home

b.alwayswindcat.com

Domain Information

Server location:
Dublin City, Ireland (IE)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
alwayswindcat.com

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Win.Reputation.IMP
100.00%

The domain b.alwayswindcat.com has been seen to resolve to the following IP address.

54.72.130.67
ns1.ibspark.com
April 10, 2016

File downloads found at URLs served by b.alwayswindcat.com.

1 / 68      (Malware)
http://b.alwayswindcat.com/hp/?q=EDk79H47HNN06789/XQIkK0wVVpi/1Bd4ApHP1s7DXex3jEqD3rmrVMs7JS9H3Hl9Xo mqCw1OLX3TJwJhoi OYUjA/pbD/ly3s81Q7o0JKbVOIZ5Fc0 gfrqqDvjharMhEMuAjDFqpGP/ gCQGcgFFQT1hCGkCv6bBc4adhOdzd MlY1oJfq2vpsD6ft614Lkx1whUakIsdDqQKAJRlZiaVXwqgcLrFL2Z0sIMpiSeA88N2/R3bZ4np0II13YwXD5e2rSPFExnuSfWf23dA8qzYFnEGWoCiDk8X3TuLVtbDOhiOK4ACXnzwHy6Z8icHe16lWA0Fie3YHMf20YbBTL2QkMn8PmtQKSQuul3W0VTvvfMqz4OBUG20Nxvbfob7dfCu PjvdLIjJzknDjsXqSs6OpMID7g53rob/6lh9Rbbh7t3xZMuxbuizacRc6CT0GMdWb0bFkPK9e1txHErAVSqfSuws4ChL/6G83Z4n/v3DanQIj3CQbSBUKplhB0wGyuGMsn9yRXTVKq1JZuU1G5doG8m4wBUSeNMVBkjvuRgv5gJhFjUfnu4vDfpgHLP HnRPE1M5B/.../UvEk1kGUWvucvTWPLn9d KQaUU84MX05Q4eJZz2qjfigtOSKowje74EFnPPLAdASwrjE1OrU vACn0 F1nwk8PJAkH3VL5bccQ0rSCGwCov5XC&external_id=1435250337749105074  (sparkocam 2.1.1.rar.exe)

1 / 68      (Malware)
http://b.alwayswindcat.com/hp/?q=ejKoj7TQD2Z89JLFHwoBkRF0jBVp1JYY6R9SBflJmV7SUAbo2lV/6 KdFTGE9cvMgXtH0GBsrXHHHg04NwNO9SsWmSQhwYjhDyuxxYMOtYmgrZlqVMWCn QM2OpAcfLT04xbTtQWQUvGKIfzXzCI11EfbAs7qQBwNC UhCOVLARcYh6X4g3pHcxUjFN0RC PLqg37kkwuAkJea7kj15MQmZy8AxSPkK7ybcPdVk43BCjiEJf7w247FSUhZtOpA/jvVehtZLrRW3eCusGwHa8sLa/y/WtlQZaiMuiFyJojFyO4 b gLrNu0d8JyARRN3T6i0pdnuKkWSQSyw OziztPLhqA82swP5 lGlXHHQFv7tfokWo5gne1TLMPBAwIbAhqOxDfIemNmV7Mam9dQOo0nX3UZucIVRs13wstfgZy4LBep0HOfBt2CMbl1jeI5I K4oGOlzR0FMoojAhyPoiJuKcgyI793gsAyaHG1MwkZ1/0d6iVr65xzyuiHl8ijTaj2/4SZS0BpjakrG0Kp0EtKSZwi8Mo8o7RuUhKY4gIhsojrTCh6CI7Twa1aZ705jyUKfnJP//GOzNUkJxX1t462N12bCPJX iEHr NOkt0ew7wPMq0R1ghz4/HL5t05hl/VboC2KmYOZv6iaovdnTXoLveuFw8eSPU6FEd bwnuVzXHBgTGSZIPkGbyKuzPDFFRuvXFRxhysEebY27oN6x269/rj//jpRKR3w5iMUsmd8hh1U8SOmIsIKTlKiH5cVNtqrQ2FyyjVfhCS2l2tPIEKniwpqjuzJqO QCrY9UsawP7a0E7uMnI4sHcrgRJ2zqFF8v8TNq9hhzCd5VFA18scO6QutysHh7ZH&external_id=1435249391692865660  (pro evolution soccer 6 6.exe)

The following 142 files have been seen to comunicate with b.alwayswindcat.com in live environments.

TCP » 54.72.130.67:80
simplefilesupdater.exe (SimpleFiles Application by http://simple-files.com/)

TCP » 54.72.130.67:80
yourfileupdater.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80
uninstall12590625.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80
uninstall5322109.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80
yourfileupdater.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80
uninstall190602.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80
yourfileupdater.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80
googleupdate.exe

TCP » 54.72.130.67:80
browserserver.exe

TCP » 54.72.130.67:80
sm.exe (System Monitor)

TCP » 54.72.130.67:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.72.130.67:80
uninstall129231.exe (SimpleFiles Application by http://simple-files.com/)

TCP » 54.72.130.67:80
sfupdater.exe (SimpleFiles Application by http://simple-files.com/)

TCP » 54.72.130.67:80
kometa.exe (Kometa by @COMPANY_FULLNAME@)

TCP » 54.72.130.67:80
TBNotifier.exe (Ask TBNotifier by APN)

TCP » 54.72.130.67:80
pepperzip.exe

TCP » 54.72.130.67:80
internetenhancer.exe (Internet Enhancer)

TCP » 54.72.130.67:80
ssn.exe (ssn)

TCP » 54.72.130.67:443
mintcast_updater_service.exe (AutomaticUpdater)

TCP » 54.72.130.67:80
yacqq.exe

 
Latest 20 of 154 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.