Domain > zsn5qtrgfpu4tmpg.tor2web.fi

More information on this domain is in AlienVault OTX

Is this malicious?

Reports

http://ransomwaretracker.abuse.ch/feeds/csv/

https://otx.alienvault.com/pulse/56e85de34637f24cb...

Files that talk to zsn5qtrgfpu4tmpg.tor2web.fi

MD5	A/V
e9c683bc934143ac90d6eeac1a481434
1f6493b1d55c7e25a5f4b475f93aae24	[HW32.Packed.D064] [Trojan.Vimditator.Win32.70] [Trojan.Win32.Encoder.dnmzyt] [Trojan.Cryptolocker!g6] [TROJ_CRYPCBT.SMA] [Trojan-Ransom.Win32.Onion.dh] [Virus.Win32.Heur.c] [Trojan.Encoder.858] [BehavesLike.Win32.Dreform.jc] [Mal/Harnig-B] [Trojan/Vimditator.av] [Trojan/Win32.Vimditator] [Ransom:Win32/Critroni.B] [Ransom-FTX!1F6493B1D55C] [SScope.TrojanRansom.Crytroni] [PE:Malware.XPACK-HIE/Heur!1.9C48] [FileCryptor.VK] [Win32.Trojan.Onion.Eaxo] [Trojan.Win32.Filecoder.DA] [Trojan.FileCryptor] [W32/Filecoder.B!tr] [Win32/Trojan.49b]
9f3eb8e3c27ebf91e06f980bfe23d708
cb4fda8584c18193f04bcfe4bae1d3cd	[Trojan/Win32.Injector]
318279aeb2d390977e8d26e0dd376256	[Win32/Injector.CCAN]
69f6cb80d624ccea72cd7ba1ae496697
b00664dbe47952eaec3e11fd60809656	[Ransom-CWall.c!B00664DBE479] [Trojan.Win32.Injector.dyojju] [PUA.Downloader] [BKDR_ANDROM.YVAND] [Backdoor.Win32.Androm.ipui] [Backdoor.Androm!EJ/7EHYyxIQ] [Mal/Zbot-UH] [UnclassifiedMalware] [BKDR_ANDROM.YVAND] [Ransom-CWall.c!B00664DBE479] [W32/Application.MPUH-3651] [TrojanSpy.Zbot.ieii] [TR/Crypt.Xpack.313663] [Trojan[Backdoor]/Win32.Androm] [Ransom:Win32/Critroni] [Backdoor.Win32.Androm.ipui] [Win32.Trojan.Crypt.Pala] [Trojan.Win32.Crypt] [W32/PWSZbot.FAKV!tr] [Zbot.AJJI] [Trj/CI.A] [Win32/Backdoor.cf4]
50409d8c532f6b9ad43deb90a6a7f5d5	[HW32.Packed.C3D6] [BehavesLike.Win32.Fednu.jc] [W32/Trojan.MYET-4320] [Artemis!50409D8C532F]
8ba886b29a7ae88a0134d2112b9c141a	[HW32.Packed.A872] [W32/Heuristic-300!Eldorado] [Suspect.DoubleExtension-zippwd-15] [Heur.Dual.Extensions] [HEUR_NAMETRICK.A] [BehavesLike.Fednu.jc] [W32/Heuristic-300!Eldorado] [FakeAlert]
0eff91aaafdbeba37fc9f6fc7ac17c81	[HW32.Packed.F300] [W32/Heuristic-300!Eldorado] [Suspect.DoubleExtension-zippwd-15] [Heur.Dual.Extensions] [HEUR_NAMETRICK.A] [W32/Heuristic-300!Eldorado] [Archive.Malware.FakeExt.N@susp] [FakeAlert]
30db9707eaaf67d768fa6330db500e3c	[W32/Heuristic-300!Eldorado] [Suspect.DoubleExtension-zippwd-15] [Heur.Dual.Extensions] [HEUR_NAMETRICK.A] [ZIP/Bredolab.A!Camelot] [Archive.Malware.FakeExt.N@susp] [FakeAlert]
6aa518934405bf695af7a64963e082a7	[HW32.Packed.3936]
a47154dd1f28aa42b7046da274d6df41	[HW32.Packed.6A65] [Suspicious.Cloud.5] [TR/Dropper.VB.45700]
f2ace53e8c56a7228327052255395c11	[HW32.Packed.48A1] [Artemis!F2ACE53E8C56] [Suspicious.Cloud.5] [BehavesLike.Win32.Downloader.jc]
d8a6831e73bedcd7f09696e2dfe3f732	[HW32.Packed.3E26] [Suspicious.Cloud.5]
a292aa67db18205843139a652fd4d331	[W32/Heuristic-300!Eldorado] [Suspect.DoubleExtension-zippwd-15] [Heur.Dual.Extensions] [HEUR_NAMETRICK.A] [BehavesLike.Backdoor.bc] [W32/Heuristic-300!Eldorado] [Archive.Malware.FakeExt.N@susp] [FakeAlert]
0c6e703e158001e98cc9b1e2443342b1
71edd7efc0538dab7d4674593c827c39	[W32.Parite] [Troj/Ransom-BXO] [TR/Crypt.Xpack.438971] [Win32.Trojan.Inject.Auto] [Win32.Outbreak]
86611400a57536de22c6680d20fede3f	[W32/Heuristic-300!Eldorado] [Suspect.DoubleExtension-zippwd-15] [Win32.Trojan.Inject.Auto] [Heur.Dual.Extensions] [HEUR_NAMETRICK.A] [Troj/Ransom-BXO] [W32/Heuristic-300!Eldorado] [Archive.Malware.FakeExt.N@susp] [Win32.Outbreak] [FakeAlert]
4747d012e18f5e7a2949e894de5feee0	[W32/Heuristic-300!Eldorado] [Suspect.DoubleExtension-zippwd-15] [Heur.Dual.Extensions] [HEUR_NAMETRICK.A] [BehavesLike.PWSZbot.bc] [W32/Heuristic-300!Eldorado] [FakeAlert]

Whois

Property	Value
NameServer	dns3.ahmia.fi
Created	2012-10-09 00:00:00
Changed	2014-08-23 00:00:00
Expires	2015-10-09 00:00:00

DNS Resolutions

Date	IP Address
2015-01-30	82.130.26.27 (ClassC)
2019-04-09	194.150.168.74 (ClassC)
2025-06-06	91.232.155.81 (ClassC)

Port 80

Port 443

View on OTX | View on ThreatMiner

Data with thanks to AlienVault OTX, VirusTotal, Malwr and others. [Sitemap]