» any-unix.xyz
Overview
Analysis
IPs Addresses (9)
Downloads (19)
Network (26)

any-unix.xyz

Domain Information

Server location:

Oregon, United States (US)

ASN:

AS16509 AMAZON-02 - Amazon.com, Inc.,US

Scanner detections:

Malware distribution (100% detected)

Scan engine

Details

Detections

Reason Heuristics

Threat.Win.Reputation.IMP, PUP.InstallCore.Installer.Installer (M), PUP.WebPick.StepanRy (M)

96.88%

Emsisoft Anti-Malware

Gen:Variant.Adware.Mikey.9896, Trojan.Agent.BIMG, Gen:Variant.Adware.MPlug.33, Gen:Variant.Adware.MPLug.35, Adware.Downloader.BA

25.00%

F-Secure

Gen:Variant.Adware.Mikey, Trojan.Agent.BIMG, Gen:Variant.Adware.MPlug, Gen:Variant.Adware.MPLug, Adware.Downloader.BA, Adware.MPLug.GT

25.00%

AVG

Adware Generic_r.ABT, Adware Generic6.AACT, Adware Generic6.XOC, Adware Generic6.AACA, Adware Generic6.AABX

25.00%

MicroWorld eScan

Gen:Variant.Adware.Mikey.9896, Trojan.Agent.BIMG, Gen:Variant.Adware.MPlug.33, Gen:Variant.Adware.MPLug.35, Adware.Downloader.BA

25.00%

Bitdefender

Gen:Variant.Adware.Mikey.9896, Trojan.Agent.BIMG, Gen:Variant.Adware.MPlug.33, Gen:Variant.Adware.MPLug.35, Adware.Downloader.BA

25.00%

G Data

Gen:Variant.Adware.Mikey.9896, Trojan.Agent.BIMG, Gen:Variant.Adware.MPlug.33, Gen:Variant.Adware.MPLug.35, Adware.Downloader.BA

25.00%

AhnLab V3 Security

PUP/Win32.MultiPlug

25.00%

Vba32 AntiVirus

Heur.Malware-Cryptor.Multiplug, suspected of Heur.Malware-Cryptor.Multiplug, SScope.Adware.MultiPlug, Trojan.Badur.aemok

25.00%

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48, PE:AdWare.Win32.MPLug.b!1075357039

25.00%

Lavasoft Ad-Aware

Gen:Variant.Adware.Mikey.9896, Trojan.Agent.BIMG, Gen:Variant.Adware.MPlug.33, Gen:Variant.Adware.MPLug.35, Adware.MPLug.GT

21.88%

avast!

Win32:Adware-gen [Adw], Win32:Dropper-gen [Drp], Win32:MultiPlug-ZC [PUP], Win32:PUP-gen [PUP]

21.88%

K7 AntiVirus

Trojan , Unwanted-Program

21.88%

NANO AntiVirus

Riskware.Win32.MultiPlug.dphzdd, Riskware.Win32.MultiPlug.dqbogp, Trojan.Win32.DownLoader12.dqbfpz, Trojan.Win32.DownLoader12.dqbogu

21.88%

F-Prot

W32/S-6525aa7f, W32/S-4e2dc9a3, W32/S-18a34712, W32/S-42f8a357, W32/S-5d0572ce, W32/S-b5cfd0ac

21.88%

The domain any-unix.xyz has been seen to resolve to the following 9 IP addresses.

June 4, 2016

192.193.28.185.gransy.com

June 4, 2016

ec2-52-27-128-56.us-west-2.compute.amazonaws.com

January 31, 2016

ec2-52-27-128-62.us-west-2.compute.amazonaws.com

January 31, 2016

ec2-52-27-128-59.us-west-2.compute.amazonaws.com

January 31, 2016

ec2-52-11-167-137.us-west-2.compute.amazonaws.com

July 1, 2015

ec2-52-26-142-209.us-west-2.compute.amazonaws.com

July 1, 2015

ec2-54-69-228-231.us-west-2.compute.amazonaws.com

May 6, 2015

ec2-54-149-241-47.us-west-2.compute.amazonaws.com

May 6, 2015

File downloads found at URLs served by any-unix.xyz.

1 / 68 (Malware)

http://any-unix.xyz/v22597?self_redirect=0&product_name=Snapchat&file size=&product_title=Snapchat&installer_file_name=Snapchat&product_file_name=Snapchat.exe&product_download_url=http://cdn.bluestacks.com/public/.../BlueStacks-SplitInstaller_native.exe (5ce348241c2349caeea2e64a138e112e)

1 / 68 (Malware)

http://any-unix.xyz/download/v22597?installer_file_name=Candy Crush Saga&product_name=Candy Crush Saga&product_title=Candy Crush Saga&locale=XX&file_size=&product_download_url=http://www.andyroid.net/getandy.php&st=0&IX_Startapp=1&self_redirect=0&project_name=AppsForPCMero&layout_id=8&product_file_name=error.txt&filesize=&reffer=http://appsforpcmero.com&for_html_installer=1&uuid=gPmqBS8OBWYZ0BsvU9NTstphd03mlLodlhonjCRkTmnPEueDNWFHiHpunhNFwox3xRMd29PmOZi4aRDYNjslU6X1bsC8VgsWbVCHV3MPIIVLsfuXnuit8meaLLIkWEwPOdjkbj6kihA26Y5tf7TwCYTqczd0XUEPkJW8AkHDDj1s0EaAm89Yqhuo7q4SSMUrpInrIaMH0cjFMukdAMBrEGBYZiIirYCBCMMtxaAjceDnUkMRsn4NOqgguthM8KpiML8AlT8F8JPjFNPaKFKvSNX1x7xc2potXfTNkgLSLuMp0CT6zWfByqGR3r3L2vrutKgPk63dkrUTpi6IhjkXofC6fhnNKVDObtfTjtuWO5B3zIp6Cq1OSI2aB3XsFYlhIMa3fcw2LOWVrCxWBEAgElsTvB0lPTTIjlizNI8wC0DOJtH2zGfBEmgCcDlukGjsSuLxqsVSJanrGYRGBJsirEDhnhuahyaCyZckghItpuAMuJ9aUYN7ZFIoRChtQ0Hvhx03qO5Aczy7z38s5teSROQOVA17Uba9ep33cYYLnSkIpIyGJNFi4k38Z5zF5INsdN7Qvzq1Mup5IoaH68yfwlvyPpVJ7U5HLOEInwQrbC (candy crush saga.exe)

1 / 68 (Malware)

http://any-unix.xyz/v22597?self_redirect=0&product_name=Clash of Clans&file size=&product_title=Clash of Clans&installer_file_name=Clash of Clans&product_file_name=Clash of Clans.exe&product_download_url=http://.../getandy.php (eed7b7faefb8dc6b584815fa86d98dae)

1 / 68 (Malware)

http://any-unix.xyz/v22597?self_redirect=0&product_name=Temple Run 2&file size=&product_title=Temple Run 2&installer_file_name=Temple Run 2&product_file_name=Temple Run 2.exe&product_download_url=http://.../getandy.php (6a32b0685d058ce7c17adc942b529ae8)

1 / 68 (Malware)

http://any-unix.xyz/v22597?self_redirect=0&product_name=Subway Surfers&file size=&product_title=Subway Surfers&installer_file_name=Subway Surfers&product_file_name=Subway Surfers.exe&product_download_url=http://cdn.bluestacks.com/public/.../BlueStacks-SplitInstaller_native.exe (3ec84abb6795bf775a79b1ad1b083304)

1 / 68 (Malware)

http://any-unix.xyz/v22597?self_redirect=0&product_name=WhatsApp&file size=&product_title=WhatsApp&installer_file_name=WhatsApp&product_file_name=WhatsApp.exe&product_download_url=http://.../getandy.php (3709655c8ef4719ea912fb0757bae209)

1 / 68 (Malware)

http://any-unix.xyz/v22597?self_redirect=0&product_name=Hay Day&file size=&product_title=Hay Day&installer_file_name=Hay Day&product_file_name=Hay Day.exe&product_download_url=http://cdn.bluestacks.com/public/.../BlueStacks-SplitInstaller_native.exe (776319492f7a05bf805e132eeb4c06d4)

1 / 68 (Malware)

http://any-unix.xyz/v22597?product_name=Clash of Clans&file_size=&product_title=Clash of Clans&installer_file_name=Clash of Clans&product_download_url=http://www.youwave.com/.../YouWave-Android-Home-3-22.exe&locale=XX (clash of clans.exe)

1 / 68 (Malware)

http://any-unix.xyz/v22597?self_redirect=0&product_name=YouWave&file size=&product_title=YouWave&installer_file_name=YouWave&product_file_name=YouWave.exe&product_download_url=http://www.youwave.com/.../YouWave-Android-Home-3-22.exe (7016228a415ff0f9fc806055e3bdad16)

1 / 68 (Adware)

http://any-unix.xyz/v22597?product_name=Candy Crush Saga&file_size=&product_title=Candy Crush Saga&installer_file_name=Candy Crush Saga&product_download_url=http://.../getandy.php&locale=XX (candy crush saga.exe)

1 / 68 (Malware)

http://any-unix.xyz/v22597?product_name=WhatsApp&filesize=3&product_title=WhatsApp&installer_file_name=WhatsApp&product_file_name=WhatsApp.exe&product_download_url=http://.../getandy.php&locale=XX (c46b4e89e498d7986833eeb299a835de)

1 / 68 (Malware)

http://any-unix.xyz/v22597?product_name=WhatsApp&file_size=&product_title=WhatsApp&installer_file_name=WhatsApp&product_download_url=http://.../getandy.php&locale=XX (whatsapp.exe)

1 / 68 (Malware)

http://any-unix.xyz/v22597?product_name=Line&file_size=&product_title=Line&installer_file_name=Line&product_download_url=http://cdn.bluestacks.com/public/.../BlueStacks-SplitInstaller_native.exe&locale=XX (line.exe)

1 / 68 (Malware)

http://any-unix.xyz/v22597?self_redirect=0&product_name=BlueStacks&file size=&product_title=BlueStacks&installer_file_name=BlueStacks&product_file_name=BlueStacks.exe&product_download_url=http://cdn.bluestacks.com/public/.../BlueStacks-SplitInstaller_native.exe (727b3ccf144fb23dfa6f726ddf13e7ce)

1 / 68 (Malware)

http://any-unix.xyz/v22597?product_name=Clash of Clans&file_size=&product_title=Clash of Clans&installer_file_name=Clash of Clans&product_download_url=http://.../getandy.php&locale=XX (clash of clans.exe)

29 / 68 (PUP)

http://any-unix.xyz/v22597?product_name=Clash of Clans&file_size=&product_title=Clash of Clans&installer_file_name=Clash of Clans&product_download_url=http://cdn.bluestacks.com/public/.../BlueStacks-SplitInstaller_native.exe&locale=XX (bb80.exe)

29 / 68 (PUP)

http://any-unix.xyz/v22597?self_redirect=0&product_name=Clash of Clans&file size=&product_title=Clash of Clans&installer_file_name=Clash of Clans&product_file_name=Clash of Clans.exe&product_download_url=http://cdn.bluestacks.com/public/.../BlueStacks-SplitInstaller_native.exe (98e44033915fa16d57e42b60b976b4ac)

21 / 68 (PUP)

http://any-unix.xyz/v22597?product_name=WhatsApp&file_size=&product_title=WhatsApp&installer_file_name=WhatsApp&product_download_url=https://.../&locale=XX (whatsapp.exe)

15 / 68 (PUP)

http://any-unix.xyz/v22597?product_name=Snapchat&file_size=&product_title=Snapchat&installer_file_name=Snapchat&product_download_url=http://cdn.bluestacks.com/public/.../BlueStacks-SplitInstaller_native.exe&locale=XX (E6F0.exe)

The following 26 files have been seen to comunicate with any-unix.xyz in live environments.

TCP » 185.28.193.192:80

mdquickyksvc.exe (ModenQuick Service by PT. USENET)

TCP » 185.28.193.192:80

mdruyksvc.exe (ModernRu Service by PT. USENET)

TCP » 185.28.193.192:80

winmbskillssvc.exe (MobinSkills Service by PT.USENET)

TCP » 185.28.193.192:80

triggerlogs.exe

TCP » 185.28.193.192:80

TCP » 185.28.193.192:80

citrio.exe (Citrio by CatalinaGroup)

TCP » 185.28.193.192:80

winmbtuscasvc.exe (MobinTusca Service by PT.USENET)

TCP » 185.28.193.192:80

online-guardian-v2.0.9.exe

TCP » 185.28.193.192:80

Downloader.exe (Downloader)

TCP » 185.28.193.192:80

onlineguardian-v2.exe

TCP » 185.28.193.192:80

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 185.28.193.192:80

d9re-markablep23.exe

TCP » 185.28.193.192:80

winzillsvc.exe (ModenZill Service by PT.USENET)

TCP » 185.28.193.192:80

online-guardian.exe

TCP » 185.28.193.192:80

online-guardian-v2.exe

TCP » 185.28.193.192:80

update.exe (by Winner Updater Solutions)

TCP » 185.28.193.192:80

windilandsvc.exe (ModinLand Service by PT.USENET)

TCP » 185.28.193.192:80

windihepssvc.exe (ModinHeps Service by PT.USENET)

TCP » 185.28.193.192:80

windimixsvc.exe (ModinMix Service by PT.USENET)

TCP » 185.28.193.192:8000

buool.exe (LgGJSHMt)

Latest 20 of 28 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.