URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	respaldo2.duckdns.org
Domain registrar:	Gandi
Domain registration date:	2013-04-12 19:58:56 UTC
Abuse complaint sent?:	Yes (2025-10-05 23:22:02 UTC to abuse{at}duckdns[dot]org)
Spamhaus DBL :	Abused domain (malware)
SURBL :	Blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Blocked
DNS4EU :	Not blocked
Control D HaGeZi :	Not blocked
Firstseen:	2024-12-17 08:41:04 UTC
Total malware sites :	5
Online malware sites :	0 (0%)
Offline Malware sites :	5 (100%)
A record(s) observed :	8

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-10-03 14:51:40	158.94.209.243		SBL686264	AS214943 RAILNET	NL	yes
2025-08-25 11:46:27	213.136.83.185	m31185.contaboserver.net	Not listed	AS51167 CONTABO	FR	no
2025-08-26 16:23:11	94.26.90.120		SBL676377	AS207043 DEDIK-IO	DE	no
2025-08-13 21:40:47	213.136.81.72	m30072.contaboserver.net	Not listed	AS51167 CONTABO	FR	no
2025-06-16 23:36:44	45.82.251.235	server.835	Not listed	AS209847 THE	CY	no
2025-05-28 01:55:33	95.111.242.255		Not listed	AS51167 CONTABO	FR	no
2024-12-17 08:41:13	209.105.248.135		Not listed	AS13354 ZC38-AS1	US	no
2025-03-18 17:52:05	213.199.55.238	m27238.contaboserver.net	Not listed	AS51167 CONTABO	FR	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-10-05 23:21:28	http://respaldo2.duckdns.org/scvhost.vbs	Offline	duckdns opendir remcos RemcosRAT	Riordz
2025-10-05 23:21:10	http://respaldo2.duckdns.org/proceso.vbs	Offline	duckdns opendir remcos RemcosRAT	Riordz
2025-04-12 18:48:20	http://respaldo2.duckdns.org/sostener1.vbs	Offline	opendir ua-wget vbs	DaveLikesMalwre
2025-04-12 18:48:14	http://respaldo2.duckdns.org/svchost.vbs	Offline	AsyncRAT opendir ua-wget vbs	DaveLikesMalwre
2024-12-17 08:41:13	http://respaldo2.duckdns.org/sostener.vbs	Offline	AsyncRAT	abus3reports

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2025-11-20 16:49:04	89d74e1cc49c526f2b8cb961132e8bea0d5cb79605154f1baec82611e4d78073	txt
2025-11-01 09:07:32	b4644f9aee58b5d8a2dd347c7b424e384944df1f0874422cfde9031f8ace7cd5	txt
2025-10-23 23:43:25	dd70d4106356e00a77d16b7703480738b04ce834e025dbbcc9e2ea189978d27e	txt		AsyncRAT
2025-10-09 17:14:22	4d4f578af42251be04bab23cf5bdbc5c1783dc6a1e17f34708f19b7973a4cd09	txt		AsyncRAT
2025-10-08 16:02:59	9066ce1e54712b37d97f0f5fbb9862e062dedb37ebbcdcff22a23fd056b0b243	txt		RemcosRAT
2025-10-07 22:18:14	fdda094c58d9911d5a8e151ba237d77d4f0c920998b80da150d2f8d58996cd8f	txt		RemcosRAT
2025-10-07 21:52:05	2e993a9fcd092234c91b87774180866d23718a396a5867b3b355b7214c429a54	txt		AsyncRAT
2025-10-06 14:36:14	45d7217d9750ae5e186caa325d66c15db7da42835555b11f5f7b1fd6190452a7	txt		RemcosRAT
2025-10-06 14:23:48	3030605201850595dc0cec5af841299b5bac0af2140bf8ed116154937200f537	txt		AsyncRAT
2025-10-05 23:21:28	7033ea0521821a741c520449a2d025f313f2b776b6bf8afe9c9c88d97ae2b8d1	txt		RemcosRAT
2025-10-05 23:21:09	94212177445ae515a0c60e69c5db6da8bfbb2f0ec00541d34eaa09329b2cd394	txt		RemcosRAT
2025-08-27 13:43:24	7c0c2ca1538238830d42e0df6889189c3c57960b6f5f8f349c4fa5232303d85e	txt		AsyncRAT
2025-08-27 13:43:06	4298a440b5c36d8760418114e3278378b167b8d09267640ffda81f082041789d	txt		AsyncRAT