Locky Distribution Site :: birlesimsucuklari.com
Host Information
| Locky Distribution Site: | birlesimsucuklari.com | |
|---|---|---|
| Threat: | Distribution Site | |
| Malware: | Locky | |
| Host Status: | ||
| Blacklist check: | Spamhaus DBL: | |
| SURBL: | ||
| Domain Registar: | PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM | |
| Nameserver(s): | dns10.parkpage.foundationapi.com | |
| dns11.parkpage.foundationapi.com | ||
| Firstseen (UTC): | 2016-05-26 06:21:52 | |
| Lastseen (UTC): | never | |
Ransomware URLs
The table below shows all associated Ransomware URLs located on this host.
| Firstseen (UTC) | URL (?URL assocaited with this Ransomware. The leading dots (Red, Green, Grey) indicate whether the URL is active or not. Red = Online Green = Offline Grey = Unknown) | Threat | Malware |
|---|---|---|---|
| 2016-05-27 11:01:31 | http://birlesimsucuklari.com/98yh87nb6v4 | ||
| 2016-05-26 06:21:52 | http://birlesimsucuklari.com/k7jhrt4hertg |
# of URLs: 2
Associated IP addresses
The table below shows all ip addresses (e.g. A records) associated with this Locky Distribution Site. In case the host is a domain name, the table also shows a history of previous A records if there are any.
| Active (?This row indicates whether the domain name's A record is currently pointing to an IP address or whether the record is historic (e.g. because the A record has been moved to a different IP address). yes = Active A record no = Historical record) | Firstseen (UTC) | Lastseen (UTC) | IP address | Hostname | SBL | AS number | AS name | Country |
|---|---|---|---|---|---|---|---|---|
| yes | 2016-07-16 01:10:02 | 2016-08-22 07:20:10 | 209.99.40.223 | 209-99-40-223.fwd.datafoundry.com | Not listed | AS3900 | TEXASNET-ASN - YHC Corporation, US |  United States (US) |
| no | 2016-07-16 02:00:28 | 2016-08-22 05:10:41 | 209.99.40.222 | 209-99-40-222.fwd.datafoundry.com | Not listed | AS3900 | TEXASNET-ASN - YHC Corporation, US | United States (US) |
| no | 2016-05-26 06:48:12 | 2016-07-16 00:19:54 | 31.192.209.44 | server.sivasnetwork.net | Not listed | AS51559 |  Turkey (TR) |
# IPs found: 3 (max. 25)
Dropped files
Latest 100 files (malware samples) dropped by this distribution site.
| Firstseen (UTC) | MD5 hash | Filesize | VT | Signature |
|---|---|---|---|---|
| 2016-05-30 23:18:49 | e2fd448a530f8c74745b46e024af05ad | 118'736 bytes | n/a | n/a |
| 2016-05-27 17:28:39 | 8ea223d68856ba857a485b506259ae00 | 151'345 bytes |  56/66 (84.85%)
| n/a |
| 2016-05-27 12:50:16 | 069b364bc8ec6cb9a2f706cdc4bd7b6f | 348'160 bytes | 5/56 (8.93%)
| n/a |
| 2016-05-27 10:38:17 | 7e208c0acf16ffec1989ae78f473d7a7 | 160'840 bytes | 7/56 (12.50%)
| n/a |
| 2016-05-25 14:26:06 | 1b4bb57ddc3b95528194fabaf01ac054 | 241'664 bytes | 47/56 (83.93%)
| Locky |
Unique dropped files: 5