home

downloader-ams3.disk.yandex.com.tr

Domain Information

Server location:
Noord-Holland, Netherlands (NL)

ASN:
AS13238 YANDEX Yandex LLC

Root domain:
com.tr

The domain downloader-ams3.disk.yandex.com.tr has been seen to resolve to the following IP address.

178.154.255.243
downloader-ams3.disk.yandex.ru
July 23, 2014

File downloads found at URLs served by downloader-ams3.disk.yandex.com.tr.

0 / 68
https://downloader-ams3.disk.yandex.com.tr/rdisk/a00fe45c3b208114e01775973ddc0f09/54010a74/jqkDCihsQCnCNaosc7kK3Pnn5GGLmUNN9PfAH_vWOsmYCQT9Kwajq6Dj9QXhdikLNy2Z4uip2IDtTfDIKasNMg==?uid=0&filename=gfwlivesetupmin.exe&disposition=attachment&hash=gzMPDLC0lYUZK03ZX4sqLy77bR8JrCygLdv4nuGYxDY=:/.../x-msdownload&fsize=31879336&hid=70390b89343cba98421e50850489d3a8&media_type=executable&rtoken=cee530948e5aea1ce31e232e0f4c8ae5&rtimestamp=5400d234&force_default=no  (6411dc5c3449e5679916e37c2e388c44)

9 / 68      (Malware)
https://downloader-ams3.disk.yandex.com.tr/rdisk/e017e85a3e68d360742e3ea0d46e6818/540109a5/4ZJ941FLJM6s4zzGhOG6Kaijgz3J1ehiSjdcHkwc7gwpzXgX_XBRF_s1ErM429T5MlnXKCMtWMw6JLmf-ueKtQ==?uid=0&filename=1911.dll&disposition=attachment&hash=gzMPDLC0lYUZK03ZX4sqLy77bR8JrCygLdv4nuGYxDY=:/.../x-msdownload&fsize=169984&hid=a5df9f2ebdf564c6f25df04622bac2f9&media_type=executable&rtoken=c6211bffed319795cd145d1a93580883&rtimestamp=5400d166&force_default=no  (45944658e93e052eb631dbb4fd5a3d97)

13 / 68    (Malware)
https://downloader-ams3.disk.yandex.com.tr/rdisk/c9f9466b75f699723f1d37e438fb37f9/54010965/zfZ7CYRkip5G49xsSqVAE5gJlHcfAFI7pXwWY40Boj1-8qJDzoXcwBhci6ZJOgDtYSwDJsqIDgqhhKhZj8VMlg==?uid=0&filename=LaunchGTAIV.exe&disposition=attachment&hash=gzMPDLC0lYUZK03ZX4sqLy77bR8JrCygLdv4nuGYxDY=:/.../x-msdownload&fsize=73728&hid=5d25f63f988f11fcba5586191eee2aa1&media_type=executable&rtoken=6a1fa001b24c00653f65b35372794a91&rtimestamp=5400d125&force_default=no  (3e9b3dc03cd5c2e658dd731b616fdcf1)

9 / 68      (Malware)
https://downloader-ams3.disk.yandex.com.tr/rdisk/dcecd58d061ebf1b76fd6bcddf272c51/54010955/4ZJ941FLJM6s4zzGhOG6Kaijgz3J1ehiSjdcHkwc7gwpzXgX_XBRF_s1ErM429T5MlnXKCMtWMw6JLmf-ueKtQ==?uid=0&filename=1911.dll&disposition=attachment&hash=gzMPDLC0lYUZK03ZX4sqLy77bR8JrCygLdv4nuGYxDY=:/.../x-msdownload&fsize=169984&hid=a5df9f2ebdf564c6f25df04622bac2f9&media_type=executable&rtoken=d598364ecb72d4f19c9d0e0e602f5658&rtimestamp=5400d116&force_default=no  (45944658e93e052eb631dbb4fd5a3d97)

5 / 68      (PUP)
https://downloader-ams3.disk.yandex.com.tr/rdisk/e93d315f33bfe0e62193144ace77cb7c/54099b37/E_Of8yXfs7b5aWNG6Be9DU42JW8zAhT1HVYBQkFEI_WtZzcogoSsvW-yxsK5zvNhCir1VjGYXCKAm747ALHhAg==?uid=0&filename=Unlocker1.9.1-tamindir.exe&disposition=attachment&hash=XKVlgyKx6wIn0JYgwaXldHoR11pqR3Bsnyx/.../x-msdownload&fsize=802113&hid=28f3581cb3ddf4014b701f0f1d3d6709&media_type=executable&rtoken=05cb7eeb4b3d89d95300a82454ae8b8a&rtimestamp=540962f9&force_default=no  (unlocker1.9.1.exe)

0 / 68
https://downloader-ams3.disk.yandex.com.tr/rshare/80c039c7d62e9bcec43b9c553fd04a84/53cc1941/.../x-msdownload&fsize=1002272&hid=a5684d9de37e2aff12a2e37bc285b4ca&media_type=executable&rtoken=df49cf02d72dfde4a97b82407a8e855b&rtimestamp=53cbe103&force_default=no  (e9871c6c8e409a53e7cf591c3d28a713)

0 / 68
https://downloader-ams3.disk.yandex.com.tr/rdisk/b87073cb2a8043a5b7835fa0c536baf3/53c83556/.../x-zip-compressed&fsize=392710&hid=30470416ad4e09328d2fd7f55030792b&media_type=compressed&rtoken=5663f530e26e2c23a96e2d6654537e3d&rtimestamp=53c7fd17&force_default=no  (9a0ba6e332913a7277fc0402aae16dbd)

0 / 68
https://downloader-ams3.disk.yandex.com.tr/rdisk/2194c2950886ac60ab34d44bcf72158b/523dd93f/.../x-msdownload&rtoken=14ad8181d6480e3ec0808d7b167eeaa9&rtimestamp=523dd93f  (ef4d3990413e1da16b287834219dda80)

The following 2 files have been seen to comunicate with downloader-ams3.disk.yandex.com.tr in live environments.

TCP » 178.154.255.243:443
fdm.exe (Free Download Manager by FreeDownloadManager.ORG)

TCP » 178.154.255.243:443
ekrn.exe (ESET Smart Security by ESET)

yandex.com

yandex.ru

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.