URLhaus Database

You are currently viewing the URLhaus database entry for http://load.windy.wtf/windyluvexecutor/executor.arm64 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3703002
URL: http://load.windy.wtf/windyluvexecutor/executor.arm64
URL Status:Offline
Host: load.windy.wtf
Date added:2025-11-11 10:48:12 UTC
Last online:2025-11-11 11:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Botnet C&C domain
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Blocked
DNS4EU :Blocked
Reporter: abuse_ch
Abuse complaint sent (?): Yes (2025-11-11 10:49:16 UTC to abuse{at}cloudflare[dot]com)
Takedown time:49 minutes Wow (down since 2025-11-11 11:39:00 UTC)
Tags:elf mirai link ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-11-11n/aelf 69121b5f21dc54a12a7dd44388db6e56844735564bc327572c04f4c76333cfb4Virustotal results 18.46%Mirai