» b.always-wind.xyz
Overview
Analysis
IPs Addresses (10)
Downloads (9)
Network (166)

b.always-wind.xyz

Domain Information

Server location:

Dublin City, Ireland (IE)

ASN:

AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:

always-wind.xyz

Scanner detections:

Malware distribution (100% detected)

Scan engine

Details

Detections

Reason Heuristics

Threat.Win.Reputation.IMP, Threat.WebPick.RodionVeresev, PUP.WebPick.StepanRy (M)

100.00%

McAfee

Program.MultiPlug-FWG

33.33%

avast!

Win32:Adware-gen [Adw], Win32:MultiPlug-ZI [PUP], Win32:MultiPlug-ZD [PUP]

33.33%

Avira AntiVirus

TR/Crypt.XPACK.Gen

33.33%

Lavasoft Ad-Aware

Gen:Variant.Adware.Mplug.36

22.22%

Emsisoft Anti-Malware

Gen:Variant.Adware.Mplug.36

22.22%

Dr.Web

Trojan.Crossrider1.25958, Trojan.DownLoader13.3147

22.22%

Sophos

PUA 'MultiPlug' (of type Adware)

22.22%

Zillya! Antivirus

Adware.MultiPlug.Win32.293066, Adware.MultiPlugGen.Win32.1

22.22%

K7 AntiVirus

Unwanted-Program

22.22%

NANO AntiVirus

Riskware.Win32.MultiPlug.dqzxyd, Riskware.Win32.MultiPlug.draadz

22.22%

F-Prot

W32/S-6e476ff7, W32/S-2ece0b92

22.22%

AhnLab V3 Security

PUP/Win32.MultiPlug

22.22%

Vba32 AntiVirus

suspected of Heur.Malware-Cryptor.Multiplug

22.22%

ESET NOD32

Win32/Adware.MultiPlug.JI application, Win32/Adware.MultiPlug.JH application

22.22%

The domain b.always-wind.xyz has been seen to resolve to the following 10 IP addresses.

192.193.28.185.gransy.com

July 8, 2016

July 8, 2016

ns1.ibspark.com

April 6, 2016

ec2-52-27-128-59.us-west-2.compute.amazonaws.com

July 26, 2015

ec2-52-27-128-56.us-west-2.compute.amazonaws.com

July 26, 2015

ec2-52-27-128-62.us-west-2.compute.amazonaws.com

July 26, 2015

ec2-52-11-167-137.us-west-2.compute.amazonaws.com

July 1, 2015

ec2-52-26-142-209.us-west-2.compute.amazonaws.com

July 1, 2015

ec2-54-149-241-47.us-west-2.compute.amazonaws.com

May 6, 2015

ec2-54-69-228-231.us-west-2.compute.amazonaws.com

May 6, 2015

File downloads found at URLs served by b.always-wind.xyz.

1 / 68 (Malware)

http://b.always-wind.xyz/hp/?q=l/VyuxYFM1ZzysurpnbZ2M8c94weFoRqPHNxgKFFolMHcflYauPMg6gxBEJhQ7EzB9Xw6OivJTVL99y5/YrkL0HxbGPT xdhPHRxhMf305FYMo54HrqOG2pftKa/NHV1V XiRSxk2wgl5ZpSYjb/2QNxY9p6pAtdCS26VtTlQRyAFmjpfeu7b9nevlVzKJBd1xlVdrUTubhd2j7h77lb mbaQnGRxVFMgPWoYtNmUhShuIZsB3FMlz3ZMAIkDFxVEkAihol520mAnx/M0sJhyrEkcV1QccZlhhODo43njQy8f9exOSGXuU1RtDKJ 1pxhXCNAkJcm PrRVv1kzZ iyIXSr5RJ3lp5ZyCvNnd9bfDIppERni7kLo46VMJ peauRlwS6JGPh6d8y7pf8QGYPH44Zu46uLbkPkn89Nprd5idhBhqdNX0ydyrf/FfPNl7sOFq6vqQpCKBnd82IlEVwG7mUcB3qVp1JCOaSR5g/qM4Bhvuytf29UsrEjWGQfr9YIgEyYrmPAVUynExNWRAbdD3awGXQ8MQG/MiLAinDChMVcAVHR1nY7j1TYRqVTq7 27d7YiibBtlLbcFt0D9U5VNLv1WG4w2JtjTq8SYKsXwWJcjLXbEHnrc8w1PQRf9oOeTzHRP4FbgRD97dh/0ZHgTCu4GL kYgD0UoZ0wCmWwb0V42IJ CYkWo2F2y/wCS/kQnFCFTA9H6 xFRcnD3N0g7aW/.../Mu8LmIn8l6EdHfpl1r50CoGrkVRUg9YTPdnWcUcNiQh1hiv0s0BISblbGu2lHbeTlQ3LmVFqZxWbCtg1wzNq5czjTCgHdXLnLBTaSSq8ahXWwkQJ87oii2CQh0PJVlV8SVIV6BHskpnb3jqS4cu8egGifhV4ooy8axt98aA5tgR21cRj3 XlwAOImusmXgntgS14ksFPa8VYHPFou&external_id=1429958 (pokemon_leaf_green_version_usa.exe)

1 / 68 (Adware)

http://b.always-wind.xyz/v2921?self_redirect=0&product_name=???? ????? ????? ????? ?????? ??? ???? ???? ???????? ???? ???????? ????? ???????.mp4&file size=&product_title=???? ????? ????? ????? ?????? ??? ???? ???? ???????? ???? ???????? ????? ???????.mp4&installer_file_name=???? ????? ????? ????? ?????? ??? ???? ???? ???????? ???? ???????? ????? ???????.mp4&product_file_name=???? ????? ????? ????? ?????? ??? ???? ???? ???????? ???? ???????? ????? ???????.mp4&product_download_url=http://r9---sn-5hn7sne6.c.youtube.com/.../mp4&expire=1430001806&key=cms1&sparams=dur,expire,id,initcwndbps,ip,ipbits,itag,mime,mm,ms,mv,pl,ratebypass,source,upn&signature=252370679FA2559AF91E6789D2B (- .exe)

1 / 68 (Malware)

http://b.always-wind.xyz/hp/?q=1JEmlYleyoqpdefABCVey5CRRgkZHkHAA1dyUCPkCFXN9YIu6vcA7il P3wBYfceQ62VFOSoOgZpiS9/8OvuIWWap9ZufvsJABkhRMnu/ONVYLxNsKbU2nzl/6pPI33WZ EKdhsDNnCHn8BfwmQcwJQB06DD5PAHpYaH0Yzkxd0GOZ8Th3eSvQNfgikXCcPZfCsvXNMOMXY9L8nS4O/.../NfdjairWGXJmxMLEirsLuZdlSUBGSNXssgqBECWZhwOj5JROqz7seCJsL9bLbOE7qcsX4dtMWo1LrVN wdkqgxFCUD7GSG7hXFMf6a2jS&external_id=1429966814842037392&uuid=H97IwIyU6ygQSIpqQYVYNT81xjQ9WIT6nHs7Ypr8GZUGWafYNVB47FavlFGxuss2feasTgRFDgoP5QqlIVnWP9ajVfRj2WbhDbvrJMfsXPtI4IzZ1Hm7fZbd8gzLZL09gduIbTJWRCJheJ0YiFF4EuEvVQ88X4aciZMmMUJc1gR4BLywaL5UBKMjsvVRHw2wTZfK4ZcGu8be6hlaaUAK5htoPObbV3hZK8inZcY54nGmwIPm463SeSPurI6eHjtYtwAmPTobuiIRMhAWpaCUsrgukSgU6YiC4RVNkRlxlMYpUwDhHTjuH0rtBqRohtbhI0WRQvniGqPpeeQbzi0D0ww3gt6hvbtSOxsIuDlJGkqdskZQlaCw7HjjxTMLOu3f5YKA8mL9HBqhwLfat7L8S9vYR0brjCrb72wcvEknUVJXLEccqotH4cpJu3Lrue23IzGdp1XXLq54jOCipi1Fq1wbtkeIrYFQUVfogja0mb7pcLWsNhF8qLt7ALHBRVOk5morzUJUIW6sAo19dXpQKvuqNIoELpEPDPIUYK4Tgg7wS6rZ6OML3VsACSsWBUm1HIGSN2KKFVQhghWOwFP7gTo60r (8.exe)

1 / 68 (Malware)

http://b.always-wind.xyz/hp/?q=Zvp4wDzvg0YpVDWYSULN2LR4mJ7TIc0uBgpmfabPapBydlf/Yeb iGqbUiBpfmzWTa4BY/SI5T070RMi4oqEHVuTZdAEdo41CifSbTrVtffWTkJqib5f2rmu2ItOWIfwVzfkWWszOqEro/tz MoBWGShFTrka3f3ziL3JtIE8zZxa4aICGmNbTuY20rR3cMJK1JLLdfQ2iwPzHngaINletmykEnEUiEgX8Yj4i/V hAaeZUh/6WQ8ozp6gLLWnRCSf3xnmOfAhqt1qzdzdUYL/UPJm Ikp/mz/pGHfGlnAPPjLHLfB/h9jZY1b5B57TS1egmOajD9usxky4PGXwg6HJt9N9lFIfZR5/np8WgPHD77fjXcM1O8eKfp9dJP1D6dAqnINRE8lcSLrzwtLJcm H98Hl tyCM2yEOZ7g83eRWdnZV35Kiji/lFzzoXW6kOp aIZHgQp9k0s IEwRLFGeIFcG9wiYz/mpSPgLEaXpABTucvr64UztWvgu3gBT/jyTTJAVqhQUvVXqFvWzoPb3Frx8F3pK8p13cMhkelzHesdbwUEWfs3kE/czYkqanCJpGGQbMKo3VjLXuw86Q9jAt4 H3cvI9Ah5QZ526e0CsrXsnDG9HhpqlLqhsrskumndOAf3SAJRiMBYXXxMIwTxiOWyL4My26wU67uaR81xZiwI2/SZlkGkrirj1LRlIJQDJg8uH1lQevX9tMHKpoJ7iNqB 8PsFokrZKn /9KnPXrJZ5L402EmZco0m34dUpmR9ZJc1AuiqrgXzKLr3OkYzuwIY/.../uqCa 9VYpIY MjhK7rRAPzWhcSjgmakkTqkvACYj7Hal4tUHp 8OCTRX9cTRb2QTMjMC CV9b9V0&external_id=1429976456904954431&uuid=eZBVqhcnXbfmAUehXfX25CHT8g7Oj (imo free video calls and chat for pc.exe)

1 / 68 (Malware)

http://b.always-wind.xyz/hp/?q=HU/L5AWRsjJfcztvqo1Lg1LOGMs7JRr GkaS AXygo sUsKVjHv1mmntoPWPKipi9W xjoDj8hYhPYbrQFKoo5hE8Y3pJXkwjvYzgwTyvedukbPd4EfbiaLiMjcAHmjIStY99O7VgU2w307T/aDFhv9mBJXyb/ bJ lT sMjaXpdM/vTAWudNPJ649N34MyMNbeD972EE5KyCz1AetLSUBiLO 92yfeqf/I/bCUyTNLNRGoaFWudGaw7eWc6C7TjRZDoOQLW54AhEKWCkaccY3Z0V/LeqQdqNqu16FZeQwAt6nwiP Dqvn/ilzHeDA2xHcWfz6VE0AzYkoaFji ltsNpA8klAb7pKuJwrLJ/jWBUiaiRBdlUg53kISzR rQPiGAmfJHgrvcpJy9/KQ1pOk/kKWqbZKkjUfxjsPruWyoqBzD3cQBNqMgV1ZNmUL0cLKxvvskgAQ451smAjpi fSGOWyTTWbuNTciShqIfKDyzY5Czvo86E0aS1oJxEo A2RqLRQvGz6V/eD3QALoQFZv 42zhkwUhqCY8/.../mIKlxRimtwtXEY&external_id=1429980643695588452&uuid=VtNzwhTc1jgT8G2FWCHQHdPPksLsrfh1WmBR5odPLRySsFkz12C9L7lHqhVRECUA9i6XSIlDgTSpHVZ9ZCkkIyiMuM7KMm9eEc2ZhOQnRWvSzWs3SBM782ugkPpRsI18mL35zOh9sFqrsjp9R7Z0tsvdX9OQ8oBUvrpHCqLQlm6sZEENoZYY6fXpZki24by (visual-boy-advance.exe)

1 / 68 (Malware)

http://b.always-wind.xyz/hp/?q=HU/L5AWRsjJfcztvqo1Lg1LOGMs7JRr GkaS AXygo sUsKVjHv1mmntoPWPKipi9W xjoDj8hYhPYbrQFKoo5hE8Y3pJXkwjvYzgwTyvedukbPd4EfbiaLiMjcAHmjIStY99O7VgU2w307T/aDFhv9mBJXyb/ bJ lT sMjaXpdM/vTAWudNPJ649N34MyMNbeD972EE5KyCz1AetLSUBiLO 92yfeqf/I/bCUyTNLNRGoaFWudGaw7eWc6C7TjRZDoOQLW54AhEKWCkaccY3Z0V/LeqQdqNqu16FZeQwAt6nwiP Dqvn/ilzHeDA2xHcWfz6VE0AzYkoaFji ltsNpA8klAb7pKuJwrLJ/jWBUiaiRBdlUg53kISzR rQPiGAmfJHgrvcpJy9/KQ1pOk/kKWqbZKkjUfxjsPruWyoqBzD3cQBNqMgV1ZNmUL0cLKxvvskgAQ451smAjpi fSGOWyTTWbuNTciShqIfKDyzY5Czvo86E0aS1oJxEo A2RqLRQvGz6V/eD3QALoQFZv 42zhkwUhqCY8/.../mIKlxRimtwtXEY&external_id=1429980643695588452&uuid=w6JhQKONWYuoWsZquHc2RbgZXvZgme0kyMUcSSVjnuCwqeoc8CdXtJGOyboXnoA8VJJw1d25bUfqm1l9O1cArkSSBauTGf5aW8KL3eWg65OqR1tNARxOnUpdZvSxbIWWtEbqyVp4Ihcg4fH7keVWSmi7RFRRa6OZsrPXPi2GFrAdlfmYtIH9IVJbgdnZcqc (visual-boy-advance.exe)

24 / 68 (PUP)

http://b.always-wind.xyz/hp/?q=GRPupj7X0ToIJRJLFHqjLcj6hYqjytqRSG2Zf7LpNw64iKacQvSJOKKIKCJEcr9lhCu5HwH2ftPm2yU/aAKTrecQOm/m3GrLNOGRLNQ1j0BbeKTmkR7BLsXSNZxKWFRK1MqfyeG9RszY7qpaMwieiHLETMIKnZzq9MoJIlqNRrm4owgHxreVuuBD/aq v7GB/ II4UK89WIZ/sS8daQEXUvflCVYtPJvO6ji5xYxOXJsXdkPdftjpqikKrqxuLeZDev/6gjPNu5P0IEcVXJU9zh5et/N2FaWjo7P0pnkpZbjSd79eKPqPhMF2Twih5/B6McZXk3jRIjq1cUqdQ/fCJcgPfD7nBLdb3LvRkPms BJ/QIZsdcGKzsMGAPgKXm4 FSmdCuNgSPoq9jmQOLDN08Ea 4GhTF8tXh7pcVJkMuRwG1oP4PVvBgGNn8O6TU9WLYP9mC2U29 TVqnHNzWQ0Zb0Rd0o23cENdfrhhqMs375Kovu3ToU7SS/77tKsialUyPj96FYglIEFzh/Ktm1lwIlOuaIu2HYRCNg4Na1/Kmvh7DbDrUKdwO0wj/OC52CUF/jdi4Nj2Bf7jW34l4LmEyEvqaPKndEXMAb8QrcM uvYZnk9m6/DkLmuo1ndwKMahvHZgd7dDZqVpcjB4HgNxvZUwLcvVKGn8Ua64rwOREiHUZhndXcVGkWHGm sxjxZg1wItWQlSdEcvOE92mezHV2JTOIlv6zcfiQ3gnCbhC4Zcr/lurjTaUnov4HLAtuNleP2RTMX4cDADKeu4L6/ack6hm2KuZd2tRVpgUza7fwDuCCZU HeWhNnDXGnhNa1bY90RRHCVCox4d1lpUjyYYBmpjp814Adt9APIkX3nmCeRW/.../LP2xVFi&external_id=1429974886845222681&uuid=tWuktZqmerVfq0S2s (pokemon_heartgold_version_us.exe)

14 / 68 (Adware)

http://b.always-wind.xyz/v21105?product_name=Microsoft Office 2015&file_size=&product_title=Microsoft Office 2015&installer_file_name=Microsoft Office 2015&product_download_url=http://products.office.com/en-us/try&locale=XX&pb=http://www.newsinitiative.org/.../ (microsoft office 2015.exe)

7 / 68 (PUP)

http://b.always-wind.xyz/hp/?q=CB2XT5eYLledCwysurhP0L fu28apqqMPdVS013pcFW/6d5bp43ZkITUGXUfbOpxvFiEDB8nYVCqDZEVho4ZGjkPIRpyqS6KnFKbvpW10SNsyAj3EVFzMyTToceDLnFsHwE3xpGyeLMrH DpXrbzRerGhUC/tJq8PzA3Z jrkymTv0ffpcMUhnmMYD3gbSdcbow0hfcuzL7FU5OfAhuw3E0FBBJF/FNcdkZtw/7ZeElUuSmN ge96t29re 2hWVOykLy HQOh4kkbaWrvTfgPs9ziwHV88YSItudjYPlJMPO7R9QbpqTz8ZT5Ro8EnKe0R GAhDOdh0ZhxUXDt9AOMn6UVE/z3g23bZYd4QU 9b82mCMJKE5cpXx0sT33eikr5RMO0eOA5Z/Zoje6vBl evvUoIxRznQDRqYGu2O9KxQXPK4aqRkUWuYgQO/buuQbpr2JH1ndToDkAnz6PGQMODmuKODiKVVPfhPzVVVwcbxW02Q zzL8q7 crnMpztEYG1qMCBE3zfAPo3xUtcZzOD0I7/2LyJw2knv8OSZVqbqnNAxmlMfmE3yNsHDwU0Cw7SULO7sZHtXiS8cfRun5cFyBWcm5QJ63FUu5w78X1kwIet0KWoB3Ty1lcf7G4Cxc14KfX6J19tV7UyhnVuVS xs6lv uBixxHZJKTEvzK4s9MoGIL/dbf0hRDaKO5rV M6vUu3z1moY2spU1Lm9yLLmP8ffISBxQsh3y66CjFTJ4K3yC4ehFMCH7TwH1lP2LiyebBlJAdRk 2ZMq6JpuLDRt7mogXoXqo9 Ck4trNpdHL/.../8yJ X&external_id=1429962287469811841&uuid=XJCrjhOEgJXLIP07IlYlefSH7YLnf3icjazp4Xe (pokemon_edicion_platino_es.exe)

The following 166 files have been seen to comunicate with b.always-wind.xyz in live environments.

TCP » 54.72.130.67:80

simplefilesupdater.exe (SimpleFiles Application by http://simple-files.com/)

TCP » 54.72.130.67:80

yourfileupdater.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80

uninstall12590625.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80

uninstall5322109.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80

yourfileupdater.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80

uninstall190602.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80

yourfileupdater.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80

googleupdate.exe

TCP » 54.72.130.67:80

browserserver.exe

TCP » 54.72.130.67:80

sm.exe (System Monitor)

TCP » 54.72.130.67:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.72.130.67:80

uninstall129231.exe (SimpleFiles Application by http://simple-files.com/)

TCP » 185.28.193.192:80

mdquickyksvc.exe (ModenQuick Service by PT. USENET)

TCP » 185.28.193.192:80

mdruyksvc.exe (ModernRu Service by PT. USENET)

TCP » 54.72.130.67:80

sfupdater.exe (SimpleFiles Application by http://simple-files.com/)

TCP » 54.72.130.67:80

kometa.exe (Kometa by @COMPANY_FULLNAME@)

TCP » 54.72.130.67:80

TBNotifier.exe (Ask TBNotifier by APN)

TCP » 54.72.130.67:80

TCP » 54.72.130.67:80

internetenhancer.exe (Internet Enhancer)

TCP » 54.72.130.67:80

Latest 20 of 182 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.