URLhaus Database

You are currently viewing the URLhaus database entry for http://92.113.21.114:81/armv5l which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	3593716
URL:	http://92.113.21.114:81/armv5l
URL Status:	Offline
Host:	92.113.21.114
Date added:	2025-07-31 15:13:07 UTC
Last online:	2025-08-11 11:XX:XX UTC
Threat:	Malware download
Reporter:	abuse_ch
Abuse complaint sent (?):	Yes (2025-07-31 15:14:16 UTC to abuse{at}hostinger[dot]com)
Takedown time:	10 days, 20 hours, 29 minutes (down since 2025-08-11 11:43:25 UTC)
Tags:	gafgyt mirai

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2025-08-11	n/a	elf	34a9ed3e4db6f05b9c6f38d7c1688eb5628c9106bd24efe8035d2114e3b3b544	n/a	Mirai
2025-08-10	n/a	elf	4f586b94ffdd1276d511378c0d2806ee203190b22c39065f236df3194ef9a66d	n/a	Mirai
2025-08-10	n/a	elf	30308d4db349f41e9a0b8fee1176be88d9dae5597d05d3e4bc4d90120081fa34	n/a	Mirai
2025-08-06	n/a	elf	400fffe5d2fcb412b32ba593b57c33257b427c4ba174b6a2121fc4214c867944	n/a	Gafgyt
2025-08-04	n/a	elf	2c612a40ef588574215454f42441657cdfc37f25910464e7300b535e394f9ff0	30.16%	Gafgyt
2025-08-03	n/a	elf	802b7746d22ab2b4d16639d205a5d826d6d0bdd6c3f7bc0059c6674d91f388bc	n/a	Gafgyt
2025-07-31	n/a	elf	3f05e594725670b9dfe9b1ada525a798be41afd6b08af0ceb1b28bcb03f2c51f	n/a	Gafgyt