URLhaus Database

You are currently viewing the URLhaus database entry for http://ptptonuwu.duckdns.org/bins/xnxnxnxnxnxnxnxnx86_64xnxn which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3696645
URL: http://ptptonuwu.duckdns.org/bins/xnxnxnxnxnxnxnxnx86_64xnxn
URL Status:flame Online (spreading malware for 1 month, 28 days, 6 hours, 46 minutes)
Host: ptptonuwu.duckdns.org
Date added:2025-11-05 03:54:08 UTC
Threat:Malware download Malware download
URLhaus blocklist:Blocked
Spamhaus DBL :Abused domain (malware)
SURBL :Blocked
Quad9 :Blocked
AdGuard :Not blocked
Cloudflare :Blocked
dns0.eu :Not blocked
ProtonDNS :Blocked
OpenBLD :Blocked
DNS4EU :Blocked
Reporter: BlinkzSec
Abuse complaint sent (?): Yes (2025-12-31 19:40:16 UTC to abuse{at}abusehandler[dot]net)
Tags:botnetdomain elf mirai link opendir

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-01-01n/aelf a6e8a6cba75f2d56dbe947012faaf9a1c148c163c83078434060bbd7e7cf402dn/aMirai
2025-12-31n/aelf 50ae814c637ffdd27b183681d09cc790a2c8f6af661794da06b680113503570bn/aMirai
2025-12-29n/aelf ddae66f2235ec24a1d65c683cfba15ce91576ff51b987085b4a1edaa2543f823n/aMirai
2025-11-25n/aelf 3431a3ea2c40415974bd5a958bbdb768cb2c9d46297fc8c72412dc1304f35cccn/aMirai
2025-11-15n/aelf a8d57354be7bacdb407fd88983437a4347b527c6a29db6bd5ef96f8d02f175afn/aMirai
2025-11-12n/aelf c5a64433d8e8865032a3edd2db818c0e379073c65497e2742ba002f4c6a2315cn/aMirai
2025-11-05n/aelf e6f5d7f66e65b6147e2b9d6bef6b2190d3ea551ecf2027ba6fa9014432e39ebfVirustotal results 13.85%Mirai