URLhaus Database

You are currently viewing the URLhaus database entry for http://143.20.185.102/windyluvexecutor/executor.arm6 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3688229
URL:	http://143.20.185.102/windyluvexecutor/executor.arm6
URL Status:	Online (spreading malware for 24 days, 17 hours, 45 minutes)
Host:	143.20.185.102
Date added:	2025-10-26 22:41:11 UTC
Threat:	Malware download
Reporter:	botnetkiller
Abuse complaint sent (?):	Yes (2025-10-26 22:42:12 UTC to report{at}abuseradar[dot]com)
Tags:	arm elf geofenced mirai ua-wget USA

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2025-11-20	n/a	elf	9707195aa5d3cf79109ac84e2c32ad91a27c0e7b6b0240f1aea37616f5982bc5	42.62%		Mirai
2025-11-20	n/a	elf	d698d65ba189c96119c7e87a595bcd844238989e42c9f1fdde1e7c21a48980c5	n/a		Mirai
2025-11-15	n/a	elf	e5b9b14bbee46a556b83c426ae2ff1333002d8af8a05dd500dd764338950cfcc	n/a		Mirai
2025-11-11	n/a	elf	0757c866d5c7562c3f53d5afac838ea9b4e1621824f1c6195128091619d48082	41.54%		Mirai
2025-11-08	n/a	elf	a28b450262545d5439f53da00e62f691b9298bbb0c7ca36395b24f643af54e80	n/a		Mirai
2025-10-26	n/a	elf	d5b3e583d9732c69e8320372d07866eccd9b792ad19a1f06c1868ee22388505d	n/a		Mirai