URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: rem0925.duckdns.org
Domain registrar:Gandi -
Domain registration date:2013-04-12 19:58:56 UTC
Abuse complaint sent?: Yes (2025-09-08 14:54:01 UTC to abuse{at}duckdns[dot]org)
Spamhaus DBL :Abused domain (malware)
SURBL :Blocked
Quad9 :Status unknown
AdGuard :Status unknown
Cloudflare :Blocked
ProtonDNS :Blocked
OpenBLD :Blocked
DNS4EU :Not blocked
Control D HaGeZi :Not blocked
Firstseen:2025-09-08 14:53:07 UTC
Total malware sites :8
Online malware sites :0 (0%)
Offline Malware sites :8 (100%)
A record(s) observed :13

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2025-11-22 02:42:52 186.169.89.42Not listedAS3816 COLOMBIA_TELECOMUNICACIONES_S.A._ESP_BIC- COno
2025-11-13 17:53:50 186.169.67.93Not listedAS3816 COLOMBIA_TELECOMUNICACIONES_S.A._ESP_BIC- COno
2025-10-30 23:50:24 186.169.69.76Not listedAS3816 COLOMBIA_TELECOMUNICACIONES_S.A._ESP_BIC- COno
2025-10-14 15:39:41 186.169.46.112Not listedAS3816 COLOMBIA_TELECOMUNICACIONES_S.A._ESP_BIC- COno
2025-10-06 14:17:04 186.169.76.187Not listedAS3816 COLOMBIA_TELECOMUNICACIONES_S.A._ESP_BIC- COno
2025-10-04 02:41:36 186.169.89.1Not listedAS3816 COLOMBIA_TELECOMUNICACIONES_S.A._ESP_BIC- COno
2025-10-02 14:51:59 190.255.89.251Not listedAS3816 COLOMBIA_TELECOMUNICACIONES_S.A._ESP_BIC- COno
2025-09-30 15:58:07 190.255.90.124Not listedAS3816 COLOMBIA_TELECOMUNICACIONES_S.A._ESP_BIC- COno
2025-09-22 15:21:34 186.169.60.81Not listedAS3816 COLOMBIA_TELECOMUNICACIONES_S.A._ESP_BIC- COno
2025-09-19 15:54:03 186.169.69.39Not listedAS3816 COLOMBIA_TELECOMUNICACIONES_S.A._ESP_BIC- COno

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2025-10-04 02:47:14http://rem0925.duckdns.org/dllchichi.txtOfflinebase64-loader opendir Riordz
2025-10-04 02:47:08http://rem0925.duckdns.org/pchichi.txtOfflineopendir rev-base64-loader Riordz
2025-09-08 14:53:26http://rem0925.duckdns.org/1septiembre.vbsOfflineua-wget BlinkzSec
2025-09-08 14:53:22http://rem0925.duckdns.org/x31agosto.vbsOfflineua-wget xworm BlinkzSec
2025-09-08 14:53:22http://rem0925.duckdns.org/andre.vbsOfflineRemcosRAT ext ua-wget BlinkzSec
2025-09-08 14:53:18http://rem0925.duckdns.org/31agosto.vbsOfflineRemcosRAT ext ua-wget BlinkzSec
2025-09-08 14:53:17http://rem0925.duckdns.org/sostener.vbsOfflineRemcosRAT ext ua-wget BlinkzSec
2025-09-08 14:53:16http://rem0925.duckdns.org/2septiembre.vbsOfflineua-wget BlinkzSec

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2025-11-23 19:52:1137fa5a4fd4cc772735a96fef23037e24c503ff7857858c80e68ff28d5c77ad79txt RemcosRAT
2025-11-20 15:20:456a724eb42d810bdcd5ae0ff16c4816072ff5fd54bb4e45e036c10c0e070a4664txt RemcosRAT
2025-11-20 06:43:396a724eb42d810bdcd5ae0ff16c4816072ff5fd54bb4e45e036c10c0e070a4664txt RemcosRAT
2025-11-19 18:48:13073e4daf286173372555f2c0525977bb8164febab473bdb3b29add90c2667acbtxtRemcosRAT
2025-11-12 17:32:0707ff969de6708f67279704fffc22e4f903befdf92fb7e12b9a14489b18838ff4txt  
2025-11-12 17:31:4107ff969de6708f67279704fffc22e4f903befdf92fb7e12b9a14489b18838ff4txt  
2025-11-11 00:47:21cb0ec11df5fb97d727bea30c9d207c70cb6508e3159b2a9d9dad062d39d78750txt  
2025-11-07 08:24:36613eeafd890461b83c122f46212263b2698413aacd117a07916883bff710d4d8txt RemcosRAT
2025-11-06 20:04:32613eeafd890461b83c122f46212263b2698413aacd117a07916883bff710d4d8txt RemcosRAT
2025-11-06 05:17:25e2ae3121af3fd9874ba17612b0c012ca1962dfd918cc1d479384dad7bf469c64txt RemcosRAT
2025-11-05 17:47:30cdf18dce59da13a347c6d2d60a0bf6190228b46e595863308769a1cb34ca5fd0txt RemcosRAT
2025-11-01 00:19:5571fc5b649c4ca8ada3d1b6cfdcc52337504238fcc4a705d967f6a4e54b49d4d5txt  
2025-10-29 18:20:2009106cfe70aef62ac9c44088a6f3522fb9fa3868e5a2bdc331c4fb0b5bf84e4etxt  
2025-10-27 22:17:59859de7f0b61c2ce5e61b9737583fb72a80b0219c13c200a2d0de3e0da7f38307txtRemcosRAT
2025-10-27 18:38:562612e4114bd164430b644d83bfc3f3ad50b160a245af5c9e30d5f96de84c8ff2txt RemcosRAT
2025-10-27 17:30:33f49e6e84c10ffdd05fcd7f49c6616f25f9385710009bc3dab7cc35bb212676d0txt RemcosRAT
2025-10-27 17:13:35f49e6e84c10ffdd05fcd7f49c6616f25f9385710009bc3dab7cc35bb212676d0txt RemcosRAT
2025-10-24 23:09:1429258ce3918dd64f9c36bcec4d356f3b3c7b58b90141d8b14d35d94c42d79be4txt RemcosRAT
2025-10-24 03:49:2579cb8e37238bd08ef54dd85c868a7b7b5062d3275820a9b541ac5219e2f78ccbtxt RemcosRAT
2025-10-23 11:06:54c884f32c87fc6ad239d98d00c37a8eb1cad4a38abb2d7e7bc6575339b7ba01datxt 
2025-10-23 06:30:087b7471de1ffb467bcabc40ed0d2bf08f0a255bb3c0f4f2e7babf0540d7ed99f5txt 
2025-10-18 17:23:47975ff4a35f09c1ad65fa8160461bcd679ef2ad921120ef1f11d9e5571ef414c5txt  
2025-10-18 16:58:35b835e4e06da50e5f51090c7a7e942d77c0b0f72a2e4ec73adb1c4f92e0de9955txt RemcosRAT
2025-10-18 09:39:25975ff4a35f09c1ad65fa8160461bcd679ef2ad921120ef1f11d9e5571ef414c5txt  
2025-10-08 21:53:52540ec378cbd516ca43ee050f1cde867abee50480e3b33bb216af9dd4b98cf1f4txt RemcosRAT
2025-10-04 02:47:143c803751fb9d3b5c1a692674832792ab921752b389f7cf2015097a001194d981txt  
2025-10-04 02:47:075c53700dd0af623314c44fb4d22e250766bd3f57ad86be0c15f2536c44339c5dtxt  
2025-09-26 08:08:227aab9283bc3a6e6bdf97fa60443aa9f9a7555ab11f1d284e37506bc0f7fb63fbtxt  
2025-09-26 06:28:097aab9283bc3a6e6bdf97fa60443aa9f9a7555ab11f1d284e37506bc0f7fb63fbtxt  
2025-09-23 21:33:24029a67953833635a2dd1ce8b836d312737ad032b4068e5c7417192544f336c60txtRemcosRAT
2025-09-21 09:13:4547e114233db43a7fe2a41d141e30b838ba103ff13c3f6173c92b287c90317ad8txt  
2025-09-19 21:43:398a16ca84f43f9b9830f8fbd05b931d0c858e1158a5a1b8511d3b9a4c982217c1txt  
2025-09-19 14:20:06fc16aa2bb6ca67bff10d49a775a41a2e7aaa85d35581fd664042216acf722ab6txt  
2025-09-19 14:12:38c0be33068b69f05dec7c85ba41b9ed08ae5e665213a61bb2022cafb9885873a5txtXWorm
2025-09-19 04:01:15b62793039aad5767efff78f417b229fa730babc94cc3a77dd20eabc21d3913aftxt 
2025-09-14 04:03:45c62e04f87c433c259d9dbcafecbc70a782ff4fbefd62d270239d7998363262fctxtRemcosRAT
2025-09-14 03:30:09b845f07952a9e0ba15c8e3e3098c9a0f5bc28cf9449e31040289cc5e63f58595txtRemcosRAT
2025-09-14 03:22:13b845f07952a9e0ba15c8e3e3098c9a0f5bc28cf9449e31040289cc5e63f58595txtRemcosRAT
2025-09-08 20:26:5781cba3ab21f314ede7cc74a6da6a78342a513c5a7b9f51ed52a02d999970b63ftxt  
2025-09-08 14:53:20b8aae9a506fea0ae59c1bab1d46ad400597a741c5c009a20e13ac4e0c55fac0etxtRemcosRAT
2025-09-08 14:53:17b8aae9a506fea0ae59c1bab1d46ad400597a741c5c009a20e13ac4e0c55fac0etxtRemcosRAT