URLhaus Database

You are currently viewing the URLhaus database entry for http://31.170.22.205/dl20 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3494793
URL: http://31.170.22.205/dl20
URL Status:flame Online (spreading malware for 1 year, 2 month, 3 days, 23 hours, 22 minutes)
Host: 31.170.22.205
Date added:2025-03-29 14:59:04 UTC
Threat:Malware download Malware download
Reporter: NDA0E
Abuse complaint sent (?): Yes (2025-03-29 15:00:10 UTC to abuse{at}nano[dot]lv)
Tags:DDoSAgent mirai link sh ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-09-22dl20sh 984754a4a777a24c91ec69645dbf3680f43672bba79d5d98dd23bf7f6d1d3436n/aMirai
2025-07-20dl20sh bfbb97df182a601ebfd154ccb66b1c6340493fbb79dbe77897683580af23828dn/aDDoSAgent
2025-05-10dl20sh 332ad0a32dc5027a1c784f1ab7ee96bfb1f6210014c94899451b70d53b645db1n/a
2025-05-04dl20sh 9544fcf13acc4c5c222fa1deb34b95696bc5115936ca5d7e5c86c3cdabd4c92cn/a
2025-05-04dl20sh a1f1fa08ba94e190e5ec36ed2ff6a0518aa0c60d1f743ea8bda6a9b7a96488den/a
2025-05-03dl20sh 5436b497c23f26dac22ec91c1ba1486487a5edf974d02d73369945e6941f0412n/a
2025-05-02dl20sh 502e9a7e37bc166822728960938d9d38208998d5249c15dc1267af6affd6d94cn/a
2025-05-02dl20sh 4a248a32e4e26dc7ba9d238e0b3f2c56e8e440357cf1ce5b9d3b14b3819e61c0n/a
2025-05-02dl20sh ce1c79ad789e19c51b079f7e31d0a5ef708a5ab2bf469e4b918fdba5c9585d4bn/a
2025-04-30dl20sh 1ca7c62f2d8fff65d398d1af105c2563de4b401ed4a3bc7b4a05ed04d0fa89dfn/a
2025-04-12dl20sh 715f575d541ffd9e88629137f74ac3aec9c1081721a53be4d8cce125d62444aan/aDDoSAgent
2025-04-03dl20sh 99d25f273a5055f64109ce45c483314442639548f2bd72ce8342c14428c3624bn/aDDoSAgent
2025-03-29n/ash b914ffd9536ad6cbc32c44479084c21cc93bebf31e5b83f5e4a30bfebffea0f5Virustotal results 14.52%DDoSAgent