URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	gotemburgoxm.duckdns.org
Domain registrar:	Gandi
Domain registration date:	2013-04-12 19:58:56 UTC
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Blocked
DNS4EU :	Blocked
Control D HaGeZi :	Not blocked
Firstseen:	2025-04-12 18:48:09 UTC
Total malware sites :	2
Online malware sites :	0 (0%)
Offline Malware sites :	2 (100%)
A record(s) observed :	99

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-10-27 10:06:08	37.120.153.7		Not listed	AS9009 M247	SE	yes
2025-08-29 17:09:32	46.246.12.9	c-46-246-12-9.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2025-09-18 09:37:12	45.133.180.154		Not listed	AS9009 M247	BR	no
2025-10-15 02:53:36	46.246.86.13	c-46-246-86-13.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2025-10-07 16:27:59	46.246.80.14	c-46-246-80-14.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2025-09-22 22:01:35	178.73.218.10	c-178-73-218-10.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2025-09-18 21:18:25	178.73.192.13	c-178-73-192-13.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2025-09-17 15:27:20	46.246.12.5	c-46-246-12-5.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2025-09-16 20:59:03	188.126.90.10	c-188-126-90-10.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2025-07-02 16:27:09	46.246.86.5	c-46-246-86-5.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-04-12 18:48:44	http://gotemburgoxm.duckdns.org/sostener.vbs	Offline	opendir ua-wget vbs xworm	DaveLikesMalwre
2025-04-12 18:48:12	http://gotemburgoxm.duckdns.org/incrustado.vbs	Offline	njRAT opendir ua-wget vbs	DaveLikesMalwre

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2025-08-15 12:15:42	fed260507508e3c24632800ee2cd39e9c401cf6f84ebe3467979857cec2dfe9c	txt		njrat
2025-08-14 15:51:57	62e65ddf448f62409bf2b252a1dda1c300de21fb0fff06ab07903360f301c1b5	txt		XWorm
2025-07-02 17:17:47	21aa261a83bd6d2b435ff38d3411c82bc7fa91b82adac99eb5c2153ac34f30e3	txt		XWorm
2025-07-02 16:27:07	6849da9fb64c3db1e883aa1a106a03c8e69d3e41d4be8a81bafbdd78f2f311da	txt		njrat
2025-06-18 16:52:51	df0fe5536a69848a22b1b22f424a9bd598adafb30e09101dc98b214e09a1aef2	txt
2025-06-17 17:26:24	0e0195998fe478bbfc06a28706f21ae830f15765995cad680b955baf23eb9b86	txt		njrat
2025-06-16 22:46:15	a1e7b215e1864b59a808e8b63356eca78629563744d6deced84afd55690877c1	txt		njrat
2025-06-16 16:42:43	aa26b956edc6d25f5aeff7cd7e9db28c70ea730b03b90246c6dc9f93d6db062b	txt
2025-06-11 01:15:36	73c28224eca789607d77884620425d0fad56ef7591d6cda5f384a49d19beb5c7	txt