Locky Distribution Site :: ganwen.cn

Host Information

Locky Distribution Site:ganwen.cn
Threat:Distribution Site
Malware:Locky
URL:http://ganwen.cn/qirleq
Host Status:offline
Blacklist check:Spamhaus DBL:Not Listed
 SURBL:Not Listed
Domain Registar:厦门易名科技股份有限公司
Nameserver(s):rihana.ns.cloudflare.com
 sid.ns.cloudflare.com
Firstseen (UTC):2016-11-04 14:15:18
Lastseen (UTC):never

Associated IP addresses

The table below shows all ip addresses (e.g. A records) associated with this Locky Distribution Site. In case the host is a domain name, the table also shows a history of previous A records if there are any.

Active (?This row indicates whether the domain name's A record is currently pointing to an IP address or whether the record is historic (e.g. because the A record has been moved to a different IP address).

yes = Active A record
no = Historical record
)
Firstseen (UTC)Lastseen (UTC)IP addressHostnameSBLAS numberAS nameCountry
yes2018-03-12 01:47:562019-07-23 06:07:04104.27.172.159Not listedAS13335CLOUDFLARENET - Cloudflare, Inc., US- United States (US)
yes2018-03-12 01:47:552019-07-23 06:07:04104.27.173.159Not listedAS13335CLOUDFLARENET - Cloudflare, Inc., US- United States (US)
no2016-11-04 14:41:482016-11-05 01:19:37103.242.133.113Not listedAS55933CLOUDIE-AS-AP Cloudie Limited, HK- China (CN)
no2017-10-06 01:38:332017-12-04 05:47:10119.28.13.101Not listedAS132203TENCENT-NET-AP-CN Tencent Building, Keji[...]- China (CN)
no2017-06-22 01:14:372017-09-25 01:32:00119.28.76.200Not listedAS133478TENCENT-AS-AP Tencent Cloud Computing (B[...]- China (CN)
no2016-11-23 15:51:452016-11-24 05:16:42175.98.163.215175-98-163-215.static.tfn.net.twNot listedAS9924TFN-TW Taiwan Fixed Network, Telco and N[...]- Taiwan (TW)

# IPs found: 6 (max. 25)

Dropped files

Latest 100 files (malware samples) dropped by this distribution site.

Firstseen (UTC)MD5 hashFilesizeVTSignature
2016-11-04 14:41:47b45547089068e07611443bf460f14028187'904 bytesVirustotal results 18/55 (32.73%) n/a

Unique dropped files: 1