URLhaus Database

You are currently viewing the URLhaus database entry for http://holdadmin2024.duckdns.org/incrustado.vbs which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3509103
URL: http://holdadmin2024.duckdns.org/incrustado.vbs
URL Status:Offline
Host: holdadmin2024.duckdns.org
Date added:2025-04-12 18:48:26 UTC
Last online:2025-08-15 16:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Blocked
DNS4EU :Blocked
Reporter: DaveLikesMalwre
Abuse complaint sent (?): Yes (2025-08-15 12:42:13 UTC to abuse{at}frootvpn[dot]com)
Takedown time:2 months, 4 days, 18 hours, 7 minutes Bad (down since 2025-08-15 16:18:43 UTC)
Tags:njRAT link opendir ua-wget vbs

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-08-15incrustado.vbstxt fed260507508e3c24632800ee2cd39e9c401cf6f84ebe3467979857cec2dfe9cVirustotal results 6.45%njrat
2025-07-02incrustado.vbstxt 6849da9fb64c3db1e883aa1a106a03c8e69d3e41d4be8a81bafbdd78f2f311dan/a njrat
2025-06-17incrustado.vbstxt 0e0195998fe478bbfc06a28706f21ae830f15765995cad680b955baf23eb9b86n/anjrat
2025-06-16incrustado.vbstxt a1e7b215e1864b59a808e8b63356eca78629563744d6deced84afd55690877c1n/anjrat
2025-06-16incrustado.vbstxt c9210bd66226f36779eafb19ea8f2ab3cd0d4ffc9728ae1bdea1b021191d5981n/a
2025-06-16incrustado.vbstxt aa26b956edc6d25f5aeff7cd7e9db28c70ea730b03b90246c6dc9f93d6db062bn/a
2025-06-11incrustado.vbstxt 73c28224eca789607d77884620425d0fad56ef7591d6cda5f384a49d19beb5c7n/a