URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	sostener2024dns.duckdns.org
Domain registrar:	Gandi
Domain registration date:	2013-04-12 19:58:56 UTC
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Blocked
DNS4EU :	Not blocked
Control D HaGeZi :	Not blocked
Firstseen:	2025-04-12 18:48:05 UTC
Total malware sites :	2
Online malware sites :	0 (0%)
Offline Malware sites :	2 (100%)
A record(s) observed :	60

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-07-24 22:12:43	192.169.69.26	sinkhole.hyas.com	Not listed	AS27323 SERVERSTADIUM	US	no
2025-07-24 10:18:59	178.73.218.5	c-178-73-218-5.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2025-06-14 18:49:59	46.246.6.4	c-46-246-6-4.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2025-07-23 22:18:24	178.73.192.11	c-178-73-192-11.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2025-07-23 17:34:13	46.246.86.23	c-46-246-86-23.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2025-07-23 11:08:43	46.246.86.22	c-46-246-86-22.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2025-07-22 23:33:33	46.246.84.11	c-46-246-84-11.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2025-05-23 12:07:18	46.246.6.5	c-46-246-6-5.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2025-07-18 05:24:31	46.246.4.17	c-46-246-4-17.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no
2025-07-16 23:43:10	46.246.6.12	c-46-246-6-12.ip4.frootvpn.com	Not listed	AS42708 GLESYS	SE	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-04-12 18:48:26	http://sostener2024dns.duckdns.org/sostener.vbs	Offline	opendir RemcosRAT ua-wget vbs xworm	DaveLikesMalwre
2025-04-12 18:48:10	http://sostener2024dns.duckdns.org/incrustado.vbs	Offline	njRAT opendir ua-wget vbs	DaveLikesMalwre

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2025-07-02 17:11:18	6849da9fb64c3db1e883aa1a106a03c8e69d3e41d4be8a81bafbdd78f2f311da	txt		njrat
2025-07-02 16:53:00	21aa261a83bd6d2b435ff38d3411c82bc7fa91b82adac99eb5c2153ac34f30e3	txt		XWorm
2025-06-17 17:35:20	0e0195998fe478bbfc06a28706f21ae830f15765995cad680b955baf23eb9b86	txt		njrat
2025-06-16 23:05:20	df0fe5536a69848a22b1b22f424a9bd598adafb30e09101dc98b214e09a1aef2	txt
2025-06-16 22:53:42	a1e7b215e1864b59a808e8b63356eca78629563744d6deced84afd55690877c1	txt		njrat
2025-06-16 20:35:42	c9210bd66226f36779eafb19ea8f2ab3cd0d4ffc9728ae1bdea1b021191d5981	txt
2025-06-16 16:52:30	a3fafd76cc487289ee5d259d046ebbaf82ffa71c13e69f3538aec0a7fca593df	txt		XWorm
2025-06-16 16:40:23	aa26b956edc6d25f5aeff7cd7e9db28c70ea730b03b90246c6dc9f93d6db062b	txt
2025-06-12 15:38:31	dff4319ada078e744497da2f44a594228f2dde3761a0c80ebd5df43e7cc41b85	txt		XWorm
2025-06-11 23:49:45	8b0a8fb7c648e80397067ecd714092d9904c6d8625f67aa1aef2dc864891ab43	txt		RemcosRAT
2025-06-11 22:59:03	73c28224eca789607d77884620425d0fad56ef7591d6cda5f384a49d19beb5c7	txt