URLhaus Database

You are currently viewing the URLhaus database entry for http://mirailoversddos.duckdns.org/Orbt/Orbt.sh4 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3684994
URL:	http://mirailoversddos.duckdns.org/Orbt/Orbt.sh4
URL Status:	Offline
Host:	mirailoversddos.duckdns.org
Date added:	2025-10-23 17:52:19 UTC
Last online:	2026-01-20 08:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Abused domain (malware)
SURBL :	Not blocked
Quad9 :	Blocked
AdGuard :	Not blocked
Cloudflare :	Blocked
dns0.eu :	Not blocked
ProtonDNS :	Status unknown
OpenBLD :	Blocked
DNS4EU :	Not blocked
Reporter:	DaveLikesMalwre
Abuse complaint sent (?):	Yes (2026-01-19 07:37:12 UTC to report{at}abuseradar[dot]com)
Takedown time:	2 months, 28 days, 14 hours, 44 minutes (down since 2026-01-20 08:37:19 UTC)
Tags:	botnetdomain mirai opendir

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2026-01-19	n/a	elf	ce2f74c1f6ebc282c5f6d8f08cfbbf9e7f77c657dc240a95b8c66bed021ee467	n/a		Mirai
2025-10-28	n/a	elf	6989188b3846b5e5cadae585e17bf98bf234a8ade6a0ee7326f2a77c4069c1aa	n/a		Mirai
2025-10-28	n/a	elf	0018c3a0ebe07eafddadceb7fef8fe50ce6a468fc22df79f7d586d0c96b82499	54.69%		Mirai
2025-10-26	n/a	elf	de2a6f53dec7a04bce34e364e60245593125d354afbb238232408026f31ab91d	47.69%		Mirai
2025-10-24	n/a	elf	9c09e17f94554c992940d886d214c8c4a25451aada335f2d374f0706f963c117	50.77%		Mirai
2025-10-23	n/a	elf	09af2f4915907e1cd9b5dab6cb843cb9eff20bc35bd874d186b4ffd882c291f1	n/a		Mirai