URLhaus Database

You are currently viewing the URLhaus database entry for http://92.42.100.131/tplink/arm7 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3856297
URL: http://92.42.100.131/tplink/arm7
URL Status:flame Online (spreading malware for 22 days, 15 hours, 40 minutes)
Host: 92.42.100.131
Date added:2026-05-31 07:19:28 UTC
Threat:Malware download Malware download
Reporter: abuse_ch
Abuse complaint sent (?): Yes (2026-05-31 07:20:16 UTC to alexcimadamore{at}gmail[dot]com)
Tags:elf mirai link ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-06-12n/aelf 0e6f2e466d1ada0a620232e4c707412931b7b3b63c2f6130530cf06b09a77dc5n/aMirai
2026-06-10n/aelf 87956094f7a0482e92b34884b2d3a8fa6433d473d97aaa155f86e716ed6d29ebn/aMirai
2026-06-10n/aelf a4ee376bd6388fbc3b852b27ab057453d489ed8b380a99a1a5e4ab88eff86802n/aMirai
2026-06-10n/aelf ab368d35a59475b0d1dd865cbc1222a59e00473bbe15a10582d5e4c6870f376an/aMirai
2026-06-09n/aelf 4959eac53a51aea0e767c2db246732586f706b738a09b27e6b7a5f49fdb26525n/aMirai
2026-06-03n/aelf 908ca3ed1a482d3af80ea0fabaf9bcb6199ccfb7c820be4c82c6f879007c8ffdn/aMirai
2026-06-02n/aelf 2181637818db1566030dcf44a72c7fd33a96dcc77fd79e86da42b10811ddd392n/aMirai
2026-06-02n/aelf 378610d8625004953e60be2d43f5d7389bcce6cd765b9dfbcc029aad379155b6n/aMirai
2026-06-01n/aelf fbb4882273f777b3191990c58f8fcf6fbc9782120f9a0c47b9ee4f9fca8b7d71n/aMirai
2026-05-31n/aelf 13276d04bfb4ed0b81c38cb49e70571319fd61f593179bc3bacc6c8e29fc1badn/aMirai