URLhaus Database

You are currently viewing the URLhaus database entry for http://160.30.44.120/dwrioej/neon.x86_64 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3559974
URL:	http://160.30.44.120/dwrioej/neon.x86_64
URL Status:	Offline
Host:	160.30.44.120
Date added:	2025-06-09 16:00:09 UTC
Last online:	2025-07-09 11:XX:XX UTC
Threat:	Malware download
Reporter:	NDA0E
Abuse complaint sent (?):	Yes (2025-06-09 16:01:08 UTC to hm-changed{at}vnnic[dot]vn)
Takedown time:	29 days, 19 hours, 44 minutes (down since 2025-07-09 11:45:48 UTC)
Tags:	elf mirai opendir ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2025-06-30	n/a	elf	92a79801513ef6941ab613b53691339d35bda1a353414009bc9a4a75d4e34b66	n/a		Mirai
2025-06-20	n/a	elf	4b9c40b0049d3c9b46ce2578579bbd334bfeb12fe4184baf387a1f3ccb952d2b	n/a		Mirai
2025-06-20	n/a	elf	0749e85bc5e9dd55c48ef5a4d15b16630450663d81087b131c477994161c121c	n/a		Mirai
2025-06-20	n/a	elf	34d705ada75c665494aecd6ffac896940eaf9ddc1c1fe0b0db7c9e0f37d119a2	n/a		Mirai
2025-06-19	n/a	elf	9ba9f2ba8062309049f14f3a3a8ff50b363cf7a1a1a9b5e30a8ec8ca79c62fda	55.38%		Mirai
2025-06-15	n/a	elf	6fdb01658e57d04b2a32ffd64800bed60e9751b979114b8516b9bbed0bccb32b	56.92%		Mirai
2025-06-14	n/a	elf	ed8ce04e9655b15bd0c879db26bbdba636c3bca42d3de9b4882641c8f534e011	n/a		Mirai
2025-06-14	n/a	elf	d98a98328f79918816dfff830bebb6f7d70eec62000ffc529ea94d89e6127dc7	n/a		Mirai
2025-06-10	n/a	elf	80326856be566072ffd98509f60baab38204b77db3b5428dcf7d8f2c69556b73	n/a		Mirai
2025-06-09	n/a	elf	2ea414ae44d82c446d855db05f1a09792954539987b9dc80f43d9f0b4860ea27	43.08%		Mirai