URLhaus Database

You are currently viewing the URLhaus database entry for http://ptptonuwu.duckdns.org/bins/xnxnxnxnxnxnxnxnmipsxnxn which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3696649
URL:	http://ptptonuwu.duckdns.org/bins/xnxnxnxnxnxnxnxnmipsxnxn
URL Status:	Online (spreading malware for 1 month, 28 days, 8 hours, 28 minutes)
Host:	ptptonuwu.duckdns.org
Date added:	2025-11-05 03:54:13 UTC
Threat:	Malware download
URLhaus blocklist:	Blocked
Spamhaus DBL :	Abused domain (botnet C&C)
SURBL :	Blocked
Quad9 :	Blocked
AdGuard :	Not blocked
Cloudflare :	Blocked
dns0.eu :	Not blocked
ProtonDNS :	Blocked
OpenBLD :	Blocked
DNS4EU :	Blocked
Reporter:	BlinkzSec
Abuse complaint sent (?):	Yes (2025-12-31 18:14:10 UTC to abuse{at}virtualine[dot]org)
Tags:	botnetdomain elf mirai opendir

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2026-01-01	n/a	elf	344bf6641f112d9ad20b21d0199f70e355a019843cda4038e651ce34be11ff46	n/a		Mirai
2025-12-31	n/a	elf	a0c072c5c3dee6d5b1b48815d6a8e1ed34d447c98e6ec344e6cbed193179adfe	n/a		Mirai
2025-12-29	n/a	elf	e1cfdd461d310ea6e9b2ee5c06cf774c474156d2611283845bb6de52bcfc4896	n/a		Mirai
2025-11-25	n/a	elf	a26425304033bc85f9edb81f75f4a1799d69b8f1b1b8f4fdc2ee5cef6e8a378d	n/a		Mirai
2025-11-15	n/a	elf	b45801d1c9bb5d31913f3c6d1bd83db4412014dd13b9f2e81719422e1d1b9ec1	n/a		Mirai
2025-11-12	n/a	elf	cbada6601d85cec73726566a544b3a9d9ad619d7b8c768123737115bbddf8afc	n/a		Mirai
2025-11-05	n/a	elf	23e8188ff6a5422aa9a12a008406d166d10ceb6f5db08183acbd65a6898d3e7e	17.19%		Mirai