Locky Distribution Site :: ensaenerji.com
Host Information
| Locky Distribution Site: | ensaenerji.com | |
|---|---|---|
| Threat: | Distribution Site | |
| Malware: | Locky | |
| Host Status: | ||
| Blacklist check: | Spamhaus DBL: | |
| SURBL: | ||
| Domain Registar: | ONLINENIC, INC. | |
| Nameserver(s): | ns3.webbilir.com | |
| ns4.webbilir.com | ||
| Firstseen (UTC): | 2016-09-27 05:04:41 | |
| Lastseen (UTC): | never | |
Ransomware URLs
The table below shows all associated Ransomware URLs located on this host.
| Firstseen (UTC) | URL (?URL assocaited with this Ransomware. The leading dots (Red, Green, Grey) indicate whether the URL is active or not. Red = Online Green = Offline Grey = Unknown) | Threat | Malware |
|---|---|---|---|
| 2016-09-30 11:58:17 | http://ensaenerji.com/h5piv | ||
| 2016-09-27 05:04:41 | http://ensaenerji.com/g766d4ft |
# of URLs: 2
Associated IP addresses
The table below shows all ip addresses (e.g. A records) associated with this Locky Distribution Site. In case the host is a domain name, the table also shows a history of previous A records if there are any.
| Active (?This row indicates whether the domain name's A record is currently pointing to an IP address or whether the record is historic (e.g. because the A record has been moved to a different IP address). yes = Active A record no = Historical record) | Firstseen (UTC) | Lastseen (UTC) | IP address | Hostname | SBL | AS number | AS name | Country |
|---|---|---|---|---|---|---|---|---|
| yes | 2019-01-08 03:03:04 | 2019-07-24 02:54:16 | 78.142.208.192 | raptor.veridyen.com | Not listed | AS209853 | VERIDYEN Veridyen Bilisim Teknolojileri [...] |  Russian Federation (RU) |
| no | 2016-09-27 05:58:27 | 2016-11-23 13:41:42 | 178.210.160.75 | cp7.markum.net | Not listed | AS56363 | AS-MARKUM , TR |  Turkey (TR) |
| no | 2016-11-24 13:20:53 | 2018-04-05 01:46:31 | 178.210.173.32 | 178.210.173.32.static.markum.net | Not listed | AS42910 | AS-MARKUM , TR | Turkey (TR) |
| no | 2018-04-06 01:17:40 | 2019-01-07 06:32:25 | 185.149.103.162 | shrktyup.veridyen.com | Not listed | AS51559 | NETINTERNET, TR | Turkey (TR) |
# IPs found: 4 (max. 25)
Dropped files
Latest 100 files (malware samples) dropped by this distribution site.
| Firstseen (UTC) | MD5 hash | Filesize | VT | Signature |
|---|---|---|---|---|
| 2016-09-30 16:54:51 | 143630e218c19ded78e628232e8e684a | 182'788 bytes |  2/55 (3.64%)
| n/a |
| 2016-09-27 05:48:25 | b46cbf7e983ee7b8cf593adc1c483f67 | 233'472 bytes | 5/54 (9.26%)
| n/a |
Unique dropped files: 2