URLhaus Database

You are currently viewing the URLhaus database entry for http://31.170.22.205/dl201 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3532985
URL:	http://31.170.22.205/dl201
URL Status:	Online (spreading malware for 1 year, 1 month, 0 days, 8 hours, 12 minutes)
Host:	31.170.22.205
Date added:	2025-05-02 19:01:04 UTC
Threat:	Malware download
Reporter:	cesnet_certs
Abuse complaint sent (?):	Yes (2025-05-02 19:02:08 UTC to abuse{at}nano[dot]lv)
Tags:	DDoSAgent mirai

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2025-09-22	dl201	sh	1748ecc88d7151843531fcfa01058abd145011f2fcc59e14d9fd0b18e53c4e2f	n/a		Mirai
2025-07-20	dl201	sh	3edcc282706f25748cb78b59ee6e3e460cd96d054522e7fbd573742fc397b14a	n/a		DDoSAgent
2025-05-10	dl201	sh	1a65a69ba1262c380c93d750b6c1a51b6556f3c5e256b1fac188afe173ebaf67	n/a
2025-05-04	dl201	sh	a9298a3d85b5aa118726d9a48b8dd914a522b7da642d417d599ed0dc5e3c44a4	n/a
2025-05-04	dl201	sh	e39cc7f14cd8109ee35c43d86638ec2e45655a02c0b117fd7fa8c96089ed3cc0	n/a
2025-05-04	dl201	sh	155fa2f53fd0dc64df1e268621c500ea14abc78a7386f17518fc4c7dc4cad411	n/a
2025-05-03	dl201	sh	671ebf4fb4a3c33011daf516778e989d18fd098fb49285df69d813c15fb5c622	n/a
2025-05-02	dl201	sh	84f228052f0382afe74b823ad694bc91bb0fdad4bbee8cef2658cf7e94426bec	34.43%