URLhaus Database

You are currently viewing the URLhaus database entry for http://103.20.102.84/arm5 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	3569012
URL:	http://103.20.102.84/arm5
URL Status:	Offline
Host:	103.20.102.84
Date added:	2025-06-21 19:48:07 UTC
Last online:	2025-08-06 00:XX:XX UTC
Threat:	Malware download
Reporter:	NDA0E
Abuse complaint sent (?):	Yes (2025-06-21 19:49:11 UTC to hm-changed{at}vnnic[dot]vn)
Takedown time:	1 month, 15 days, 4 hours, 13 minutes (down since 2025-08-06 00:02:20 UTC)
Tags:	censys elf mirai ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2025-08-05	n/a	elf	718c9d1905c62a6fed982fb0d52366417cc88c50482d924d8521c62c0cf01eba	n/a	Mirai
2025-07-16	n/a	elf	af5ab0d3fed9b08ff76c5c4773e1896089fa9031fe1879a93804178bc8fcef60	32.81%	Mirai
2025-07-07	n/a	elf	d602473c9fa3c9e2fbdaaf1ede2e7247be9b979fdd313c3c089517f408fd3b19	n/a	Mirai
2025-06-26	n/a	elf	2b479fa0b3bd1d72d2a258243a192aaab4707b951687e5dc1b50baf907d1ae1c	n/a	Mirai
2025-06-23	n/a	elf	3443dd79e0fec1ea9aeaafe9335889f9c9002f5a186f5af97e27a5f99f9f66f6	n/a	Mirai
2025-06-21	n/a	elf	001040828d6728890a374f2e242440248235fa2f3ed9c38f3a164b3649207845	n/a	Mirai