URLhaus Database

You are currently viewing the URLhaus database entry for http://www.b0tnett.duckdns.org/main_sh4 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3781930
URL: http://www.b0tnett.duckdns.org/main_sh4
URL Status:Offline
Host: www.b0tnett.duckdns.org
Date added:2026-02-20 16:48:27 UTC
Last online:2026-03-15 01:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Blocked
dns0.eu :Status unknown
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter: BlinkzSec
Abuse complaint sent (?): Yes (2026-02-20 16:49:21 UTC to irt{at}nic[dot]or[dot]kr)
Takedown time:22 days, 8 hours, 38 minutes Bad (down since 2026-03-15 01:28:19 UTC)
Tags:botnetdomain elf mirai link ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-02-28n/aelf 76b05b1a1afd7de61c4b9be7c02c3f6515e4aba0f59269416a670e06fc9d709en/aMirai
2026-02-28n/aelf 194420d0393124ffc9586eaabcbe8dc643a9fe25b2db67b971fb5c01dc14689bn/aMirai
2026-02-27n/aelf fa6596f9f49becc7d33d43ffebb63ea856bebfd4b9cc0551361bf364f94296fbn/aMirai
2026-02-24n/aelf 0a1974f2a8ce22fa40748271a1c9d8108dda5dfb5e755e40f12fe6c315ac7038n/aMirai
2026-02-23n/aelf 765b06d48da8554cdd725bc6a1649a19ff741668a5e0846b7eaccf5877c6eab4n/aMirai
2026-02-22n/aelf fb3e21c2bb40cd81b51934ab4877b02815ad0546eb82d936d529ec7ba1330a09n/aMirai
2026-02-20n/aelf 3d2496c34de57669670070825b43cfec24eff1ab5c8c2803c057c538d916023cn/aMirai