URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	sheet.duckdns.org
Domain registrar:	Gandi
Domain registration date:	2013-04-12 19:58:56 UTC
Abuse complaint sent?:	Yes (2022-09-22 14:55:01 UTC to support{at}duckdns[dot]org)
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Blocked
Control D HaGeZi :	Not blocked
Firstseen:	2022-09-22 14:52:04 UTC
Total malware sites :	12
Online malware sites :	0 (0%)
Offline Malware sites :	12 (100%)
A record(s) observed :	5

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-04-27 14:28:25	5.228.80.177	broadband-5-228-80-177.ip.moscow.rt.ru	Not listed	AS42610 NCNET-AS	RU	no
2022-12-15 17:51:17	13.50.4.7	ec2-13-50-4-7.eu-north-1.compute.amazonaws.com	Not listed	AS16509 AMAZON-02	SE	no
2022-10-14 05:57:20	206.189.159.222		Not listed	AS14061 DIGITALOCEAN-ASN	SG	no
2022-10-13 09:22:05	157.245.196.52		Not listed	AS14061 DIGITALOCEAN-ASN	SG	no
2022-09-22 14:52:05	159.223.57.212		Not listed	AS14061 DIGITALOCEAN-ASN	SG	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-09-26 08:04:05	http://sheet.duckdns.org/uproject.exe	Offline	exe	abuse_ch
2022-09-26 08:04:04	http://sheet.duckdns.org/explorer	Offline	exe	abuse_ch
2022-09-26 08:04:04	http://sheet.duckdns.org/Budget.exe	Offline	exe	abuse_ch
2022-09-22 14:53:21	http://sheet.duckdns.org:9000/sheer.exe	Offline	bitrat exe opendir	abuse_ch
2022-09-22 14:53:17	http://sheet.duckdns.org:9000/uproject.exe	Offline	exe opendir	abuse_ch
2022-09-22 14:53:17	http://sheet.duckdns.org:9000/Budgetsheet.exe	Offline	exe opendir RedLineStealer	abuse_ch
2022-09-22 14:53:12	http://sheet.duckdns.org:9000/bind.exe	Offline	exe opendir RedLineStealer	abuse_ch
2022-09-22 14:53:06	http://sheet.duckdns.org:9000/Excelsheet.exe	Offline	AveMariaRAT exe opendir	abuse_ch
2022-09-22 14:53:06	http://sheet.duckdns.org:9000/explorer.exe	Offline	AveMariaRAT exe opendir	abuse_ch
2022-09-22 14:52:32	http://sheet.duckdns.org:9000/sheeter.exe	Offline	bitrat exe opendir	abuse_ch
2022-09-22 14:52:20	http://sheet.duckdns.org:9000/Budget.exe	Offline	bitrat exe opendir	abuse_ch
2022-09-22 14:52:05	http://sheet.duckdns.org/sheeter.exe	Offline	exe	abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2022-09-22 14:53:21	3bcfe5eeac91dfdb5e391f8f1f7163a731a101978d4f906e6d759f74ed92297c	exe		BitRAT
2022-09-22 14:53:17	dc3b1cd6cc70e681b959bf718ba3a91ac4d5f6c0dfe49fa6ef0f6a7092a5690d	exe
2022-09-22 14:53:17	b64c57f3f83e58764714885b3a0e16a543cfff24ae800ff5dd2540f92b4d46f4	exe		RedLineStealer
2022-09-22 14:53:12	ae8289c86151d81f2c199abfba1cc576550e228d235024cf46b2c6e1b80de8bd	exe		RedLineStealer
2022-09-22 14:53:06	7edfa955033153759fc3f3f8e198e3a675e5376cc2a25031ae4f0df1b66cfd07	exe		AveMariaRAT
2022-09-22 14:53:06	2fb55700d343afcad180486bedddb4ce8a632d11cbbde696d8db7a165543ae90	exe		AveMariaRAT
2022-09-22 14:52:31	b244154eb02dde8424ac1dfc45cf8b1351de4c80c35ccbc338be7425c0a382d7	exe		BitRAT
2022-09-22 14:52:20	bdeab97a1a23c98b3a53d4c7d6c60276597ca67bd80f5d622ccc20b3d703f756	exe		BitRAT