URLhaus Database

You are currently viewing the URLhaus database entry for http://www.teamc2.duckdns.org/bins/arm6 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3722819
URL:	http://www.teamc2.duckdns.org/bins/arm6
URL Status:	Online (spreading malware for 22 days, 18 hours, 15 minutes)
Host:	www.teamc2.duckdns.org
Date added:	2025-12-02 05:05:22 UTC
Threat:	Malware download
URLhaus blocklist:	Blocked
Spamhaus DBL :	Abused domain (phishing)
SURBL :	Blocked
Quad9 :	Blocked
AdGuard :	Blocked
Cloudflare :	Not blocked
dns0.eu :	Status unknown
ProtonDNS :	Blocked
OpenBLD :	Not blocked
DNS4EU :	Blocked
Reporter:	BlinkzSec
Abuse complaint sent (?):	Yes (2025-12-02 05:06:17 UTC to report{at}abuseradar[dot]com)
Tags:	botnetdomain elf mirai ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2025-12-15	n/a	elf	1f984d0ca8c9f8b92d0f34afd449b540206b6634730e2975b309d494bc682e13	n/a		Mirai
2025-12-13	n/a	elf	e47c3d77ab38f6c34fc4014dcaa0a7b0f78b808b402e81ca5bedea88aca83674	n/a		Mirai
2025-12-13	n/a	elf	a9c5e5e50af14289a1c9ddfeef4abc9f145fc0761bc9faf486c9f8aba76553a9	n/a		Mirai
2025-12-13	n/a	elf	f1379f7365f9e28c2b647901e2f4fbb69f46dbbf2513918bb9a3de79870dd9a7	n/a		Mirai
2025-12-04	n/a	elf	de710fc0189f22aeab0dfd1d23359525fa641aa46ae3b9118408139a3f9388b5	48.33%		Mirai
2025-12-02	n/a	elf	2b00437e90fff82323a0c2be035aad5a98899f9a7fdd644dc00d265178280b82	46.03%		Mirai