Locky Distribution Site :: firstscog.net
Host Information
| Locky Distribution Site: | firstscog.net | |
|---|---|---|
| Threat: | Distribution Site | |
| Malware: | Locky | |
| Host Status: | ||
| Blacklist check: | Spamhaus DBL: | LISTED |
| SURBL: | ||
| Domain Registar: | PAKNIC (PRIVATE) LIMITED | |
| Firstseen (UTC): | 2016-11-28 10:23:10 | |
| Lastseen (UTC): | never | |
Ransomware URLs
The table below shows all associated Ransomware URLs located on this host.
| Firstseen (UTC) | URL (?URL assocaited with this Ransomware. The leading dots (Red, Green, Grey) indicate whether the URL is active or not. Red = Online Green = Offline Grey = Unknown) | Threat | Malware |
|---|---|---|---|
| 2016-11-28 10:28:14 | http://firstscog.net/llag3hkx | ||
| 2016-11-28 10:24:01 | http://firstscog.net/fygmen86lq | ||
| 2016-11-28 10:23:43 | http://firstscog.net/gitra3 | ||
| 2016-11-28 10:23:10 | http://firstscog.net/2hd0sxoga |
# of URLs: 4
Associated IP addresses
The table below shows all ip addresses (e.g. A records) associated with this Locky Distribution Site. In case the host is a domain name, the table also shows a history of previous A records if there are any.
| Active (?This row indicates whether the domain name's A record is currently pointing to an IP address or whether the record is historic (e.g. because the A record has been moved to a different IP address). yes = Active A record no = Historical record) | Firstseen (UTC) | Lastseen (UTC) | IP address | Hostname | SBL | AS number | AS name | Country |
|---|---|---|---|---|---|---|---|---|
| no | 2018-01-30 01:52:12 | 2019-01-29 05:53:40 | 104.239.157.210 | Not listed | AS33070 | RMH-14 - Rackspace Hosting, US |  United States (US) | |
| no | 2016-11-28 13:21:34 | 2016-11-29 01:29:54 | 183.98.152.2 | Not listed | AS4766 | KIXS-AS-KR Korea Telecom, KR |  Korea, Republic of (KR) | |
| no | 2016-11-28 13:21:34 | 2016-11-30 02:02:33 | 213.176.241.230 | Not listed | AS13055 | CSVLG-AS , RU |  Russian Federation (RU) | |
| no | 2018-01-30 01:52:12 | 2019-01-29 05:53:40 | 23.253.126.58 | Not listed | AS33070 | RMH-14 - Rackspace Hosting, US | United States (US) | |
| no | 2016-11-28 13:21:35 | 2016-12-13 08:04:43 | 67.171.65.64 | c-67-171-65-64.hsd1.pa.comcast.net | Not listed | AS7922 | COMCAST-7922 - Comcast Cable Communicati[...] | United States (US) |
# IPs found: 5 (max. 25)
Dropped files
Latest 100 files (malware samples) dropped by this distribution site.
| Firstseen (UTC) | MD5 hash | Filesize | VT | Signature |
|---|---|---|---|---|
| 2016-11-28 13:38:28 | 8acbb5c7e41123a2c3bceb370efee123 | 284'172 bytes |  3/54 (5.56%)
| n/a |
| 2016-11-28 13:36:54 | 38cef9f09cc53ef86f6ab14431b330ae | 285'196 bytes | 3/55 (5.45%)
| n/a |
| 2016-11-28 13:35:46 | be2a3b6f56094f35712888a6ce063b2f | 284'684 bytes | 3/55 (5.45%)
| n/a |
| 2016-11-28 13:21:32 | 75c938c8a8c750d38caf851757d20254 | 284'684 bytes | 1/55 (1.82%)
| n/a |
Unique dropped files: 4