URLhaus Database

You are currently viewing the URLhaus database entry for http://103.176.20.59/ppc which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	3591776
URL:	http://103.176.20.59/ppc
URL Status:	Offline
Host:	103.176.20.59
Date added:	2025-07-28 20:14:12 UTC
Last online:	2025-08-25 14:XX:XX UTC
Threat:	Malware download
Reporter:	NDA0E
Abuse complaint sent (?):	Yes (2025-07-28 20:15:12 UTC to hm-changed{at}vnnic[dot]vn)
Takedown time:	27 days, 18 hours, 14 minutes (down since 2025-08-25 14:30:08 UTC)
Tags:	censys elf mirai ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2025-08-22	n/a	elf	fcf0f57616623cd195b3963aebfcd8439586965a53fbddd7c1437ebfb5a59a25	39.68%	Mirai
2025-08-21	n/a	elf	018216181f91af006d130dc38fdabdd601a78a2b687c0fce0f98d43a26bd5e43	39.06%	Mirai
2025-08-15	n/a	elf	1d1aec5b4a2106fa7d75d6975c7d84d948a452d035f8d0ac74ddd153fa120d8d	n/a	Mirai
2025-08-09	n/a	elf	e24edf7bdf860b92ba8d21e485406031ca459ebdc705d3cde83b5ec1955e9452	n/a	Mirai
2025-08-05	n/a	elf	8d11587fcdc7535e5d945aa76b875d925f8a432a39549b68ff9f486afb2f2445	n/a	Mirai
2025-08-01	n/a	elf	01ea7154a641b90a3ae8e6387c77ae68acb2e71daad47a6dfb034160ed1207f1	n/a	Mirai
2025-07-28	n/a	elf	7efe43d2de2e1ed77ebb6d65c72b1bb8a1798df86b0d6dd6bf2a90c44aa6528e	62.50%	Mirai