URLhaus Database

You are currently viewing the URLhaus database entry for http://xworm0106.duckdns.org/31agosto.vbs which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3651454
URL: http://xworm0106.duckdns.org/31agosto.vbs
URL Status:Offline
Host: xworm0106.duckdns.org
Date added:2025-10-04 02:47:13 UTC
Last online:2025-10-21 05:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Blocked
dns0.eu :Not blocked
ProtonDNS :Status unknown
OpenBLD :Blocked
DNS4EU :Blocked
Reporter: Riordz
Abuse complaint sent (?): Yes (2025-10-20 23:03:11 UTC to admin[dot]internet{at}telecom[dot]com[dot]co)
Takedown time:21 days, 21 hours, 31 minutes Bad (down since 2025-10-30 18:53:41 UTC)
Tags:opendir RemcosRAT link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-10-3031agosto.vbstxt 09106cfe70aef62ac9c44088a6f3522fb9fa3868e5a2bdc331c4fb0b5bf84e4eVirustotal results 17.86% 
2025-10-2731agosto.vbstxt 859de7f0b61c2ce5e61b9737583fb72a80b0219c13c200a2d0de3e0da7f38307Virustotal results 27.42%RemcosRAT
2025-10-2731agosto.vbstxt 2612e4114bd164430b644d83bfc3f3ad50b160a245af5c9e30d5f96de84c8ff2Virustotal results 17.74% RemcosRAT
2025-10-2431agosto.vbstxt 29258ce3918dd64f9c36bcec4d356f3b3c7b58b90141d8b14d35d94c42d79be4Virustotal results 16.39% RemcosRAT
2025-10-2031agosto.vbstxt b835e4e06da50e5f51090c7a7e942d77c0b0f72a2e4ec73adb1c4f92e0de9955Virustotal results 22.95% RemcosRAT
2025-10-0831agosto.vbstxt 540ec378cbd516ca43ee050f1cde867abee50480e3b33bb216af9dd4b98cf1f4Virustotal results 24.19% RemcosRAT