URLhaus Database
Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).
Database Entry
| Host: | ircftp.net |
|---|---|
| Domain registrar: | eNom  |
| Domain registration date: | 2010-06-03 05:05:25 UTC |
| Spamhaus DBL : | Abused domain (malware) |
| SURBL : | Blocked |
| Quad9 : | Blocked |
| AdGuard : | Blocked |
| Cloudflare : | Blocked |
| ProtonDNS : | Blocked |
| OpenBLD : | Blocked |
| DNS4EU : | Blocked |
| Control D HaGeZi : | Not blocked |
| Firstseen: | 2023-10-20 14:59:04 UTC |
| Total malware sites : | 5 |
| Online malware sites : | 1 (20%) |
| Offline Malware sites : | 4 (80%) |
| Newest active malware site : | 2023-10-20 15:11:06 UTC |
| Oldest active malware site : | 2023-10-20 15:11:06 UTC (Age: 2 years, 2 months, 21 days, 3 hours, 11 minutes) |
| A record(s) observed : | 1 |
IP addresses
The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.
| Firstseen (UTC) | IP address | Hostname | SBL | ASN | Country | Active? |
|---|---|---|---|---|---|---|
| 2023-10-20 14:59:05 | 103.233.0.127 | vps.irc.com.my | Not listed | AS46015 EXABYTES-AS-AP |  MY | yes |
Malware URLs
The table below shows all malware URLs that are associated with this particular host.
| Dateadded (UTC) | URL | Status | Tags | Reporter |
|---|---|---|---|---|
| 2023-10-20 15:11:08 | http://ircftp.net/avatar.jpg | Offline | ahk |  AndreGironda |
| 2023-10-20 15:11:06 | http://ircftp.net/image.png | Online | ahk | AndreGironda |
| 2023-10-20 15:07:03 | http://ircftp.net/msi.msi | Offline | msi | AndreGironda |
| 2023-10-20 15:00:13 | http://ircftp.net/module/Veeam.Backup.Service.exe | Offline | exe | AndreGironda |
| 2023-10-20 14:59:05 | http://ircftp.net/module/Veeam.Backup.Service.ahk | Offline | ahk | AndreGironda |
The table below shows recent payloads delivery by this host.
| Firstseen (UTC) | SHA256 hash | File type | Bazaar | Signature |
|---|---|---|---|---|
| 2023-10-20 15:11:08 | ae4c975bdaa91128595a0742e998703c0e9b270e8dfff42924c8479b1b8bdacc | exe | ||
| 2023-10-20 15:11:06 | 8da82e38632171bd49d228e4bdb2267dead1bccaec8a1f4ee891fb21d52182bd | unknown | ||
| 2023-10-20 15:00:13 | 02392dadd74d3a180bfe79b12cb1b361515a42b7aef57ddc8a76f0112fedfa7d | exe |