URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	rtost.duckdns.org
Domain registrar:	Gandi
Domain registration date:	2013-04-12 19:58:56 UTC
Abuse complaint sent?:	Yes (2025-06-07 21:30:00 UTC to abuse{at}duckdns[dot]org)
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Blocked
DNS4EU :	Not blocked
Control D HaGeZi :	Not blocked
Firstseen:	2025-06-07 21:26:06 UTC
Total malware sites :	58
Online malware sites :	2 (3%)
Offline Malware sites :	56 (97%)
Newest active malware site :	2025-08-25 11:25:19 UTC
Oldest active malware site :	2025-08-14 08:51:34 UTC (Age: 9 months, 20 days, 8 hours, 49 minutes)
A record(s) observed :	6

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-08-25 19:26:00	192.169.69.26	sinkhole.hyas.com	Not listed	AS27323 SERVERSTADIUM	US	yes
2025-08-15 11:28:14	162.240.80.146	162-240-80-146.unifiedlayer.com	Not listed	AS46606 UNIFIEDLAYER-AS-1	US	no
2025-08-14 14:12:02	45.134.140.234	unn-45-134-140-234.datapacket.com	Not listed	AS212238 CDNEXT	US	no
2025-06-08 03:18:01	168.100.160.208	168.100.160.208.galaxy.cosmic.global	Not listed	AS26863 GAMESERVERKINGS	US	no
2025-08-09 23:42:19	1.1.1.1	one.one.one.one	Not listed	AS13335 CLOUDFLARENET	n/a	no
2025-07-10 11:07:03	8.8.8.8	dns.google	Not listed	AS15169 GOOGLE	US	no

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-08-25 11:25:24	http://rtost.duckdns.org/target/handshake.php	Offline		JAMESWT_WT
2025-08-25 11:25:22	http://rtost.duckdns.org/mimicr/winlogon.com	Offline		JAMESWT_WT
2025-08-25 11:25:22	http://rtost.duckdns.org/mimicr/Launcher.exe	Offline		JAMESWT_WT
2025-08-25 11:25:19	http://rtost.duckdns.org/mimicr/WinUpdatehan.exe	Offline		JAMESWT_WT
2025-08-25 11:25:19	http://rtost.duckdns.org/mimicr/WinUpdate2han.exe	Offline		JAMESWT_WT
2025-08-25 11:25:19	http://rtost.duckdns.org/mimicr/mimicr5.7.rar	Offline		JAMESWT_WT
2025-08-25 11:25:19	http://rtost.duckdns.org/mimicr/LogonUi.exe	Offline	CoinMiner	JAMESWT_WT
2025-08-25 11:25:19	http://rtost.duckdns.org/mimicr/Launcherhmd.exe	Offline		JAMESWT_WT
2025-08-25 11:25:18	http://rtost.duckdns.org/mimicr/tokenborkerdll.exe	Offline		JAMESWT_WT
2025-08-25 11:25:17	http://rtost.duckdns.org/mimicr/TokenBorkerCFG.exe	Offline		JAMESWT_WT
2025-08-25 11:25:13	http://rtost.duckdns.org/mimicr/WinUpdatehmd.exe	Offline		JAMESWT_WT
2025-08-25 11:25:12	http://rtost.duckdns.org/mimicr/WinUpdate2hmd.exe	Offline		JAMESWT_WT
2025-08-25 11:25:11	http://rtost.duckdns.org/mimicr/RuntimeBorkerDl...	Offline		JAMESWT_WT
2025-08-25 11:25:11	http://rtost.duckdns.org/mimicr/NEWVER.exe	Offline		JAMESWT_WT
2025-08-25 11:25:11	http://rtost.duckdns.org/mimicr/launcher2hmd.exe	Offline		JAMESWT_WT
2025-08-25 11:25:09	http://rtost.duckdns.org/mimicr/confhan.txtz	Offline		JAMESWT_WT
2025-08-25 11:25:09	http://rtost.duckdns.org/mimicr/WinUpdate	Offline		JAMESWT_WT
2025-08-25 11:25:08	http://rtost.duckdns.org/mimicr/WinUpdateMmr.exe	Offline		JAMESWT_WT
2025-08-25 11:24:20	http://rtost.duckdns.org/mimicr/moi(old).ps1	Offline		JAMESWT_WT
2025-08-25 11:24:16	http://rtost.duckdns.org/mimicr/moi(old).bat	Offline		JAMESWT_WT
2025-08-24 07:47:07	http://rtost.duckdns.org/mimicr/WinUpdate.exe	Offline		JAMESWT_WT
2025-08-14 08:51:36	http://rtost.duckdns.org/mimicr/stel1.exe	Offline		JAMESWT_WT
2025-08-14 08:51:32	http://rtost.duckdns.org/mimicr/Akee.rar	Offline		JAMESWT_WT
2025-08-14 08:51:31	http://rtost.duckdns.org/mimicr/wallet-clean-ch...	Offline		JAMESWT_WT
2025-08-14 08:51:31	http://rtost.duckdns.org/mimicr/Akee.exe	Offline		JAMESWT_WT
2025-08-14 08:51:30	http://rtost.duckdns.org/mimicr/Ak123ee.rar	Offline		JAMESWT_WT
2025-08-14 08:51:28	http://rtost.duckdns.org/mimicr/WinRing0x64.sys	Offline		JAMESWT_WT
2025-08-14 08:51:28	http://rtost.duckdns.org/mimicr/Akee2.exe	Offline		JAMESWT_WT
2025-08-14 08:51:28	http://rtost.duckdns.org/mimicr/Launcherhan.exe	Offline		JAMESWT_WT
2025-08-14 08:51:26	http://rtost.duckdns.org/mimicr/RuntimeBorkerha...	Offline		JAMESWT_WT
2025-08-14 08:51:26	http://rtost.duckdns.org/mimicr/confhmd.txt	Offline		JAMESWT_WT
2025-08-14 08:51:23	http://rtost.duckdns.org/mimicr/moi2.bat	Offline		JAMESWT_WT
2025-08-14 08:51:23	http://rtost.duckdns.org/mimicr/Launcher2han.exe	Offline		JAMESWT_WT
2025-08-14 08:51:22	http://rtost.duckdns.org/mimicr/anyinstall.bat	Offline		JAMESWT_WT
2025-08-14 08:51:21	http://rtost.duckdns.org/mimicr/RuntimeBorker2h...	Offline		JAMESWT_WT
2025-08-14 08:51:20	http://rtost.duckdns.org/mimicr/RuntimeBorkerhm...	Offline		JAMESWT_WT
2025-08-14 08:51:18	http://rtost.duckdns.org/mimicr/moi2han.bat	Offline		JAMESWT_WT
2025-08-14 08:51:17	http://rtost.duckdns.org/mimicr/moishan.ps1	Offline		JAMESWT_WT
2025-08-14 08:51:17	http://rtost.duckdns.org/mimicr/netWork64.exe	Offline		JAMESWT_WT
2025-08-14 08:51:17	http://rtost.duckdns.org/mimicr/AnydeskBackdoor...	Offline	AnyDesk	JAMESWT_WT
2025-08-14 08:51:16	http://rtost.duckdns.org/mimicr/conf2han%20-%20...	Offline		JAMESWT_WT
2025-08-14 08:51:16	http://rtost.duckdns.org/mimicr/onsk.exe	Offline		JAMESWT_WT
2025-08-14 08:51:16	http://rtost.duckdns.org/mimicr/moi%28old%29.bat	Offline		JAMESWT_WT
2025-08-14 08:51:14	http://rtost.duckdns.org/mimicr/Akee.ps1	Offline	DEU geofenced powershell script	JAMESWT_WT
2025-08-14 08:51:14	http://rtost.duckdns.org/mimicr/moi%28old%29.ps1	Offline		JAMESWT_WT
2025-08-14 08:51:13	http://rtost.duckdns.org/mimicr/conf2han.txt	Offline		JAMESWT_WT
2025-08-14 08:51:13	http://rtost.duckdns.org/mimicr/conf2hmd.txt	Offline		JAMESWT_WT
2025-08-14 08:51:12	http://rtost.duckdns.org/mimicr/moi.ps1	Offline		JAMESWT_WT
2025-08-14 08:51:12	http://rtost.duckdns.org/mimicr/ExeFixer.reg	Offline		JAMESWT_WT
2025-08-14 08:51:12	http://rtost.duckdns.org/mimicr/mois.ps1	Offline		JAMESWT_WT
2025-07-12 06:45:24	http://rtost.duckdns.org/mimicr/stel.exe	Offline	exe	abuse_ch
2025-07-12 06:45:20	http://rtost.duckdns.org/mimicr/gcide.exe	Offline	exe	abuse_ch
2025-07-12 06:45:11	http://rtost.duckdns.org/mimicr/clper.exe	Offline	exe	abuse_ch
2025-06-07 21:26:16	http://rtost.duckdns.org/mimicr/moi.exe	Offline	exe	Riordz

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2025-08-25 14:23:40	88f7faa11b036eb9f5083d592201a39609b06cf0335bc4ab370a78bdc3e85830	exe
2025-08-25 13:56:25	4a8e2ca5f5a65c73e3e910d06b5760ab18177e94d0da8f0c7ec22caee404ac87	exe
2025-08-25 11:25:22	4d1e682b22632faafe730584ce724bb60ad384a2b6974fe5f72e9df76b344bbe	exe
2025-08-25 11:25:22	05abec9c66e23791ab1225bf81e829aca5ad215cee739a11d17883b1c20dfd91	exe
2025-08-25 11:25:19	38dcde77f6a4b30bb75395d693cbc1c621d894737a178c1c1a18aa42f95f732e	exe
2025-08-25 11:25:19	735c82b56c6561b6b101ad6dbaf402e462bae4e518df071cd637bb9a8065772f	exe
2025-08-25 11:25:19	914a2432986a94ea4727fadc1e9d216119c09b2628a320108db387849e7bbff4	exe
2025-08-25 11:25:19	72d3433222e9aad5bf48aee72ebb62a5575b066fadea883add2af9e79cbc1977	exe
2025-08-25 11:25:19	e0cffe40c3b4cce567f25ac39b33eefd0dbd3cab701d3c52be21697675950f3b	exe	CoinMiner
2025-08-25 11:25:19	5c681ec3347ba20e9fd1fb16d2d6d0a8249b6e504d9fde7dfac2b0ad4caabf9b	rar
2025-08-25 11:25:18	4d1e682b22632faafe730584ce724bb60ad384a2b6974fe5f72e9df76b344bbe	exe
2025-08-25 11:25:13	88f7faa11b036eb9f5083d592201a39609b06cf0335bc4ab370a78bdc3e85830	exe
2025-08-25 11:25:11	72d3433222e9aad5bf48aee72ebb62a5575b066fadea883add2af9e79cbc1977	exe
2025-08-25 11:25:11	778999ec7de998a62cf77f6b0ac379915e31093c4753c00629bfd51160fb2150	exe
2025-08-25 11:24:20	59d3b03ddb21c222af31e8237623ccc4777b107be7cad9e7e2119bbbaf49a8e3	txt
2025-08-25 11:24:16	ce389d2cc91ef8d9ff8b063404658ed1386d0eabe19150e4d33ae21fb7f6f662	bat
2025-08-23 20:09:46	896f271881e0f602d62ed8f69b960d579c0c5d38e22220e317b4fe2ad104a514	json
2025-08-23 19:28:31	896f271881e0f602d62ed8f69b960d579c0c5d38e22220e317b4fe2ad104a514	json
2025-08-16 21:13:44	59d3b03ddb21c222af31e8237623ccc4777b107be7cad9e7e2119bbbaf49a8e3	txt
2025-08-15 15:58:56	9af2bed13ecae054982d7e3a5d9ebd8c01a15ac4338b37ca0df28c78f27e11e5	txt
2025-08-15 13:40:25	38b0b4df000d5e65d888b24778164fc43ba33e92e92ba716a46be8f1dc59acd6	txt
2025-08-15 13:23:44	25b1d00184d3ea662130a8e1837690b18b45f153dac4df20aa8185edbb7ff2bb	txt
2025-08-15 12:41:14	3c14a50b4c227b98732434c0a3d231d6f7b1e28ef8088ff7fcd87cad7e20bc81	json
2025-08-15 12:18:15	87811f68ec70aba4dab61e6f40d5dd897470ff3152cc34e6fe8dcfa08b94b416	txt
2025-08-14 08:51:36	55b9042319dfc7ab9c7401344c44a41a7a4f56f8893aad8129bb71a69bc98f0a	exe
2025-08-14 08:51:34	1821577409c35b2b9505ac833e246376cc68a8262972100444010b57226f0940	exe
2025-08-14 08:51:32	dd4af79225cdca6df5e6f799a0a51b5d550bafbb317848b0997e0c2015ee5622	rar
2025-08-14 08:51:31	49dcc857bc7ed84f2d3a396696e7ed4cfdd8a2512e05d01b717fb3139e5a45a5	exe
2025-08-14 08:51:31	0bdadbc5f5d6cd6401c2828f50d58c4cb7ca56aad1f26ad85a35cb4aab9a1220	exe
2025-08-14 08:51:31	109b03ffc45231e5a4c8805a10926492890f7b568f8a93abe1fa495b4bd42975	exe	AnyDesk
2025-08-14 08:51:29	2a32f7e01f5e5b3873ad6976b5b87f9093a8ea8e72b7cdae695fdde85f6fc6c8	rar
2025-08-14 08:51:26	5bc957839c9488b18f8e394018461da2ba17718dc6f269d1391e845d4b1bace5	exe
2025-08-14 08:51:26	bdad79dddd27fbf381f0e64b53bee42347fbfc356320749fb852e9ea67a826ff	exe
2025-08-14 08:51:26	46f7b88ae8b06fbe1b1d4ca49d9b1af4811639ceb61096613eb1611186ea9361	exe
2025-08-14 08:51:26	11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5	exe
2025-08-14 08:51:25	ded3e961c5c0bacd4f30f0c91844c1bf6405507d8f20653662de2a059242315e	json
2025-08-14 08:51:23	2e89d5d6b99a6c49b4a2049756c2457b0ba74eecb7888de126c6659d8e78fb86	bat
2025-08-14 08:51:23	974282380c85452918f2d2c241b4bceb6c567981956dd3a5bdab6717430e8ef5	exe
2025-08-14 08:51:22	92cef683c8967ddc0372d1b8ad1266a95815ff4a0d0e77671d94f7ad96e4f1cc	bat
2025-08-14 08:51:21	507c5045dcbfb3bf510bf4b35e63a21a65ae66da6d150e7ac645ccb8c2d1d80c	exe
2025-08-14 08:51:18	2538c9be4ed3126ddc13b5613661da583f0ac11c587704ca2c251b5e98f03d4c	bat
2025-08-14 08:51:18	41ee8f78bc0b6d3421d4503998dabf125fae16c38c3a224047886e419bf544d0	exe
2025-08-14 08:51:18	507c5045dcbfb3bf510bf4b35e63a21a65ae66da6d150e7ac645ccb8c2d1d80c	exe
2025-08-14 08:51:17	6f9d22b46c85dd1b555c71a7e5343057da63778378faffca5775ee34b1e9ae69	txt	AnyDesk
2025-08-14 08:51:17	d38d06c432a351321ee4ec7913a185ebb61fc6aae8a7b892cb9f62cca9be2832	exe
2025-08-14 08:51:16	b5e51df99195ca21b09997003b99410febe3073d08f6214a96dc00ac67a29114	json
2025-08-14 08:51:16	eaa23102326532eee19e51194f00994cf5ad9aedd8e24ea0ef1b2172382badf8	exe
2025-08-14 08:51:16	ce389d2cc91ef8d9ff8b063404658ed1386d0eabe19150e4d33ae21fb7f6f662	bat
2025-08-14 08:51:12	ded3e961c5c0bacd4f30f0c91844c1bf6405507d8f20653662de2a059242315e	json
2025-07-12 06:45:18	0bdadbc5f5d6cd6401c2828f50d58c4cb7ca56aad1f26ad85a35cb4aab9a1220	exe
2025-07-12 06:45:17	2992cfd555b4ecb722302e37b2de53c2f96fe0032a3d948afcf053dc247c55f7	exe
2025-07-12 06:45:11	05e754d46b47c138c77595a4f71af97b8446d157cf6873aa2fab349a7b0c4aec	exe
2025-07-10 11:06:57	7bfca2a80aefdedb07ce74460dd47fee71c4a8dddb7902051a6c21e7e4f292f4	exe
2025-06-07 21:26:10	abf1e20219fbb688ef92d246b6fea0649fa99fcde3b24f05174cbc02da6ce0ab	exe