URLhaus Database

You are currently viewing the URLhaus database entry for http://mirailoversddos.duckdns.org/Orbt/Orbt.x86_64 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3684957
URL:	http://mirailoversddos.duckdns.org/Orbt/Orbt.x86_64
URL Status:	Offline
Host:	mirailoversddos.duckdns.org
Date added:	2025-10-23 17:37:08 UTC
Last online:	2026-01-20 08:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Abused domain (malware)
SURBL :	Blocked
Quad9 :	Blocked
AdGuard :	Not blocked
Cloudflare :	Blocked
dns0.eu :	Not blocked
ProtonDNS :	Blocked
OpenBLD :	Blocked
DNS4EU :	Not blocked
Reporter:	DaveLikesMalwre
Abuse complaint sent (?):	Yes (2026-01-18 14:05:16 UTC to report{at}abuseradar[dot]com)
Takedown time:	2 months, 28 days, 14 hours, 30 minutes (down since 2026-01-20 08:08:38 UTC)
Tags:	botnetdomain mirai opendir

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2026-01-18	n/a	elf	f2e54f748b17e0024edfa2572cc2167b9067dbc5597b7242ad5c7b8bcc414ff9	n/a		Mirai
2025-10-28	n/a	elf	68aa9d2e946a9cd7b886e7b1e3c0e30e3599260a76f8ccd45883748bdd4d43e0	38.46%		Mirai
2025-10-27	n/a	elf	d9076cbc901f444cc357dc26fe5c8e8a2ed7f1164ccd36ef44b49b912ff7f2e1	n/a		Mirai
2025-10-26	n/a	elf	074c628f18145b1bfd1178ef0dd6e1999fec2c6f8bfc6aff9167fa3728d59409	36.92%		Mirai
2025-10-24	n/a	elf	1885f84ae0f15e66936dc1c4c8fbfcc8922edaf24445b4e7b9fe409c44edc2f5	n/a		Mirai
2025-10-23	n/a	elf	2c2a7c1bb15e2427932d810b9359e1fce5cf6800153807ca0d28c7816be12cf8	35.94%		Mirai