Protected by cloudflare but not hard to find the hoster. avtobizz.ru 104.31.89.136 Use hxxp://www.skypeipresolver.net/cloudflare.php to find the real ip. Locky here is hosted by blazinfast.io Logs from infected computers and samples here : hxxp://213.108.44.167/logiplya/ Hosting Infos : http://whois.domaintools.com/185.11.145.10
eiqdfngoghledf.pw(Locky Ransomware Hosted In France ASN: 16276 OVH SAS)
Domains : eiqdfngoghledf.pw emijtrjhnrddoxr.org ofsrsykqd.pl whrilkltsrvggxsj.click fphnnnkaei.org ntdvwoousyc.pl kmarheql.info pobqrwoxltcy.pl eyetuesq.ru djxmxiahj.biz kdyoevbcxy.su ajqjdjblfdjti.work clsfnbwpekrxmcj.xyz qkpdsttc.pw ihxkjsgmloij.work rhiqtgs.info jbtnnvqkwakpitxk.pl awcweto.xyz URL’S : hxxp://93.170.131.108/submit.php hxxp://5.135.76.18/submit.php hxxp://82.146.37.200/submit.php Sample : hxxp://mundogostoso.com.br/zFN1Lg.exe Hosting infos : http://whois.domaintools.com/5.135.76.18
jcngtodnjlcr.it(Ransomware Locky Hosted In United Kingdom Belfast Barefruit Ltd.)
Domains : jcngtodnjlcr.it mneqmmunsee.us xdryy.uk awrobhtsxpmcro.tf boapooihhqkthvm.de gfyttdu.ru dpirlysijsbyy.pm whetujmpw.pm POSTs files to a webserver : “POST /main.php HTTP/1.1 Host: 5.34.183.136 Sample : hxxp://bitmeyenkartusistanbul.com/system/logs/87h754/fXBvKHcBd.exe Hosting Infos : http://whois.domaintools.com/92.242.144.2