database

You are currently viewing the URLhaus database entry for http://94.154.43.158/mips.ghost which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:3877982
URL: http://94.154.43.158/mips.ghost
URL Status:Offline
Host: 94.154.43.158
Date added:2026-06-29 14:05:30 UTC
Last online:2026-07-03 19:XX:XX UTC
Threat:Malware download Malware download
Reporter: abuse_ch
Abuse complaint sent (?): Yes (2026-06-29 14:06:19 UTC to abuse{at}pitline[dot]net,abusep{at}kharkiv[dot]com)
Takedown time:4 days, 4 hours, 54 minutes Bad (down since 2026-07-03 19:01:14 UTC)
Tags:elf gafgyt link mirai link ua-wget

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-07-03mips.ghostelf 545526a718616bc8dcdd4e3ca29f02dcabdf712fcc413fc369dcd36fb9517aa5n/aMirai
2026-07-03mips.ghostelf 6c84c701190032361e71713159e3c501810c42b56af1664d016f291e405c0e44n/aGafgyt
2026-07-01mips.ghostelf a05e103425d6818e9ad2f041f86404befe125211405a8c0d114425d4f8d6aed5n/aGafgyt
2026-06-29mips.ghostelf c4b8ae9b3d504e818e743b2a33c3fec1705fccf116ee12c4e6c0ed26ce1f2a15n/aGafgyt
2026-06-29mips.ghostelf 83a5fb685c965f59f05d9a3dedf8c29ed5264401fa39e5593410e85cd84328e1n/a