URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	xworm0106.duckdns.org
Domain registrar:	Gandi
Domain registration date:	2013-04-12 19:58:56 UTC
Abuse complaint sent?:	Yes (2025-10-04 02:48:02 UTC to abuse{at}duckdns[dot]org)
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Blocked
ProtonDNS :	Not blocked
OpenBLD :	Blocked
DNS4EU :	Blocked
Control D HaGeZi :	Not blocked
Firstseen:	2025-10-04 02:47:05 UTC
Total malware sites :	5
Online malware sites :	0 (0%)
Offline Malware sites :	5 (100%)
A record(s) observed :	3

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-10-14 15:30:36	186.169.46.112		Not listed	AS3816 COLOMBIA_TELECOMUNICACIONES_S.A._ESP_BIC	CO	yes
2025-10-06 15:11:12	186.169.76.187		Not listed	AS3816 COLOMBIA_TELECOMUNICACIONES_S.A._ESP_BIC	CO	no
2025-10-04 02:47:08	186.169.89.1		Not listed	AS3816 COLOMBIA_TELECOMUNICACIONES_S.A._ESP_BIC	CO	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-10-04 02:47:22	http://xworm0106.duckdns.org/andre.vbs	Offline	opendir RemcosRAT	Riordz
2025-10-04 02:47:14	http://xworm0106.duckdns.org/dllchichi.txt	Offline	base64-loader opendir	Riordz
2025-10-04 02:47:13	http://xworm0106.duckdns.org/31agosto.vbs	Offline	opendir RemcosRAT	Riordz
2025-10-04 02:47:13	http://xworm0106.duckdns.org/sostener.vbs	Offline	opendir RemcosRAT	Riordz
2025-10-04 02:47:08	http://xworm0106.duckdns.org/pchichi.txt	Offline	opendir rev-base64-loader	Riordz

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2025-10-30 06:31:08	09106cfe70aef62ac9c44088a6f3522fb9fa3868e5a2bdc331c4fb0b5bf84e4e	txt
2025-10-27 22:40:57	859de7f0b61c2ce5e61b9737583fb72a80b0219c13c200a2d0de3e0da7f38307	txt		RemcosRAT
2025-10-27 18:43:44	f49e6e84c10ffdd05fcd7f49c6616f25f9385710009bc3dab7cc35bb212676d0	txt		RemcosRAT
2025-10-27 18:14:13	f49e6e84c10ffdd05fcd7f49c6616f25f9385710009bc3dab7cc35bb212676d0	txt		RemcosRAT
2025-10-27 16:40:43	2612e4114bd164430b644d83bfc3f3ad50b160a245af5c9e30d5f96de84c8ff2	txt		RemcosRAT
2025-10-24 22:50:37	29258ce3918dd64f9c36bcec4d356f3b3c7b58b90141d8b14d35d94c42d79be4	txt		RemcosRAT
2025-10-23 10:31:53	c884f32c87fc6ad239d98d00c37a8eb1cad4a38abb2d7e7bc6575339b7ba01da	txt
2025-10-23 10:02:20	7b7471de1ffb467bcabc40ed0d2bf08f0a255bb3c0f4f2e7babf0540d7ed99f5	txt
2025-10-20 23:02:57	b835e4e06da50e5f51090c7a7e942d77c0b0f72a2e4ec73adb1c4f92e0de9955	txt		RemcosRAT
2025-10-18 10:21:25	975ff4a35f09c1ad65fa8160461bcd679ef2ad921120ef1f11d9e5571ef414c5	txt
2025-10-18 05:52:54	975ff4a35f09c1ad65fa8160461bcd679ef2ad921120ef1f11d9e5571ef414c5	txt
2025-10-08 21:21:53	540ec378cbd516ca43ee050f1cde867abee50480e3b33bb216af9dd4b98cf1f4	txt		RemcosRAT
2025-10-04 13:41:56	7aab9283bc3a6e6bdf97fa60443aa9f9a7555ab11f1d284e37506bc0f7fb63fb	txt
2025-10-04 02:47:14	3c803751fb9d3b5c1a692674832792ab921752b389f7cf2015097a001194d981	txt
2025-10-04 02:47:12	7aab9283bc3a6e6bdf97fa60443aa9f9a7555ab11f1d284e37506bc0f7fb63fb	txt
2025-10-04 02:47:08	5c53700dd0af623314c44fb4d22e250766bd3f57ad86be0c15f2536c44339c5d	txt