URLhaus Database

You are currently viewing the URLhaus database entry for http://103.176.20.59/gmips which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	3591780
URL:	http://103.176.20.59/gmips
URL Status:	Offline
Host:	103.176.20.59
Date added:	2025-07-28 20:14:12 UTC
Last online:	2025-08-25 20:XX:XX UTC
Threat:	Malware download
Reporter:	NDA0E
Abuse complaint sent (?):	Yes (2025-07-28 20:15:12 UTC to hm-changed{at}vnnic[dot]vn)
Takedown time:	27 days, 23 hours, 48 minutes (down since 2025-08-25 20:03:55 UTC)
Tags:	censys elf gafgyt mirai ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2025-08-22	n/a	elf	1c749f94000e0a025d1a2d232e43ef5e710d7176d8a3f77730b4074ce118587d	25.00%	Mirai
2025-08-21	n/a	elf	9857e1042c9409262b6b56a2d8b4a12d4bf8c1aae37203f1198adf32caee3250	n/a	Gafgyt
2025-08-15	n/a	elf	b58c666499f14bdeb33749e3749e898f1b063cd0f1c2f045608125fdadf1e10d	20.31%	Gafgyt
2025-08-09	n/a	elf	6b6227430254d37dbfc9bd3de3a667024e49b9293cdc160b491e8f84a6e2e843	20.31%	Gafgyt
2025-08-05	n/a	elf	33dc829f7fc3fa88d67a841c180cb8110ada0af9b1dc6cf51594800faf80b61c	n/a	Gafgyt
2025-07-28	n/a	elf	e2918a39a0d36eb746ca4153c00e77e49d2cf8234f55f04324064e4566999218	50.00%	Gafgyt