» a.birdle.xyz
Overview
Analysis
IPs Addresses (3)
Downloads (3)
Network (2)

a.birdle.xyz

Domain Information

Server location:

Oregon, United States (US)

ASN:

AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:

Scanner detections:

Malware distribution (100% detected)

Scan engine

Details

Detections

Reason Heuristics

Threat.Win.Reputation.IMP

100.00%

The domain a.birdle.xyz has been seen to resolve to the following 3 IP addresses.

ec2-52-27-128-62.us-west-2.compute.amazonaws.com

November 7, 2015

ec2-52-27-128-59.us-west-2.compute.amazonaws.com

November 7, 2015

ec2-52-27-128-56.us-west-2.compute.amazonaws.com

November 7, 2015

File downloads found at URLs served by a.birdle.xyz.

1 / 68 (Malware)

http://a.birdle.xyz/hp/?q=9I2XTAWKHfeti34567S/Ksr1qixAp0JAOSoinPTsVuZsHbT6UCgiJ3qlSNYNBhUUD5I3Y2bETp2WNdcfoeqy7KQnWK4iB3u57C0PnqTa8iZw4YnbqJzMSPJgO0Zg1JD831cgAZOO5hCuU8UpUVVKOtYCgXfbxnRKsmreKSsh30tS3LSCdpntVAJTMfz5O0tstDuvrp9qxyZG u3bubxPZhvriJIY/2 I/6goCdKQK/9FiXJfFVvddRiZGNk2fuwQZY08nHZ8mAVVf5/m w5Wa4Vi4yTaZ5e4tQq /84LkKstPUgsNcrd/YeDaNOE4Ix9fLp5hbe9wcKTL03kscLM5n8Vi5X2cwVXrf44IiXvD/xjzAlqrIF0Jfw3hqnAt0OJ2CTRwLm H4FapNU1y3JpzhD0HlqFnzQPjhlD17WoksiaIcX9oiOrQ8OwTy6zx5Ug n5FNT1eTLEVWXEBQTGxFxXgGTOBm2bLDR/rUcwqaPUzvFUHyCCFvqbQDaRuuRDpyrTRDqiKWP64TFQhJ9uQU8yFf1d5v/.../&external_id=1435546600311776908 (userkey.psw windows 7 mediafire.exe)

1 / 68 (Malware)

http://a.birdle.xyz/hp/?q=Cp7P2qobhQ6XsKEG xnC2w/Mt6yo8agm1PQejiYx3smD/MPSMaaH8u v7BY p5/QOyswtsQSmu6kURDkJk4sQOJEohAbdAUtfTGPqv46NW5Ccnz6EpxR7Aq1Nw38fbWgxWvXr4pmY3SRC8CiULuGyezZxWvVJ6wis2IXJxHhdW3M iSvgDee1GulcTDbD5A/.../2HkZJE0YfPTeVSQYrPJY9wmzcWGcxlVnFwfFhJo 22EZ4VLpAKmVMJFgB4OPSKhrcJwUDy210OhFTSyMhmYsfFbYrzo96xw2SNlHLve0yRcCB5 w&external_id=1435546411943694481 (d3d-sf-free.rar.exe)

1 / 68 (Malware)

http://a.birdle.xyz/hp/?q=5pLnkDzuab4UW89/XZIYBTJareF4fnyXkJRYiNVSezvO9nBoFveh9cRXybAyU06GI 9eDitIsYhKRlySqQb5vR1wnkQiZhY9Y8GQNLkH8SMzXgls3ciW6hlX7JohByfRLhbIbvr601OJAUrbR2yWpU/CxcVEuQcf74LBgWBjVHbf8lcPzK Y7rpoo9J5zSFOw63ChsGano5vh5htKRQqd/FGMH/kCJ0bsPf4cNNMrLfNFmOjzVjNq8J9rQUf3M04gJMA2 UfRQrRWu2T5 QblzrTOdvKaTD4QDAzTv3L0iBE7cRkIvaPyafjhU9HT1vhGPSOEr77N3JWhP2M/6MycATDpsWd3QV8lr4LBzj6EagnKV2X2H2bkKPtocdCeVhw2XIG7A9R9k/oNhptXOiNeUnej3V1lp0eiFVX5hlV Y3h1VB6ZYMsUbEOApOEwwOqC 4MIlpXzT48yhSdywQ/3 FRlZ 7Dctg kqdncX6Gv5aUPCLbNQqghUUwTVQbbh99WnTNH/ vr5VswWdfRSa1Z6UvFRvPN/TldcSgRFRrrC7iqeLHwPkVRYNBaQfxeGUXpsF/.../B4QD2BokGyTU5y4npqg5BcNZpC0rX7SL77VtxqGMNOHJAZmhdNAJD5EphOqc2O6nEad37A1TwNH0YrtmgKZmmMW1STWzr9zNkSTmobv0dJrZ6LABRa5RFlQTvlbWRMaA85noLiC11l5RExYNr864Y6FntRuI4mq9 13El5RiJJqH3UaDjiAPF05Qa&external_id=1435554097078410979 (download.exe)

The following 2 files have been seen to comunicate with a.birdle.xyz in live environments.

TCP » 52.27.128.56:80

TCP » 52.27.128.59:80

TCP » 52.27.128.62:80

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.