URLhaus Database

You are currently viewing the URLhaus database entry for http://b0tnett.duckdns.org/main_arm7 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3781913
URL: http://b0tnett.duckdns.org/main_arm7
URL Status:Offline
Host: b0tnett.duckdns.org
Date added:2026-02-20 16:48:22 UTC
Last online:2026-03-15 02:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Blocked
dns0.eu :Status unknown
ProtonDNS :Not blocked
OpenBLD :Blocked
DNS4EU :Not blocked
Reporter: BlinkzSec
Abuse complaint sent (?): Yes (2026-02-20 16:49:20 UTC to irt{at}nic[dot]or[dot]kr)
Takedown time:22 days, 9 hours, 58 minutes Bad (down since 2026-03-15 02:47:27 UTC)
Tags:botnetdomain elf mirai link ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-02-28n/aelf 01b064d7885a173901721afbfa805c4677a0c8326c2be1a3e4e1eaefecb5ddacn/aMirai
2026-02-28n/aelf 6bba94ed6f459d480ddb5ccf6862465dbdc4a35c7ea31bf66b3e6074d06fbbb0n/aMirai
2026-02-27n/aelf f19a5e21890fd7c9cd91c023419507310c675e6b74d15417d52b805c1368ccc3n/aMirai
2026-02-24n/aelf d4040fa8647b5b90e1d3bfbdd35b2dfa15c55df6bd31aa6b23dac22f22fcaca6n/aMirai
2026-02-23n/aelf 91f9e1a24ea700822b660eee81789c7811256f5e7e8d0fb866a29dd7ec680702n/aMirai
2026-02-22n/aelf 9980df3ab1d38c47d472617a993ab1757a649ea0c3a28a7f97551711bedc8f3fn/aMirai
2026-02-20n/aelf 4f1dab6e6a2807904f784d743a5db4000295be99b2bc3d880b8e39433be3f5d9n/aMirai