URLhaus Database

You are currently viewing the URLhaus database entry for http://www.b0tnett.duckdns.org/main_mpsl which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3781923
URL: http://www.b0tnett.duckdns.org/main_mpsl
URL Status:Offline
Host: www.b0tnett.duckdns.org
Date added:2026-02-20 16:48:24 UTC
Last online:2026-03-15 03:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Blocked
dns0.eu :Status unknown
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter: BlinkzSec
Abuse complaint sent (?): Yes (2026-02-20 16:49:21 UTC to irt{at}nic[dot]or[dot]kr)
Takedown time:22 days, 10 hours, 16 minutes Bad (down since 2026-03-15 03:05:32 UTC)
Tags:botnetdomain elf mirai link ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-02-28n/aelf 9093723b95effa744341daa0da44328264bc0088268f20bd0ba85bfc1d792fb4n/aMirai
2026-02-28n/aelf 969ac04fd6f1c44ceb8061883f82fe26faeff196a4e882c8d2f1f097c5d13aden/aMirai
2026-02-27n/aelf 837ad180528c688a9eeb3755a1b292d94bb7bb5cc8743040e651de9f7c486c17n/aMirai
2026-02-27n/aelf 7ee339b6c14a2ec2ae0e18892e8cca216fffdd9bbf1f4701ea144d0efea265c3n/aMirai
2026-02-24n/aelf c30838a9516acf254ba9c49309bf7dc3272ff9c397823b585d24e8002d4551b4n/aMirai
2026-02-23n/aelf 5b31e71ff674c1424e8c16ea5ba01c392294aa332a5cd1b71752175430822217n/aMirai
2026-02-22n/aelf 508a75af865f1a2f7c890009f33390fb149eccbcf4073b0280f17d8990522d1an/aMirai
2026-02-20n/aelf a25aa45b336181fecd64ec06fd727d82f44d1d91f62f9fa3028885c4cc6c7008n/aMirai