URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	ssl.ftp21.cc
Domain registrar:	Public Domain Registry
Domain registration date:	2022-02-19 13:35:09 UTC
Spamhaus DBL :	Abused domain (botnet C&C)
SURBL :	Blocked
Quad9 :	Blocked
AdGuard :	Not blocked
Cloudflare :	Blocked
ProtonDNS :	Blocked
OpenBLD :	Blocked
DNS4EU :	Blocked
Control D HaGeZi :	Not blocked
Firstseen:	2024-06-29 06:04:04 UTC
Total malware sites :	1
A record(s) observed :	5

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2024-07-20 05:35:46	162.213.224.200	162-213-224-200.socswireless.com	Not listed	AS46598 SOUTHERN-OHIO-COMMUNICATION-SERVICES	US	yes
2024-07-02 15:53:02	211.108.60.155		Not listed	AS9318 SKB-AS	KR	no
2024-07-16 04:41:19	118.163.22.127	118-163-22-127.hinet-ip.hinet.net	Not listed	AS3462 HINET	TW	no
2024-07-02 15:53:07	218.57.129.51		Not listed	AS4837 CHINA169-Backbone	CN	no
2024-06-29 06:04:06	81.28.12.12		Not listed	AS199524 GCORE	NL	no

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2024-06-29 06:04:06	http://ssl.ftp21.cc/TQ.jpg	Online	32 exe Gh0stRAT upx	zbetcheckin

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2024-06-29 06:04:06	5d87bd723f8267c3c0bef75f2b502321c518ac6a09696f3971ace53d0ba505cd	exe		Gh0stRAT