URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	husktools.duckdns.org
Domain registrar:	Gandi
Domain registration date:	2013-04-12 19:58:56 UTC
Abuse complaint sent?:	Yes (2024-11-05 13:20:02 UTC to support{at}duckdns[dot]org)
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Blocked
Control D HaGeZi :	Not blocked
Firstseen:	2024-11-05 13:19:11 UTC
Total malware sites :	4
Online malware sites :	0 (0%)
Offline Malware sites :	4 (100%)
A record(s) observed :	9

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2024-11-14 15:42:30	87.121.86.126		Not listed	AS209693 OC-NETWORK	EE	no
2024-11-21 02:55:03	185.195.19.214	mluei-214.bametar.com	Not listed	AS9009 M247	RO	no
2024-11-21 11:40:05	185.195.19.213	mluei-213.bametar.com	Not listed	AS9009 M247	RO	no
2024-11-21 04:37:38	185.195.19.212	mluei-212.bametar.com	Not listed	AS9009 M247	RO	no
2024-11-14 19:06:02	185.195.19.194	mluei-194.bametar.com	Not listed	AS9009 M247	RO	no
2024-11-19 00:39:58	185.195.19.195	mluei-195.bametar.com	Not listed	AS9009 M247	RO	no
2024-11-14 18:21:37	185.195.19.196	mluei-196.bametar.com	Not listed	AS9009 M247	RO	no
2024-11-15 10:02:31	45.89.175.86		Not listed	AS9009 M247	RO	no
2024-11-05 13:19:25	31.13.224.189		Not listed	AS151612 HOSTPERL-AS-AP	NZ	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2024-11-08 19:43:06	http://husktools.duckdns.org/joined.exe	Offline	32 exe xworm	zbetcheckin
2024-11-08 18:10:10	http://husktools.duckdns.org/worm.exe	Offline	AsyncRAT	Bitsight
2024-11-07 04:47:07	http://husktools.duckdns.org/lum.exe	Offline	32 exe LummaStealer	zbetcheckin
2024-11-05 13:19:25	http://husktools.duckdns.org/xwo.exe	Offline	xworm	Bitsight

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2024-11-08 19:43:06	7245244c75276269f56cce5f81194681a881d4746a7abec6807f28a19b04ba66	exe		XWorm
2024-11-08 18:10:10	a1c97fe85170fd6acd766d965f1931e32692ffa92db222492fd24b4421b126c9	exe		AsyncRAT
2024-11-07 04:47:06	77f6caa506303dbdcf644380adf5cb01b122f6f5efa3a54d7492754075243e2b	exe		LummaStealer
2024-11-05 13:19:20	a22f6db007744f7768782280e66832487b3b193ff20825203bb56210b7c4e923	exe		XWorm