» downloader-ams2.disk.yandex.com.tr
Overview
IPs Addresses (1)
Downloads (6)
Network (2)
Related Domains (2)

downloader-ams2.disk.yandex.com.tr

Domain Information

Server location:

Noord-Holland, Netherlands (NL)

Root domain:

The domain downloader-ams2.disk.yandex.com.tr has been seen to resolve to the following IP address.

178.154.255.242

downloader-ams2.disk.yandex.ru

May 5, 2014

File downloads found at URLs served by downloader-ams2.disk.yandex.com.tr.

0 / 68

https://downloader-ams2.disk.yandex.com.tr/rshare/a4dd8c97c8853610d57d5e0f8465f9e8/5372105b/.../x-msdownload&fsize=1002272&hid=4514d3c03c47b8d6844c4fd9916eb863&media_type=executable&rtoken=2894d03c85b88fd33262e87565cad189&rtimestamp=5372105d&force_default=no (3e6423494849d52b4ce09455eedb3ea9)

0 / 68

https://downloader-ams2.disk.yandex.com.tr/rdisk/9b4739dd507556160a9e28f68c26ade1/54010972/0fOw5AWASad7zCxijzj8jiZ4aUQvu-TNuUVZSbRl7ViZexfaIMzDzjpEkKlaE8jdgFzNoJN19rx3qx8Pz8eg2w==?uid=0&filename=xlive.dll&disposition=attachment&hash=gzMPDLC0lYUZK03ZX4sqLy77bR8JrCygLdv4nuGYxDY=:/.../x-msdownload&fsize=80384&hid=acc72e6ceae7c3d2859cf95687af226d&media_type=executable&rtoken=0241def3c9f38ea9cfe0b2c6ac74cf04&rtimestamp=5400d133&force_default=no (001d1fd033d0959199b9fdaf5ec50456)

0 / 68

https://downloader-ams2.disk.yandex.com.tr/rshare/d91144c69a1cf2608eab90495372ea2a/538687f8/.../x-msdownload&fsize=1002272&hid=a014ccdeefe60d5fd099804dbdc045d5&media_type=executable&rtoken=7631de6cf6f24e604779130c8c4df615&rtimestamp=538687f9&force_default=no (69004df303abf1d27328282e85575b73)

0 / 68

https://downloader-ams2.disk.yandex.com.tr/rdisk/aceeafc1ab5ed9f3d8eb30f6890d21dc/53da405d/.../x-zip-compressed&fsize=2621223&hid=7e47b4a00b407039db295b9f9ebd4f77&media_type=compressed&rtoken=3a0db5522f47c20148ad5c2a2ad79e77&rtimestamp=53da081d&force_default=no ({3670ca8a-1b17-4c56-b07c-dd8e0ce23104}-windows 7 loader extreme edition.zip)

5 / 68 (inconclusive)

https://downloader-ams2.disk.yandex.com.tr/rdisk/48c927bb8b75ecf76f7a47ed4681f94e/53a51f43/JGJ7c20-El34w3rnen2oavk9JvPlm5A5gLFMfO0B3ZXRur5-kr55MSGFvX1_MsbdENComZAr7SEMKGWHP0MAGQ==?uid=0&filename=ComboFix-14.6.16.1-tamindir.exe&disposition=attachment&hash=NlFlnzBe3LByb ykecm4QyexiFcs14flwu6Yju/.../x-msdownload&fsize=5206841&hid=76c0b8a75690209f73bfba5bd8d084e8&media_type=executable&rtoken=4e8168eb5608e29cc9c8fa0c66ce8c7c&rtimestamp=53a51f43&force_default=no (ComboFix.exe)

0 / 68

https://downloader-ams2.disk.yandex.com.tr/rshare/ef47ce9d796fc9df00e1e7089ff98dbc/5316f6e6/.../x-msdownload&fsize=1002272&hid=2633291d194a4204ca35ce1ea2ec1eb5&media_type=executable&rtoken=f0a5963329b2d01923f82f4d7ff3a223&rtimestamp=5316f6e7 (cc50c3910941fec94ee4386f581860af)

The following 2 files have been seen to comunicate with downloader-ams2.disk.yandex.com.tr in live environments.

TCP » 178.154.255.242:443

YandexDisk.exe (Yandex.Disk by Yandex)

TCP » 178.154.255.242:443

ekrn.exe (ESET Smart Security by ESET)

Related Domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.