malware.wicar.org
GRIDFURY-AS, US

Seen 10660+ times between August 15th, 2017 and September 19th, 2024.

---

Direct hits
Summary of pages hosted on this domain

IPs 2607:ff18:80::615 | 9583x 208.94.116.21 | 495x 2607:ff18:80:6::6a08 | 31x 208.94.116.246 | 4x

Domains malware.wicar.org | 10127x

Recent scans (10000 total) Show all

	URL	Age	Size		IPs
	malware.wicar.org/data/ms14_064_ole_xp.html	8 hours	3 KB	2	1	1
	malware.wicar.org/data/ms14_064_ole_not_xp.html	15 days	4 KB	2	1	1
	malware.wicar.org/data/eicar.com	17 days		1	1	1
	malware.wicar.org/data/eicar.com	17 days		1	1	1
	malware.wicar.org/data/ms14_064_ole_xp.html	2 months	3 KB	2	1	1

Incoming hits
Summary of pages that talked to this domain

ASNs AS27647 | 639x AS31898 | 3x AS33517 | 3x AS9340 | 2x AS59447 | 1x

IPs 199.34.228.69 | 641x 172.67.221.245 | 6x 168.138.216.227 | 3x 216.146.39.125 | 3x 117.54.5.10 | 2x 2606:4700:3030::ac43:ddf5 | 2x 2606:4700:3032::6815:2e06 | 2x 107.150.171.10 | 1x

Domains www.wicar.org | 641x www.troyhunt.com | 10x malwaretest.broke-it.net | 4x dev.klinikmatanusantara.com | 2x france.dyndns.tv | 2x www.kljb-maitenbeth.de | 1x

Countries US | 643x JP | 3x ID | 2x

Recent scans (660 total) Show all

	URL	Age	Size		IPs
	www.wicar.org/test-malware.html	16 days	680 KB	27	10	2
	www.wicar.org/test-malware.html	a month	679 KB	26	8	1
	www.wicar.org/test-malware.html	a month	678 KB	26	10	2
	www.wicar.org/test-malware.html	a month	678 KB	26	9	1
	www.wicar.org/test-malware.html	2 months	678 KB	26	10	2

Recent screenshots
Screenshots of pages hosted on this domain

Related infrastructure
Summary of infrastructure which pages hosted on this domain frequently talked to

IPs 2607:ff18:80::615 | 9583x 208.94.116.21 | 495x 2607:ff18:80:6::6a08 | 31x 208.94.116.246 | 4x

Domains malware.wicar.org | 10127x

Recently observed hostnames on 'malware.wicar.org'
Searching for newly observed domains and hostnames is possible on our urlscan Pro platform.

malware.wicar.org | 2017-03-16

Attention: These domains and hostnames were discovered through Certificate Transparency (CT) Logs and have been irrevocably published as part of the public record. There is no mechanism for us or anyone else to remove this information from the Internet.

Related screenshots
Screenshots of pages that talked to this domain

DNS recordsRetrieved via DNS ANY query

CNAME

wicarmalware.nfshost.com

Registration information

Created	November 7th, 2012
Updated	June 22nd, 2024
Registrar	PDR Ltd. d/b/a PublicDomainRegistry.com

WHOIS for malware.wicar.org

Domain Name: WICAR.ORG
Registry Domain ID: Not Available From Registry
Registrar WHOIS Server: whois.publicdomainregistry.com
Registrar URL: www.publicdomainregistry.com
Updated Date: 2024-06-22T04:50:41Z
Creation Date: 2012-11-07T04:14:52Z
Registrar Registration Expiration Date: 2025-11-07T04:14:52Z
Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
Registrar IANA ID: 303
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: Patrick Webster
Registrant Organization: Martello Holdings Pty Ltd
Registrant Street: PO Box 101   
Registrant City: Concord
Registrant State/Province: NSW
Registrant Postal Code: 2137
Registrant Country: AU
Registrant Phone: +61.0404139246
Registrant Phone Ext: 
Registrant Fax: 
Registrant Fax Ext: 
Registrant Email: patrick@aushack.com
Registry Admin ID: Not Available From Registry
Admin Name: Patrick Webster
Admin Organization: Martello Holdings Pty Ltd
Admin Street: PO Box 101  
Admin City: Concord
Admin State/Province: NSW
Admin Postal Code: 2137
Admin Country: AU
Admin Phone: +61.0404139246
Admin Phone Ext: 
Admin Fax: 
Admin Fax Ext: 
Admin Email: patrick@aushack.com
Registry Tech ID: Not Available From Registry
Tech Name: Patrick Webster
Tech Organization: Martello Holdings Pty Ltd
Tech Street: PO Box 101  
Tech City: Concord
Tech State/Province: NSW
Tech Postal Code: 2137
Tech Country: AU
Tech Phone: +61.0404139246
Tech Phone Ext: 
Tech Fax: 
Tech Fax Ext: 
Tech Email: patrick@aushack.com
Name Server: ns.phx4.nearlyfreespeech.net
Name Server: ns.phx5.nearlyfreespeech.net
DNSSEC: Unsigned
Registrar Abuse Contact Email: abuse-contact@publicdomainregistry.com
Registrar Abuse Contact Phone: +1.2013775952
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2024-09-19T09:38:28Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

Registration Service Provided By: 

The data in this whois database is provided to you for information purposes 
only, that is, to assist you in obtaining information about or related to a 
domain name registration record. We make this information available "as is",
and do not guarantee its accuracy. By submitting a whois query, you agree 
that you will use this data only for lawful purposes and that, under no 
circumstances will you use this data to: 
(1) enable high volume, automated, electronic processes that stress or load 
this whois database system providing you this information; or 
(2) allow, enable, or otherwise support the transmission of mass unsolicited, 
commercial advertising or solicitations via direct mail, electronic mail, or 
by telephone. 
The compilation, repackaging, dissemination or other use of this data is 
expressly prohibited without prior written consent from us. The Registrar of 
record is PDR Ltd. d/b/a PublicDomainRegistry.com. 
We reserve the right to modify these terms at any time. 
By submitting this query, you agree to abide by these terms.