» a.birdieu.xyz
Overview
Analysis
IPs Addresses (7)
Downloads (4)
Network (23)

a.birdieu.xyz

Domain Information

Server location:

Oregon, United States (US)

ASN:

AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:

Scanner detections:

Malware distribution (75% detected)

Scan engine

Details

Detections

Reason Heuristics

Threat.Win.Reputation.IMP

100.00%

The domain a.birdieu.xyz has been seen to resolve to the following 7 IP addresses.

192.193.28.185.gransy.com

August 26, 2016

August 26, 2016

ec2-52-27-128-56.us-west-2.compute.amazonaws.com

February 11, 2016

ec2-52-27-128-62.us-west-2.compute.amazonaws.com

February 11, 2016

ec2-52-27-128-59.us-west-2.compute.amazonaws.com

February 11, 2016

ec2-52-26-142-209.us-west-2.compute.amazonaws.com

June 30, 2015

ec2-52-11-167-137.us-west-2.compute.amazonaws.com

June 30, 2015

File downloads found at URLs served by a.birdieu.xyz.

1 / 68 (Malware)

http://a.birdieu.xyz/hp/?q=LEu2Fbwskm76KdefABTWFG6QhMVXPCBIPgc4pFMG9/lKBmsxkykbrEA0WZM00R81Z0k2ejup02WC6tp7hAbZtE0G0H4E1Fh5kRdRafkmtSjRyCb/QbtBJfuItKtkNl4tFfyAbSzqH leGKhMMCgCIa0j1Vt fZpnAIkmhkO6Wo6bATs7L8NiIcvaKZz9NBUTYeoLnPMzHl6maG0K907pKRBg3HdPpcU2EdtSm/y4PtHJFLQO1bejOazI1GwA3iKi9ul5ghr3TGBVWTXXIs7n2ufySD19 CTb9UkYptWNoYzhOd5rLBSbZsB7TkDuxDe02L/gmPMRxQai6ZIY2zww0/K0JhABH113Lbn9TPg4JogDCYtCtT/nBMCsvWHBs888crShFTF4S6Y/Jy/uYeoFGCcsxv6mNCh7jZ6QdKWhyny5CMhlx53bUM c1bsy1JS5OzHLUuO69r1y7aQaSV6ziwTMoEA6CG4us/gxcuNdRWPCp6 tW xKy7oMfxR4kBlCsYqHr4RvXlk4It6/Hb8TaioqurJ5Atj/EysNUpbDWE hlzisOjxZuJRRwabshmRukrtS4GKRxeQ8uJwvPyVx8f24R6inzHEhIPpEx1dt6xgXdlRf7Or5OyxsuWD6u/7qkyknHTZt MdzZ16/Uw zcyhs5ebRuNZlqAwwsbyT cWFqUlosPh5Fq2ceiaIG8ZXIFVYd2EOoLdgXsNnEmZtQRR wKDU8LixlhYkCInPVCcI6iStiG0/.../ANzuff2amIBRyROxTSYhWSt0NoKtB2hqpv2lF rg3OPIlZ2N2ELiuctlQe3TcR1 CbEbYKJnE0P9HW2cOOrh8w9gsuQdtwdk&external_id=1435538789473341938 (microsoft office 2010 2010.exe)

0 / 68

http://a.birdieu.xyz/hp/?q=GAhCWpnbOGbc8ikg01AwzAnPPOfWY3Fjz2251y8cdmF235L8pnzfqey6nmz88wDVUb1YW24a5BvQZiEOsyDdWqGB8hDnjoi9d/nlgPVQVb2fuGgdRHBuTE51fmKxpKS9DBNfZJ3m1j9mNpjwgD9OaAYhfa37HJursYXpyuP9xI4fnUVF/tbOLZs2POA5/tOWjOmu9LvC6teb/Oz5zTxK6EgbXnslQQpgljfbCd8ycEI6xrWDtEqNBcMh1Bhd1ZRH1/u2EQos21VvTDzjnkXMFitrojCc5oa/v2E61N8mqCU/GobaTAwwWYiecIAZvWEzm391ELvJ3VZy sqWghvsY0FPwoeDi7QvQWoxdwJw5GdQu0hQC0F9AVxKaFZljxGuS0XJgaMpxPtJheDjy0vUE6rmiFyFs4os d/etCpj8ctSigMLICRyVoAf5XFPM09tV7HEnOkeKBYsg1/67Fp7iE04MfzKWa6cNdcAVmreyJq8z0o0YKtDzzBR3R/d 9QdaK8xhSgmOhePuJQ9H84d5pdh5TjopjaJQ B3Z/uiUEm0nsX3H2 kDKhOZbyTJmLyNQRag/p0t9OBsBKcafV2TWQJKa9F/KpoazwxgEn/5tBg6Znt2va2wO4nrt1pVI8r2KoFz7Y0 oTkw/jxnpy5Csm7NSkeGQy3qBXHhAx2PJ2cBmWqoNB6ofaFnMTq2mcydrOeyoyTEOBOxsIXoSK3wtdJPeBhvwGOzYhd/eBUuOsSFd9Vbd4M1sdk52VIW3dO SEzkHD5P4u3zyu3fpokTeAjYZt5OpfHpZRMqQiVJDiZv6rrJKRXNAZKfogpPp0TCvyandTktYUaz C/SEcMtNKuZAVq0aaVvLRdbqqb2/FGxSuccwk/.../IZDAI91G9m8MvZmFXhff OHPJSKuKhyW3mY0TG1JJAE3EtyLJPBB80cmM9T (battletoads_in_battlemaniacs.7z)

1 / 68 (Malware)

http://a.birdieu.xyz/hp/?q=ki2XTAXK0Np4Nqomjl4uWqkFN2jXGpH1I 81kCygS0pnz Mqrsw1zulw89wKBk5qyrcQH47kl9FX9t3m20EUjCO26yMQR6VjRFBGzYJofziLvt2HycPFINNzZeJSrUqN KFsb41TILUwm3z8opMe8UqHMRtfX7ShtVbbA5eOHWsmaCU6Ecns4zoj6418OlmfcHqEw49dCHjBjSsXNxdXk9Wte3uFpRFOJFqiaaRamn/jW56f/.../npJpRvq3AprkFY4LEEpuISULeD13GeYh7JI7lEHaDhNJ6ntvXT&external_id=1435538149202162260 (sheppard.exe)

1 / 68 (Malware)

http://a.birdieu.xyz/hp/?q=BSr3Hf6TFJZRuJLFHwoBMqpcLzFR/ChQgCfplNW00ZNd913K7LJJlTeXbmRAP6W8WRHIkpO6ooAvu5g2pCalJPg2nFGUFJxI8HXyCPSrodeRT0F8F1XyQAr38VU3DktegkMcVelN5lnbKdrr0Z8lXcJez0naYV8naSpIiB9JfwrFRC8s/fxRwOM9P1zNCG7Mn3cVzH6 rv0RmL3x5Vtiuq9n/okesxb4IWox9AORpa5cm/wF0/xB91GPmcz82E15Ph8a4G6ZeRhNrk04zSioj9Z8hWJIF0558DsboH9FiwSuu5xuRy8tVSgptX6PBWdi18N5D2U3TgB7katWDjWPdprLvdm qKPCMSWP/XwkDhSJrSaS/ 8VU4ZH9yZPpB1oAwox7IlJL4UzaPbUPs2R1x9EF95FOWvgMHeQb5DFpIBnvqiHNYmsL2tjNtdrZfXF4PNaJpcFFYBwYzXlFzkA hXGOg7zv0aYN1e Eqd0Wjp2ZBthBSLl6v5qRUfcncgnjdJSLDplidaS5nPki42GFEoKNdaX1mZvbFDIBN4N48ySTrMEH0BVNBPiI53f8aswLD6ks6QS2fWd6ra5vq5w2StsL81MY1DI64 pBGZ6Es512DUmmev2/11n/.../fn5S893GlYrZmCDw3cbLUALx6RMhnXkytKTHznjPDP4S8KSYec4w14oaEAt&external_id=1435540685901929722 (lightworks 12.0.2.exe)

The following 23 files have been seen to comunicate with a.birdieu.xyz in live environments.

TCP » 185.28.193.192:80

mdquickyksvc.exe (ModenQuick Service by PT. USENET)

TCP » 185.28.193.192:80

mdruyksvc.exe (ModernRu Service by PT. USENET)

TCP » 185.28.193.192:80

winmbskillssvc.exe (MobinSkills Service by PT.USENET)

TCP » 185.28.193.192:80

triggerlogs.exe

TCP » 185.28.193.192:80

TCP » 185.28.193.192:80

citrio.exe (Citrio by CatalinaGroup)

TCP » 185.28.193.192:80

winmbtuscasvc.exe (MobinTusca Service by PT.USENET)

TCP » 185.28.193.192:80

online-guardian-v2.0.9.exe

TCP » 185.28.193.192:80

Downloader.exe (Downloader)

TCP » 185.28.193.192:80

onlineguardian-v2.exe

TCP » 185.28.193.192:80

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 185.28.193.192:80

d9re-markablep23.exe

TCP » 185.28.193.192:80

winzillsvc.exe (ModenZill Service by PT.USENET)

TCP » 185.28.193.192:80

online-guardian.exe

TCP » 185.28.193.192:80

online-guardian-v2.exe

TCP » 185.28.193.192:80

update.exe (by Winner Updater Solutions)

TCP » 185.28.193.192:80

windilandsvc.exe (ModinLand Service by PT.USENET)

TCP » 185.28.193.192:80

windihepssvc.exe (ModinHeps Service by PT.USENET)

TCP » 185.28.193.192:80

windimixsvc.exe (ModinMix Service by PT.USENET)

TCP » 185.28.193.192:8000

buool.exe (LgGJSHMt)

Latest 20 of 25 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.