URLhaus Database

You are currently viewing the URLhaus database entry for http://91.92.241.10/xmrig_config.json which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3756987
URL: http://91.92.241.10/xmrig_config.json
URL Status:flame Online (spreading malware for 9 days, 18 hours, 37 minutes)
Host: 91.92.241.10
Date added:2026-01-12 23:53:05 UTC
Threat:Malware download Malware download
Reporter: botnetkiller
Abuse complaint sent (?): Yes (2026-01-13 00:29:10 UTC to abuse{at}lanedo[dot]net)
Tags:CoinMiner config geofenced json ua-wget USA

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-01-22xmrig_config.jsonjson b6d7eb5a7c551227308516cb48d3853fa87b877aadf4c12a39b9408fda77e605n/a 
2026-01-22xmrig_config.jsonjson 7471c13269cf39a05d6bffa906f06e7623885fcda38a038c947e9cb13e4b40e5n/a 
2026-01-18xmrig_config.jsonjson ea7b78eadc6370b6b5323155c84ea9ce8cf544e9c7cb37d350670777fbb02087n/a 
2026-01-17xmrig_config.jsonjson 6bf98309b61fdaa49e4be2feae466c1b71b8ab4e4c6474cef18bb0db1f2d90acn/a 
2026-01-16xmrig_config.jsonjson 2a08798497c18443145fd382ca6c8ee01229fa626f312e68f73f98be843ef55cn/a 
2026-01-16xmrig_config.jsonjson 05aa5c6a36174f19e5ac4b61712024b5d3d7f95f2258c8962b0ba37fbc3ea3dbn/a 
2026-01-15xmrig_config.jsonjson eb405362fef47cb7d8e3256dacd4dad43d7ef412585a7bb951c90514c7279bfdn/a 
2026-01-13xmrig_config.jsonjson ba13f696f31a0e14336ccd26a6076891f36a44b60955a4408d6ffd79236ce3c1n/a 
2026-01-13xmrig_config.jsonjson c2f70c08f7537e17b64f4311255b70204b0b8a814294ff46d2a257ac3f12ea23n/a 
2026-01-13xmrig_config.jsonjson 582bc175d7e103269f1c02fa4656ae6cb8ea08a341e373f2846d46c71dbbb4f5n/a