Dear Sir/Madam,
In the last 48 hours through a fishing wave a new hazardous Cryptolocker starts to attack Turkish users. I hereby present related fake URL addresses, IP blocks and screen shots. Related fatal is added to Comodo forum and our automatic analysis system.
Please see below the detected fake URL addresses onwards attacks:
xxxx://turkcell1.com/f7a9qs7o.php?id=bmF6QGdva2NlLmF2LnRy
xxxx://iturkcell.net/u9j7rphw.php?id=Z29ya2VtLmdva2NlQGdva2NlLmF2LnRy
xxxx://turkcell24.net/klqxm94b.php?id=a3VicmEuY2VsaWtAaGl0aXRndW1ydWsuY29t
xxxx://turkcell-efatura.com/dbnugka.php?id=Ym9yYUBnb2tjZS5hdi50cg==
xxxx://companytutorial.com
xxxx://mycapitalinbox.net
xxxx://e-turkcell.net
xxxx://turkcell1.com
xxxx://iturkcell.net
xxxx://turkcell-efatura.com
xxxx://turkcell24.net
xxxx://turkcell-odeme.net
xxxx://firsttutorial.net
xxxx://listmail-guru.com
xxxx://turkcell24.org
xxxx://letterbusiness.com
xxxx://business-letterpro.com
Domain Info:
Domain Name: TURKCELL1.COM
Registrar: REGISTRAR OF DOMAIN NAMES REG.RU LLC
Sponsoring Registrar IANA ID: 1606
Whois Server: whois.reg.ru
Referral URL: http://www.reg.ru
Name Server: NS1.REG.RU
Name Server: NS2.REG.RU
Updated Date: 25-jun-2015
Creation Date: 25-jun-2015
Expiration Date: 25-jun-2016
Domain Name: turkcell-odeme.com
Domain idn name: turkcell-odeme.com
Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Registry Domain ID:
Registrar WHOIS Server: whois.reg.ru
Registrar URL: https://www.reg.com/
Registrar URL: https://www.reg.ru/
Registrar URL: https://www.reg.ua/
Updated Date: 2015-06-29
Creation Date: 2015-06-29T14:29:47Z
Registrar Registration Expiration Date: 2016-06-29
Best Regards,
Sarpkan TEKALEV
Technical Support Specialist
GeekBuddy Turkey