URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: jholo.duckdns.org
Domain registrar:Gandi -
Domain registration date:2013-04-12 19:58:56 UTC
Abuse complaint sent?: Yes (2024-12-31 07:40:01 UTC to support{at}duckdns[dot]org)
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
ProtonDNS :Status unknown
OpenBLD :Blocked
DNS4EU :Not blocked
Control D HaGeZi :Not blocked
Firstseen:2024-12-31 07:35:08 UTC
Total malware sites :2
Online malware sites :0 (0%)
Offline Malware sites :2 (100%)
A record(s) observed :13

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2025-07-31 04:33:54 37.119.171.146net-37-119-171-146.cust.vodafonedsl.itNot listedAS30722 VODAFONE-IT-ASN- ITno
2025-05-13 12:18:43 2.45.248.130net-2-45-248-130.cust.vodafonedsl.itNot listedAS30722 VODAFONE-IT-ASN- ITno
2025-04-13 21:27:00 5.95.41.119net-5-95-41-119.cust.vodafonedsl.itNot listedAS30722 VODAFONE-IT-ASN- ITno
2025-03-02 18:02:51 5.89.185.42net-5-89-185-42.cust.vodafonedsl.itNot listedAS30722 VODAFONE-IT-ASN- ITno
2025-02-26 12:50:54 5.88.124.112net-5-88-124-112.cust.vodafonedsl.itNot listedAS30722 VODAFONE-IT-ASN- ITno
2025-02-21 13:29:36 2.44.186.53net-2-44-186-53.cust.vodafonedsl.itNot listedAS30722 VODAFONE-IT-ASN- ITno
2025-01-30 05:35:28 37.183.240.79Not listedAS30722 VODAFONE-IT-ASN- ITno
2025-01-25 18:42:21 37.183.212.114Not listedAS30722 VODAFONE-IT-ASN- ITno
2025-01-17 23:20:02 5.95.238.77net-5-95-238-77.cust.vodafonedsl.itNot listedAS30722 VODAFONE-IT-ASN- ITno
2025-01-12 13:41:02 2.45.248.38net-2-45-248-38.cust.vodafonedsl.itNot listedAS30722 VODAFONE-IT-ASN- ITno

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2024-12-31 07:35:29http://jholo.duckdns.org:8181/PASSWORDRECOVERY6...OfflineDarkVisionRAT lontze7
2024-12-31 07:35:14http://jholo.duckdns.org:8181/upload.phpOffline lontze7

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2024-12-31 07:35:2898e9562d0d6914509132a5b8895ab6686798e10e56fe3347f75155d48f3e8d6cexe