Locky Distribution Site :: cemiselbiseleri.com
Host Information
| Locky Distribution Site: | cemiselbiseleri.com | |
|---|---|---|
| Threat: | Distribution Site | |
| Malware: | Locky | |
| Host Status: | ||
| Blacklist check: | Spamhaus DBL: | |
| SURBL: | ||
| Domain Registar: | PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM | |
| Nameserver(s): | ns1.turkishost.com | |
| ns2.turkishost.com | ||
| Firstseen (UTC): | 2016-10-28 10:46:40 | |
| Lastseen (UTC): | never | |
Ransomware URLs
The table below shows all associated Ransomware URLs located on this host.
| Firstseen (UTC) | URL (?URL assocaited with this Ransomware. The leading dots (Red, Green, Grey) indicate whether the URL is active or not. Red = Online Green = Offline Grey = Unknown) | Threat | Malware |
|---|---|---|---|
| 2016-12-13 11:18:53 | http://cemiselbiseleri.com/jht76gh | ||
| 2016-10-28 10:46:40 | http://cemiselbiseleri.com/7fg3g |
# of URLs: 2
Associated IP addresses
The table below shows all ip addresses (e.g. A records) associated with this Locky Distribution Site. In case the host is a domain name, the table also shows a history of previous A records if there are any.
| Active (?This row indicates whether the domain name's A record is currently pointing to an IP address or whether the record is historic (e.g. because the A record has been moved to a different IP address). yes = Active A record no = Historical record) | Firstseen (UTC) | Lastseen (UTC) | IP address | Hostname | SBL | AS number | AS name | Country |
|---|---|---|---|---|---|---|---|---|
| yes | 2017-12-17 01:50:52 | 2019-10-13 08:26:55 | 185.71.216.35 | 1857121635.static.turkishost.com | Not listed | AS43260 | DGN, TR |  Cyprus (CY) |
| no | 2017-01-02 10:32:26 | 2017-10-06 01:50:37 | 185.71.216.182 | 18571216182.static.turkishost.com | Not listed | AS43260 | SSDHOSTING , CY | Cyprus (CY) |
| no | 2016-10-28 10:54:50 | 2017-01-02 09:38:13 | 185.71.216.26 | 1857121626.static.turkishost.com | Not listed | AS201534 | SSDHOSTING , CY | Cyprus (CY) |
| no | 2017-10-07 01:44:47 | 2017-12-16 01:55:16 | 185.71.216.34 | 1857121634.static.turkishost.com | Not listed | AS43260 | DGN, TR | Cyprus (CY) |
| no | 2018-07-10 07:05:02 | 2018-07-10 08:02:55 | 209.99.40.222 | 209-99-40-222.fwd.datafoundry.com | Not listed | AS40034 | TEXASNET-ASN - YHC Corporation, US |  United States (US) |
| no | 2018-07-11 07:06:54 | 2018-07-12 07:03:48 | 209.99.40.223 | 209-99-40-223.fwd.datafoundry.com | Not listed | AS3900 | TEXASNET-ASN - YHC Corporation, US | United States (US) |
# IPs found: 6 (max. 25)
Dropped files
Latest 100 files (malware samples) dropped by this distribution site.
| Firstseen (UTC) | MD5 hash | Filesize | VT | Signature |
|---|---|---|---|---|
| 2016-12-13 14:20:16 | e98ae17129de777e560d9bb5a49d77e3 | 352'256 bytes |  19/59 (32.20%)
| # Not authorized |
| 2016-10-29 01:00:30 | 20db9dbf8ce79e80f8b0a0c2b9390a33 | 237'568 bytes | 5/60 (8.33%)
| # Not authorized |
| 2016-10-28 10:52:13 | e6151a0259f7e2b29fd315b542bc9ba2 | 266'240 bytes | 0/53 (0.00%)
| n/a |
Unique dropped files: 3