URLhaus Database

You are currently viewing the URLhaus database entry for http://mirailoversddos.duckdns.org/Orbt/Orbt.mips which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3684970
URL:	http://mirailoversddos.duckdns.org/Orbt/Orbt.mips
URL Status:	Offline
Host:	mirailoversddos.duckdns.org
Date added:	2025-10-23 17:37:17 UTC
Last online:	2026-01-20 08:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Abused domain (malware)
SURBL :	Not blocked
Quad9 :	Blocked
AdGuard :	Not blocked
Cloudflare :	Blocked
dns0.eu :	Not blocked
ProtonDNS :	Status unknown
OpenBLD :	Blocked
DNS4EU :	Not blocked
Reporter:	DaveLikesMalwre
Abuse complaint sent (?):	Yes (2026-01-18 18:44:10 UTC to report{at}abuseradar[dot]com)
Takedown time:	2 months, 28 days, 14 hours, 58 minutes (down since 2026-01-20 08:36:49 UTC)
Tags:	botnetdomain gafgyt mirai opendir

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2026-01-18	Orbt.mips	elf	9c13c8b7bbf47fa6be4edc900ad7166e85e126376870eb872d017eb4f1d71cae	n/a		Gafgyt
2025-10-28	Orbt.mips	elf	74b0536ba2de49f1989592c085010eb3400aa33b4a4b85424e320fb74d143d82	n/a		Mirai
2025-10-26	Orbt.mips	elf	ddc8a3d0a9c5f1384376e3cf576fbb51c4111872c4f0f35eef07eca9d53d19d3	46.15%		Mirai
2025-10-24	Orbt.mips	elf	37feacb2f37261ce205d7abd4350c15389db51aff36964a63cab72fd291a1f48	n/a		Mirai
2025-10-23	Orbt.mips	elf	1be687db16ba873766dd9393bb56a693e8c3cc78464117ae87e8d234301d4efd	35.94%		Mirai