URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	androidmedallo.duckdns.org
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Control D HaGeZi :	Not blocked
Firstseen:	2021-07-21 08:21:05 UTC
Total malware sites :	10
Online malware sites :	0 (0%)
Offline Malware sites :	10 (100%)
A record(s) observed :	168

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-04-27 15:34:45	192.169.69.26	sinkhole.hyas.com	Not listed	AS27323 SERVERSTADIUM	US	yes
2022-05-31 00:39:04	46.246.12.21	c-46-246-12-21.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2021-09-20 13:53:15	46.246.26.12	c-46-246-26-12.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2022-12-31 16:41:56	46.246.84.2	c-46-246-84-2.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2022-01-26 08:33:55	46.246.84.18	c-46-246-84-18.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2021-08-08 21:04:44	46.246.84.8	c-46-246-84-8.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2021-08-05 16:05:52	46.246.80.12	c-46-246-80-12.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2022-12-22 17:39:59	46.246.80.17	c-46-246-80-17.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2022-01-24 16:53:10	46.246.82.19	c-46-246-82-19.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2021-10-06 12:54:13	46.246.4.2	c-46-246-4-2.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2021-07-21 08:28:46	http://androidmedallo.duckdns.org/Claro%20Secur...	Offline		JAMESWT_MHT
2021-07-21 08:21:56	http://androidmedallo.duckdns.org/Claro%20Secur...	Offline		JAMESWT_MHT
2021-07-21 08:21:41	http://androidmedallo.duckdns.org/cgdifn.msi	Offline		JAMESWT_MHT
2021-07-21 08:21:37	http://androidmedallo.duckdns.org/CGDIFN.exe	Offline	LodaRAT	JAMESWT_MHT
2021-07-21 08:21:31	http://androidmedallo.duckdns.org/Corona%20App.apk	Offline		JAMESWT_MHT
2021-07-21 08:21:21	http://androidmedallo.duckdns.org/Win%20defende...	Offline	njRAT	JAMESWT_MHT
2021-07-21 08:21:16	http://androidmedallo.duckdns.org/Winserver.exe	Offline	njRAT	JAMESWT_MHT
2021-07-21 08:21:14	http://androidmedallo.duckdns.org/done.exe	Offline	njRAT	JAMESWT_MHT
2021-07-21 08:21:10	http://androidmedallo.duckdns.org/YJHLZX.py	Offline		JAMESWT_MHT
2021-07-21 08:21:08	http://androidmedallo.duckdns.org/Winver.exe	Offline	njRAT	JAMESWT_MHT

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2021-10-07 13:32:09	bce1cfbca7748bc0ff26b042668feddb6f4db2f44e10637b781cfe2394ff6414	exe
2021-10-02 00:18:34	bd5fa7ccde2dbc145685b36d66c3c6161e7e780308bd6ec29666139908e7db26	exe	njrat
2021-09-15 16:25:39	51324ce0d6bc7c8668dea9b0bcc31048038723480ca16be17e6234a7cc88c391	exe	njrat
2021-08-26 20:56:07	ff409e50aa3473d308b7e5d6fbcb9369a7811f7d0f6700b7f1494834db9450d9	zip
2021-07-30 22:34:24	d2e347f7ecbcb94a4fe2e0ea86f92d0f60321be94441265b97f0e0b212c0efbc	exe	njrat
2021-07-29 20:32:32	989a832dd6395528e5373e6fd04432a48843c299b53e8aade6142a6fee6dec94	exe	njrat
2021-07-21 08:28:46	1d3351293492090c589ad39ec03fc265f44d96fa45d5bd451a446d311ad5a18a	zip
2021-07-21 08:21:55	e1b46d3d5cb232880efd189482c49882178db717994d3f3663dfe4eca843bfa0	zip
2021-07-21 08:21:41	d1ae3ed0e65a3e85becdaea040af72e64f84aaf2e97dd62ba55639a81265d46d	msi
2021-07-21 08:21:37	79d3666b7a0fa6f7497eb4675b1ca9c550f8cdbf932f4410f1b8feb8d1e31d49	exe	LodaRAT
2021-07-21 08:21:31	d6cf06cd34f50317131591268d23ef266c01bf3f758893568f10204825cc3369	unknown
2021-07-21 08:21:21	319b6b852006b89fe1aca8715cd3720e9a15ca2176ea256b9fd93557130d4e79	exe	njrat
2021-07-21 08:21:16	a96ae0b647e51ed4a6ee91306db79ec60d4f4c34b341391f7e806e7726744cf9	exe	njrat
2021-07-21 08:21:14	3582b41cef347b9aab950ae01a42ecf76d9d13b1b1a4601fc03bc3ee4535fa4f	exe	njrat
2021-07-21 08:21:10	c91814a20e581ed58e22d44f441c195d471657ff36e97a4934abe9c603c16dfa	unknown
2021-07-21 08:21:08	4f0e5aa77c0e9894c311e8ba4daadeeb5d8b7a6f583cf087a5c90547cfe54708	exe	njrat