URLhaus Database

You are currently viewing the URLhaus database entry for http://www.savaswsd.duckdns.org/huhu/titanjr.x86_64 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3592228
URL:	http://www.savaswsd.duckdns.org/huhu/titanjr.x86_64
URL Status:	Offline
Host:	www.savaswsd.duckdns.org
Date added:	2025-07-29 04:25:57 UTC
Last online:	2025-09-20 21:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Blocked
dns0.eu :	Not blocked
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Reporter:	BlinkzSec
Abuse complaint sent (?):	Yes (2025-09-20 14:23:10 UTC to abuse{at}cheapy[dot]host)
Takedown time:	1 month, 27 days, 3 hours, 38 minutes (down since 2025-09-24 08:04:47 UTC)
Tags:	botnetdomain elf gafgyt mirai ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2025-09-20	n/a	elf	a9fe58e41551822b2ea37037f633edaa735b23a8d140516d0b7fb1f6a22b7cbd	29.23%		Mirai
2025-09-13	n/a	elf	ec0dcd6ec7fd6420c651fc2abae4ee2936510c6ab9cda61c16844da3efb2a4d3	9.23%		Gafgyt
2025-09-01	n/a	elf	5a51c0c5f8efff3c898200cbd6cae42a75c49dadec7701b57b1569a59699266e	26.15%		Mirai
2025-08-17	n/a	elf	5f05b883f8d26ee93f4ded11835838e288cf3e7e6d1a48bbe3da6bb74dc0500c	24.62%		Mirai
2025-08-16	n/a	elf	252d951c490157d306147429a26b7ae7ef58a1848f456a37b39792e5c4c3a393	24.62%		Mirai
2025-07-29	n/a	elf	df69228c17299906524b28f47506efa9216c483b4c4d2c76b02373cca46abf32	46.30%		Mirai