Domain > shampooherbal.com

More information on this domain is in AlienVault OTX

Is this malicious?

Reports

http://www.malware-traffic-analysis.net/2016/03/18...

https://otx.alienvault.com/pulse/56ec8aff4637f2285...

http://www.malware-traffic-analysis.net/2016/03/18...

https://ransomwaretracker.abuse.ch/downloads/RW_UR...

Files that talk to shampooherbal.com

MD5	A/V
6f03af67277b572c1ccbe5d9bf72e22e	[Ransom.TeslaCrypt] [BehavesLike.Win32.VirRansom.fc] [W32/Kryptik.ERHM!tr]
61465a74eba9183c022445de41f7a144	[HW32.Packed.EB81] [Ransom.TeslaCrypt] [Suspicious.Cloud.5] [Ransom_LOCKY.AP] [Trojan-Ransom.Win32.Bitman.syh] [Ransom_LOCKY.AP] [BehavesLike.Win32.VirRansom.fc] [TR/AD.TeslaCrypt.Y.431] [Win32.Trojan.Raas.Auto] [W32/Kryptik.ERHM!tr] [Ransom_r.Q]
bf0c8086d1fdec1704070e35ca845b06	[HW32.Packed.92D0] [Win32.Trojan.Kryptik.qc] [Suspicious.Cloud] [Trojan.Win32.Ranosm.215304[h]] [Win32.Trojan.Inject.Auto]
ec7cc7e76b217ca41ccbeedfdcd52e63	[Win32.Trojan.WisdomEyes.151026.9950.9997]
e522bfbce4d10eb94d54026cf8843e96	[HW32.Packed.632F] [Ransom.TeslaCrypt] [Win32.Trojan.WisdomEyes.151026.9950.9983] [Suspicious.Cloud.5] [Win32.Trojan.Raas.Auto] [BehavesLike.Win32.VirRansom.fc] [TR/AD.TeslaCrypt.Y.432] [Trojan/Win32.Teslacrypt]
a165ccca8b3af62e376de298f95ac1c2
0813d7d89b8a451aa29ae0ecfd77221f	[Ransom.TeslaCrypt] [Win32.Trojan.Kryptik.qb] [Win32/Filecoder.TeslaCrypt.K] [Win32.Trojan.Filelocker.Dkt]
576843410270ed36335d3aacf0564107	[HW32.Packed.7A43] [Ransomware-FGW!F88022E28D6C] [Ransom.TeslaCrypt] [Ransom_.C2E94461] [Trojan-Ransom.Win32.Bitman.tgx] [Ransom_.C2E94461] [Trojan.Mikey.D826A] [W32/Kryptik.ERLK!tr] [Ransom_r.Q]
485f51a05a662cbba15844735e115170	[HW32.Packed.6592] [Trojan.Crypt.KW] [Ransom.TeslaCrypt] [Trojan.Crypt.KW] [Win32.Trojan.Kryptik.qc] [W32.IRCBot.NG] [Ransom_CRYPTESLA.YKA] [Trojan-Ransom.Win32.Bitman.thr] [Trojan.Win32.Ranosm.215304[h]] [Uds.Dangerousobject.Multi!c] [Win32.Trojan.Kryptik.Pctb] [Trojan.Crypt.KW] [Trojan.Crypt.KW] [Trojan.AVKill.60586] [Ransom_CRYPTESLA.YKA] [BehavesLike.Win32.PWSZbot.dh] [W32/Trojan.AOQI-6889] [TR/Crypt.Xpack.434496] [Trojan[Ransom]/Win32.Bitman] [Trojan.Crypt.KW] [Trojan/Win32.Teslacrypt] [Trojan.Crypt.KW] [Trojan.Win32.Crypt] [W32/Kryptik.ERLT!tr] [Crypt5.AQBK]
056b6e039677bea230b470b001fe5b44
c7c8f1ce94f5abb71857f88b049ea1fe	[Ransom.TeslaCrypt] [Win32.Trojan.WisdomEyes.151026.9950.9998] [Trojan.AVKill.60585] [TR/Crypt.Xpack.435323] [Trojan/Win32.Teslacrypt]
643f88f2a0616be6f4226c623fbf0e7b	[HW32.Packed.7731] [Suspect-AN!643F88F2A061] [Win32.Trojan.WisdomEyes.151026.9950.9999] [Suspicious.Cloud.5] [BehavesLike.Win32.Virut.fc]
778ecc620c2fbea260c7c2c1ec15b387	[Artemis!778ECC620C2F] [Ransom.TeslaCrypt] [Win32.Trojan.WisdomEyes.151026.9950.9972] [Win32/Filecoder.TeslaCrypt.K] [Trojan.AVKill.60596] [BehavesLike.Win32.Downloader.gh] [TR/Crypt.Xpack.434809] [Trojan.Graftor.D4336C] [Trojan/Win32.Teslacrypt] [Trojan:Win32/Dynamer!ac] [FileCryptor.IQJ]
194023b9311b7a58e27bb4ffa3a78456	[Win32.Trojan.WisdomEyes.151026.9950.9964] [Trojan/Win32.Teslacrypt]
8feaefdba3f88f8c62feea0a410ff887	[Ransom.TeslaCrypt] [Win32.Trojan.WisdomEyes.151026.9950.9992] [Win32/Filecoder.TeslaCrypt.K] [Trojan.Win32.Yakes.phbj] [Trojan.Win32.U.TeslaCrypt.414628[h]] [Artemis!Trojan] [Trojan/Win32.Teslacrypt] [Artemis!8FEAEFDBA3F8] [Win32.Trojan.Filelocker.Egow] [Trojan.Win32.Filecoder]
093998d8f98531ac609eee69d8645380	[HW32.Packed.3A17] [Trojan.Crypt.KW] [Ransom.TeslaCrypt] [Win32.Trojan.Kryptik.qc] [W32.IRCBot.NG] [Ransom_CRYPTESLA.YKA] [Trojan-Ransom.Win32.Bitman.thp] [Trojan.Crypt.KW] [Trojan.Win32.Ranosm.215304[h]] [Uds.Dangerousobject.Multi!c] [Trojan.Crypt.KW] [Trojan.Crypt.KW] [Trojan.AVKill.60586] [Ransom_CRYPTESLA.YKA] [BehavesLike.Win32.PWSZbot.dh] [TR/Crypt.Xpack.434496] [Trojan[Ransom]/Win32.Bitman] [Trojan.Crypt.KW] [Trojan/Win32.Teslacrypt] [Trojan.Crypt.KW] [Win32.Trojan.Inject.Auto] [Trojan.Win32.Crypt] [W32/Kryptik.ERLT!tr] [Crypt5.AQBK]
8bd9598dbc54f7dd6683ff78c0b2183d	[Win32.Trojan.WisdomEyes.151026.9950.9999] [Trojan/Win32.Teslacrypt]
19e72973308f8346c3dc5684ec8f9ce8	[Win32.Trojan.WisdomEyes.151026.9950.9995]
63384347ea7cf0c0dfc35490fba29ed8	[Artemis!63384347EA7C] [Ransom.TeslaCrypt] [Win32.Trojan.WisdomEyes.151026.9950.9995] [Trojan.Cryptolocker.N] [Trojan.Win32.Yakes.pgxq] [Trojan.AVKill.60613] [Artemis] [TR/Crypt.Xpack.435157] [Trojan/Win32.Teslacrypt] [Win32.Trojan.Filelocker.Wlzc] [FileCryptor.IQF]
2934522366cfc9cbf1b69668ce962d6b	[Ransom_HPCRYPTESLA.SMJ9] [W32/Kryptik.EQMA!tr]

Whois

Property	Value
Email	shampooherbal.com@protecteddomainservices.com
NameServer	NS2JQZ.NAME.COM
Created	2010-11-09 00:00:00
Changed	2015-12-22 00:00:00
Expires	2016-11-09 00:00:00
Registrar	NAME.COM, INC.

DNS Resolutions

Date	IP Address
2014-11-20	198.57.244.171 (ClassC)
2015-12-05	8.5.1.58 (ClassC)
2016-03-16	104.128.239.91 (ClassC)
2016-06-21	199.59.243.120 (ClassC)
2017-01-29	204.11.56.48 (ClassC)
2018-01-31	208.91.197.46 (ClassC)
2020-05-10	5.2.87.161 (ClassC)
2020-07-31	52.213.114.86 (ClassC)
2020-10-19	23.20.239.12 (ClassC)
2020-10-23	3.223.115.185 (ClassC)
2021-12-08	3.140.170.126 (ClassC)
2021-12-08	3.13.30.100 (ClassC)
2021-12-08	3.130.106.42 (ClassC)
2021-12-08	3.142.88.123 (ClassC)
2021-12-08	3.130.159.8 (ClassC)
2021-12-08	18.223.6.186 (ClassC)
2021-12-08	3.138.218.226 (ClassC)
2021-12-08	52.15.115.237 (ClassC)
2021-12-09	3.129.144.67 (ClassC)
2021-12-09	3.136.48.51 (ClassC)
2021-12-09	3.136.82.155 (ClassC)
2021-12-09	52.14.207.16 (ClassC)
2021-12-10	52.14.108.229 (ClassC)
2021-12-10	3.141.79.18 (ClassC)
2024-07-20	3.130.253.23 (ClassC)
2024-09-13	3.19.116.195 (ClassC)
2025-01-20	3.18.7.81 (ClassC)
2025-03-09	34.205.242.146 (ClassC)
2025-03-23	18.119.154.66 (ClassC)
2025-04-02	52.71.57.184 (ClassC)
2025-04-07	54.209.32.212 (ClassC)
2025-04-22	52.86.6.113 (ClassC)
2025-04-28	3.140.13.188 (ClassC)
2025-05-01	3.130.204.160 (ClassC)
2025-05-10	54.161.222.85 (ClassC)
2025-05-23	3.94.41.167 (ClassC)
2025-06-28	44.213.46.149 (ClassC)
2025-08-01	13.216.111.180 (ClassC)

View on OTX | View on ThreatMiner

Data with thanks to AlienVault OTX, VirusTotal, Malwr and others. [Sitemap]