home

a.operatorteam.xyz

Domain Information

Server location:
Dublin City, Ireland (IE)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
operatorteam.xyz

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Win.Reputation.IMP
90.91%

Dr.Web
Trojan.Crossrider1.40163
9.09%

F-Prot
W32/Ramnit.E
9.09%

F-Secure
Win32.Ramnit.N
9.09%

avast!
Win32:RmnDrp
9.09%

Microsoft Security Essentials
Threat.Undefined
9.09%

ESET NOD32
Win32/Ramnit.H virus
9.09%

AVG
Win32/Zbot.G
9.09%

Kaspersky
Virus.Win32.Nimnul
9.09%

Norman
Win32.Ramnit.N
9.09%

The domain a.operatorteam.xyz has been seen to resolve to the following 8 IP addresses.

31.170.178.179
June 7, 2016

185.28.193.192
192.193.28.185.gransy.com
June 7, 2016

54.72.130.67
ns1.ibspark.com
April 7, 2016

52.27.128.62
ec2-52-27-128-62.us-west-2.compute.amazonaws.com
July 16, 2015

52.27.128.59
ec2-52-27-128-59.us-west-2.compute.amazonaws.com
July 16, 2015

52.27.128.56
ec2-52-27-128-56.us-west-2.compute.amazonaws.com
July 16, 2015

52.11.167.137
ec2-52-11-167-137.us-west-2.compute.amazonaws.com
July 1, 2015

52.27.23.115
ec2-52-27-23-115.us-west-2.compute.amazonaws.com
July 1, 2015

File downloads found at URLs served by a.operatorteam.xyz.

1 / 68      (Malware)
http://a.operatorteam.xyz/hp/?q=mNNsrqohZK65Tg0123CbCu9BYaKyQDAyMXp3uvgAiFxrvAntdhXVD5VKHRTroUojeuR9QbtcrV3owcsgjhYqx3hM6VNor99nOyH977rMJlSrAcZljxUFxWegrLiseFJhRHI2X4pPw/Tmlgrqen LeJRvGp4tEvkKujbQ5tfBHGr6M2TtnAzJkd6GyDYy7M/OpuaB/dCHqsJgCZEVqtOQj6Vo6YNNPfvhXgXGVGn2mwZKHCd2lQNiJnuGaUkl PoQGjrEpHJFOnKNK K25j0Xoh/gBjd7fyGTlwe1D4JWxlVwJiqkE/ymraRpplp1mv9/.../MIj3pznomCzZphJedB7UmAYiUDGBYxBRoUdVBWdqno&external_id=1435588727605062958  (kmspico 10.exe)

1 / 68      (Malware)
http://a.operatorteam.xyz/hp/?q=OKjAtLm5udsLVrpnikdz/Ig/7BJxFui9xqiQwtNNL5d3svUvAOuF8aclJ72nsfmDCBOjrkpo3b90l6lJyvCgWKdadac1hRukS/wJ37FxBqCDK2X9bHVScsh4kx4F4MaHCl/mRBgVEB2hpsUqOn9V tMoyVvb6Re99M75vhVhEBT/OiYj8ty eOicmGBqK8tqUWhHVfn3JzTXANozN3penuMFwNftUv8AS4UFtu7hQUthbmY8ukX HV uo0k0pOlYqBDF/a TNq3ouQbWqQ8glkpHv6o4qRfhaNVx ogqsF4H8X7W1d6TTXiwc6 O12ugnf/Y95G5yNM4zZLtGR3eVFce8Og2TSuYrGbQJ MykSGTOW8fXT92xuozpkNMTgIYD54hF/M ZSyL55eQl/.../GR1NZimvYhL7k2&external_id=1435595189036013731  (download.exe)

1 / 68      (Malware)
http://a.operatorteam.xyz/hp/?q=iOGjhNZJXAH/jBCDWYRLi5yr82Hi ni9OED65gNNC0mC9vVrtSb08aZH0Xlrs3ywTzEjBtPxZd9n00oiXIBwMXGvtQ6tJm zVSsZsZOd9za5PhTuHBilGAaSid2qosYxSwM9Ovmzp0/APqlqpcqO p0B9P0rBazBkj8aUkjf15elieKNy4IO1MMdE64wqjcrXEczNh7X KtsnsxLdcoR0 e 0tddRmeKTa29cha9ZOAKoNY7dRjbp3jrX7GaBLY5bN2 nsWwfhiPTRZXy/c5nEmwAhz0giJk8rwXb 1OtZoP0B/.../dmVhpB4ptavasfJ3V9M5xroAjr8eDGfk4tJ4h7qc9FZnFn1RjvjZPpNSqOgZ3WVCyN&external_id=1435592182788154387  (download.exe)

1 / 68      (Malware)
http://a.operatorteam.xyz/hp/?q=f65VPIwm4YRvGfABCDNAdTGeXvok8uCbB6KyDzF6p4OS589jgBC2ZBkixv4aRe1ypi9ixJT9HBTt k6FmgiGpYK4W/9K1HcbwQC9gVrmbRUjy8M2sZR2gvBMn4Vh4kpfAMh98FP7bKJJHD4bmNIDst0 IRo8ITFCwCCnQFtcnYzmLcKx0giELU D7sfo1owND/FseEqNWbiQWVNYfI79QV/hnoXGJyZaTe3iAWp0qNUy0vRr Rb5fE5pbgLgtaKzsHH7b0 JFxN2J xBuAJR xkWI/.../KW8flB4N izkLm7zLpaBAZtS6LRs9tPzGbu4MHCnWuBawX3gseeODVZ0EUubbEJT4Vg59s0ILxrE7WWleYju2FSY3M6DA7cwSXP7YBBDTe 3Hb2TSvvJZYDgLNgwXO QBY4M&external_id=1435596178194757638  (the vampire diaries.exe)

1 / 68      (Malware)
http://a.operatorteam.xyz/hp/?q=niEmlS2WYGDBhtvqom2SxymIzGImtqFOq/uhc7ftuziISMobrjjVIxGYWlm4VjUrrWRHDKvoMbYg5kRJx/Tutd0ya/VEgxEPNpYYYOwmXC9tmfKUidaSsTK3JwkiFEyXJu6CZ2DLbFDJZgdU5/MnrZ d3MezA9ql9FPjFqF0R5Zg2m235liuzjxBCcsy3lUYF47MpyOEVf00Cy95/.../0s86wmu8nYWzvrd9janqtM6wJxnJJoNOfJmtD5155HY6jaSH vUyt0Ns0yqWJbn NgmeXy1d7Z0EavbeQjzF8jtS5EgEZxmx IjnXBNsmF1bXyi2nF4q t29p2FPzo3&external_id=1435590941322358196  (hotstar.exe)

9 / 68      (Infected)
http://a.operatorteam.xyz/hp/?q=2D4TNT5StSoRZTVNPRxw71wtqIs4NMxKXgj4C6q 24jVKB3gOU464CHqybTdP9nCDwaIKMov8Y4TA/aDpJHy347AZpYdP6WIcfPFMceQMI4fc2MFapVdrR7hELx/jEehraGY9nwYU6iGMgCF7qy67x3mgeJglK8jW2w895Y4ojvdPt42dmLKziRPG8LarK02344ePG/VQEjrYzm9hpBP4jSHhjukXl1oiQ45bi7F7kKcgcp0G2ynIp072wxc2Ucsxdq9Tsz10CnRlGffz7UREQP9wI2bAOO4fm230F/.../K4Gboia954Yl8Biayql R&external_id=1435589379672786812  (download.exe)

1 / 68      (Malware)
http://a.operatorteam.xyz/hp/?q=u/EmlYlda/2MF56789MficfB/EBt/jvwzmw2Af4lBSorfDAPO8 aFjvKTTCjcb9YQeTD3ZH1cSfuQpCbJIcAa0RLul7VBQG9Kwk/.../9Eox8heCQT 50sbKgwLEc6CHd7MrbYgs7GRbfJ65kGtsmD9j0ZwlL29oCeVD&external_id=1435594540442388049  (fully_cracked.exe)

1 / 68      (Malware)
http://a.operatorteam.xyz/hp/?q=KvYGAZ06269tF89/.../R 5GWiS97Awm7LJRFjlHvCMVtvyp9yd7uG3eqmIVlshC&external_id=1435594909472719559  (q_param_here.exe)

1 / 68      (Malware)
http://a.operatorteam.xyz/hp/?q=SxhCWpnbV8BwC/XZTVEzufa1Tb35rkpgrDtCfQzLt3DwQ7StpAAWhNBo0DK8id2xQrsZoAqjLW4PbJIW55n8FzzOPCaDP/HI2Vs3vToQor6hJw5r8vMcLn7QxMNg1twqM2gD LcQeWPA1lc4rSFNd7prM26jhXV/vHEHagKA5d35LkIkn W9zqoIsJGPoy3A45s3hhDjVfDjRaPpDivEryevFPCJLTnaitfO2wQHDMOOK/NLAmwM7iEjQxxRWFOLMnTxtnpdeCVmBlJIewE3sy7WgGHl7Y2A4DrHiH2ENjoyJIx/.../&external_id=1435592957903689491  (hotstar.exe)

1 / 68      (Malware)
http://a.operatorteam.xyz/hp/?q=SxhCWpnbV8BwC/XZTVEzufa1Tb35rkpgrDtCfQzLt3DwQ7StpAAWhNBo0DK8id2xQrsZoAqjLW4PbJIW55n8FzzOPCaDP/HI2Vs3vToQor6hJw5r8vMcLn7QxMNg1twqM2gD LcQeWPA1lc4rSFNd7prM26jhXV/vHEHagKA5d35LkIkn W9zqoIsJGPoy3A45s3hhDjVfDjRaPpDivEryevFPCJLTnaitfO2wQHDMOOK/NLAmwM7iEjQxxRWFOLMnTxtnpdeCVmBlJIewE3sy7WgGHl7Y2A4DrHiH2ENjoyJIx/.../&external_id=1435592957903689491  (hotstar.exe)

1 / 68      (Malware)
http://a.operatorteam.xyz/hp/?q=Y/vcGedCMCUAxMOQIKsakQq96Mo08/fdU0ovRDMw2sPmV jhYdz0khtbH4yFsd0GCvpY3EjIqecTRFyVoRQ4W7P/HeUVHQ7mZl0jL6s45niFd6f3EwU/2tf1kjVdYGXUCgSzZULMMbcEcJnSBuCJWnwrFXIyucthpwKpvEzPNMaI1LIF/GCetqg176PtWraPZopRaC9wlDsRLCaAcn E2ytCTLFtjTS1/gBQRexwRuJ6U19FERipsXSs5ZMAWQCXX9b0Qd/ZdhPSQtpTsulotSv5Ta4ZFFxMlxOgySSU6gxGLHmNUX/EjP87k02PzoKoqvM9242nkshLOINRUC8aRHDf4cGRU98gPvc/x14rY9N7OwnwnmrXAE/.../S65jZzBgRWPPHU9ThX1I6aqE YiLOro6&external_id=1435591443530645959  (teamviewer_setup-ioh.exe)

The following 163 files have been seen to comunicate with a.operatorteam.xyz in live environments.

TCP » 54.72.130.67:80
simplefilesupdater.exe (SimpleFiles Application by http://simple-files.com/)

TCP » 54.72.130.67:80
yourfileupdater.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80
uninstall12590625.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80
uninstall5322109.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80
yourfileupdater.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80
uninstall190602.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80
yourfileupdater.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80
googleupdate.exe

TCP » 54.72.130.67:80
browserserver.exe

TCP » 54.72.130.67:80
sm.exe (System Monitor)

TCP » 54.72.130.67:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.72.130.67:80
uninstall129231.exe (SimpleFiles Application by http://simple-files.com/)

TCP » 185.28.193.192:80
mdquickyksvc.exe (ModenQuick Service by PT. USENET)

TCP » 185.28.193.192:80
mdruyksvc.exe (ModernRu Service by PT. USENET)

TCP » 54.72.130.67:80
sfupdater.exe (SimpleFiles Application by http://simple-files.com/)

TCP » 54.72.130.67:80
kometa.exe (Kometa by @COMPANY_FULLNAME@)

TCP » 54.72.130.67:80
TBNotifier.exe (Ask TBNotifier by APN)

TCP » 54.72.130.67:80
pepperzip.exe

TCP » 54.72.130.67:80
internetenhancer.exe (Internet Enhancer)

TCP » 54.72.130.67:80
ssn.exe (ssn)

 
Latest 20 of 179 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.