» a.websited.link
Overview
Analysis
IPs Addresses (2)
Downloads (2)
Network (3)

a.websited.link

Domain Information

Server location:

Oregon, United States (US)

ASN:

AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:

websited.link

Scanner detections:

Malware distribution (100% detected)

Scan engine

Details

Detections

Reason Heuristics

Threat.Win.Reputation.IMP

100.00%

McAfee

Program.MultiPlug-FXP

50.00%

avast!

Win32:Adware-gen [Adw]

50.00%

Sophos

PUA 'MultiPlug' (of type Adware)

50.00%

K7 AntiVirus

Unwanted-Program

50.00%

NANO AntiVirus

Trojan.Win32.XPACK.drdyks

50.00%

F-Prot

W32/S-3914999c

50.00%

Agnitum Outpost

PUA.MultiPlug

50.00%

AhnLab V3 Security

PUP/Win32.MultiPlug

50.00%

Vba32 AntiVirus

suspected of Heur.Malware-Cryptor.Multiplug

50.00%

ESET NOD32

Win32/Adware.MultiPlug.JR (variant)

50.00%

AVG

Generic6

50.00%

The domain a.websited.link has been seen to resolve to the following 2 IP addresses.

54.149.241.47

ec2-54-149-241-47.us-west-2.compute.amazonaws.com

May 7, 2015

54.69.228.231

ec2-54-69-228-231.us-west-2.compute.amazonaws.com

May 7, 2015

File downloads found at URLs served by a.websited.link.

1 / 68 (Malware)

http://a.websited.link/hp/?q=6BNsrqq0YtZXxRJLFHqk9gHFV0qEFTq6YAgGeWstllNM3NgiLZuixhWhMVDaJwWK5C5tLtjVX/P7cERqTiIb6grns3sbEoxk/PqMb Wl6xdDNjXJpdi5105W tdhXKdloLueGWtcgTuTMPCzGUqMQCNmUAdOMlixfqvXuNftj0hS7R/mihcJiFA2WQ6XBe7YRjoV6rL6Yd14fY35ESrezgu0L6BIvec54 O6/p8ZrQpgsdfoWAYWA/YhZXFNT/S0tDyVeM8ybKUBEbHK1yNN5T61tDoBScpg6gmCeXoZS7RKXg6eQiWcaSgLh0hZUJchJAO6X41507 DBtfIFDKXyBUZOoXv0HKmCEj3uYJfCe88EAcmUb1M7qoO5Bte14yTMnEfp0pdjBn9x1fLdvutMByOtCozWsBmQFqM/L4t5djIf6J2EkBXStj/7quJhEkmycboXgsJi43Zjbhddxpl4HNli2MHJpMqaB7mqU2v9ctlvDWirPKX68ns/h2u6I5AFAYyfjySZ526Lf4Mm KAvGC7BmIVwQ0SZzUTg1CbpQ93vA5IP9fYG6OMhZbf9oocryH4KYiDqX2Stcz0NrzUqaYMSOZHhzVeqs/L2LPFGaPAgPT9HYysX4Moo4C5NfHCZqwiUiWpQlUth2PlZX5jTqkzb6JpwexxTX2cZv126UL5wihf5W/Kmuvjs0N5fxxPNSCIRcPtpjR5jHFM00GzgUGI9aHRIoGtrvdjvW3eUEeC5k 3yX/kJLNAml8kL44J/.../ROqPKZ4vnLa9Ag 6K 4 dLelu4d2mScJrX6Hpl7&external_id=1430373528661030123&uuid=6ljrHEf0KGiYroPjSsH4BdFURWoplD8 (imo free video calls and chat for pc.exe)

12 / 68 (PUP)

http://a.websited.link/hp/?q=7rxhIySQ6cRMwysurpaJSuH39r7/HuxWDp1P5NXdjeTGaTKmvIchqOeOX K6ntTRGmJGPOCnQ5 b// atFzI3p/UDT52dlJxU9RwMNQXXHekfKfuI0QNP2xm2ZVm0FVxhzLEpn wBVvbHrQv qc5RRm82v4PFDPMlWwBpBDulb26VYCbwRgk9ihMeSVrSCoVdrfHWWnaeyZPvol/ixScALxSF1zM6yqSkfxu1jMrXO rb1CuKSEQQ3PjoLUAuH 5YZK6VZijlYi9fVxw5MLn0PRtM3dg2JLFTASSVWHyf4q/ksfB/M3jKuA2Zrcjh852TmFWPIYrkPszv MiE/M B2sc1WctfsWCses6m157vCzzDT0fCo2yd56m8YnOTpeiRUDgGHgaiV5FSekFV224EtUgfgjPmueUrTEPIXACTIwChpc6NzfvAGxiRe4ToakVT bxADjeGyDijjyIbFUbg/zg81MVphjCmeXg52D6OpQuLd6Yd1FErbwLtPWWrCqpbEmgzeX4rKtbemc8ul1XsNA62uMXDjrSOVQFOKrwLCDabR2W7EK43xj p 1LScsEAiShyMgG6RoU4dsSmocAbN8YOazxbDWkrXrqBOa4jHXRlxuqKK3qYXUnNzYEcFZWarIKkjOOxBEPu6U/ripxeqcKgMDjridvo/XuFEfTDi7kY1WNgW5JV5gNhkn qiKGzhrwc ZVBhFoR6/a0dfpds4ds16sCMsN74x6Yi OUDcWu4MBGTRjfvpmMfIvlRznI4SDTbCU0Pow0WPyN5jQb i88bwGk3V5B0aSahppaQq8tlpw4Kk8TATzosLEZRBOURacwTSSOqxJR4kXglNVJkNdbe /.../s1NiVjQ4I57P8Z8xPTaP00ShkYZ5b6551HWdO2Z1YtGiogDo6ivvu6g4MOOb7wbYBgssYrePgqitUC (skin.trade.2014.720p.web-dl.mazika2day.com.exe)

The following 3 files have been seen to comunicate with a.websited.link in live environments.

TCP » 54.149.241.47:80

papers please v1.0.41 setup.exe

TCP » 54.149.241.47:80

installer_game develop.exe

TCP » 54.69.228.231:80

download.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.