URLhaus Database

You are currently viewing the URLhaus database entry for http://160.30.44.120/neon.armv6l which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3561580
URL:	http://160.30.44.120/neon.armv6l
URL Status:	Offline
Host:	160.30.44.120
Date added:	2025-06-12 16:48:33 UTC
Last online:	2025-07-09 11:XX:XX UTC
Threat:	Malware download
Reporter:	NDA0E
Abuse complaint sent (?):	Yes (2025-06-15 17:02:11 UTC to hm-changed{at}vnnic[dot]vn)
Takedown time:	23 days, 18 hours, 38 minutes (down since 2025-07-09 11:40:48 UTC)
Tags:	censys elf mirai opendir ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2025-06-30	n/a	elf	c0203d4a204525281f9f39bbfb62946d8162852000256dbf45629bcd2cf50c3b	53.12%		Mirai
2025-06-20	n/a	elf	b9b6ed59577bb0b00ba14762422ba09a9c5e236af380b6ac2da1f061b92ddc54	53.12%		Mirai
2025-06-20	n/a	elf	8e2fb55e8c895d7fd32321b9cc6636a97c5e5bda353fc526f6186980d47d0477	53.97%		Mirai
2025-06-20	n/a	elf	cee3cc5c5899465ebf19506e4a5fa66118741eeb8e1ca31601a7d1f3278845b1	53.12%		Mirai
2025-06-20	n/a	elf	23644c0fe6cb3c3d4c76218d44b5d344b176cb8c9a56de325bf35b9774fc9632	n/a		Mirai
2025-06-19	n/a	elf	4baf8b1879443a0e766ec774a81cfa24ab9fc02ac4f1706ad25be0419a6db22e	55.56%		Mirai
2025-06-15	n/a	elf	33c2e63ae8e3697a73b53ba41dfeb64aef5f3fdaf47c7b3b8209881f94a4bc64	54.69%		Mirai