URLhaus Database

You are currently viewing the URLhaus database entry for http://mirailoversddos.duckdns.org/Orbt/Orbt.ppc which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3684965
URL:	http://mirailoversddos.duckdns.org/Orbt/Orbt.ppc
URL Status:	Offline
Host:	mirailoversddos.duckdns.org
Date added:	2025-10-23 17:37:09 UTC
Last online:	2026-01-20 07:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Abused domain (malware)
SURBL :	Not blocked
Quad9 :	Blocked
AdGuard :	Not blocked
Cloudflare :	Blocked
dns0.eu :	Not blocked
ProtonDNS :	Status unknown
OpenBLD :	Blocked
DNS4EU :	Not blocked
Reporter:	DaveLikesMalwre
Abuse complaint sent (?):	Yes (2026-01-20 01:46:10 UTC to report{at}abuseradar[dot]com)
Takedown time:	2 months, 28 days, 14 hours, 6 minutes (down since 2026-01-20 07:45:11 UTC)
Tags:	botnetdomain gafgyt mirai opendir

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2026-01-20	Orbt.ppc	elf	dbb09d56167cb2530f9e8b21eae90fb264918e9d6396e1fe5bada16b8cb4d135	n/a		Mirai
2025-10-28	Orbt.ppc	elf	2541e7c6889f9f3322ac0a8eda7f15f46b8c4f8d742953235d8818a41245e62b	n/a		Gafgyt
2025-10-27	Orbt.ppc	elf	559374f73405dc5bfd302f53f833e9ad7b9a77e64369af3b52ea9c22770064e9	n/a		Gafgyt
2025-10-26	Orbt.ppc	elf	ff35ec93488c408f30af4c15a0d606ca6b1794452c477dbb8a607b33ea85e9ab	40.00%		Mirai
2025-10-24	Orbt.ppc	elf	f3fc4707dac94d9bd86324d1a4b1d020b4a68112b7cd1df5e860a8c6e7abe48f	n/a		Mirai
2025-10-23	Orbt.ppc	elf	e27d161776faa154a67d52e51c47e84dcb1fbdfb577cc412b9e84712957e04d3	n/a		Mirai