URLhaus Database

You are currently viewing the URLhaus database entry for http://31.170.22.205/dl16 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3510901
URL: http://31.170.22.205/dl16
URL Status:flame Online (spreading malware for 1 year, 1 month, 18 days, 14 hours, 0 minutes)
Host: 31.170.22.205
Date added:2025-04-14 13:09:04 UTC
Threat:Malware download Malware download
Reporter: Gandylyan1
Abuse complaint sent (?): Yes (2025-04-14 13:10:09 UTC to abuse{at}nano[dot]lv)
Tags:DDoSAgent mirai link sh ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-09-22dl16sh be23e5a1988e5ab28a7a17867f253db08046d4ebcd420c5db50060d5c490e539n/aMirai
2025-07-20dl16sh 62d357e2c963d738a7ef67596f9c23d1612ef84ec9890d6b2dc6fd69d14ec0adn/aDDoSAgent
2025-05-10dl16sh ec7bbec9779d9648895f13f8730f200f7a47e3e9a2765d69468ceb1942fccec5n/a
2025-05-04dl16sh 47d7765b22864eb36cfc4da73192d03a7e2b4ecdd5c33a309cb9b905f768e9f9n/a
2025-05-04dl16sh 92420f545f34ddbcfda20c065d11f7396f0e043e8d4f7cfc45eec3d5ac430830n/a
2025-05-03dl16sh e1e6715225015d3f1bae23ba929d3fab9abde97087fc682802395057635d6c18n/a
2025-05-02dl16sh 7c2a800f2d408619203d985f546b3d7efaa72f0698d54b6dfaf1d58edc07a126n/a
2025-05-02dl16sh 900f8b2edc7ce4e0163f65c8fa2b04b83127ef95ebb39f357be0ab888a1ccf1bn/a
2025-05-02dl16sh fc480ca779b5f93a4d5460860c966ec7bab0a02ebd849eabafa613a16675e42fn/a
2025-04-30dl16sh 185f7699653483ca49a6f6332151894b9a6c6703bf88e696f8b51329da3e097cn/a
2025-04-14dl16sh 9db752b24be20f8fabc05c7c18a01ab24f3be649e3ef1da18ee927f2535b3aa2Virustotal results 19.67%DDoSAgent