home

b.goody-office.xyz

Domain Information

Server location:
Dublin City, Ireland (IE)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
goody-office.xyz

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Win.Reputation.IMP, PUP.Optional.PCUtilities.Task.Meta (M)
100.00%

Dr.Web
Trojan.Crossrider1.33816
22.22%

F-Secure
Gen:Variant.Adware.Mplug
22.22%

Lavasoft Ad-Aware
Gen:Variant.Adware.Mplug.46
22.22%

Emsisoft Anti-Malware
Gen:Variant.Adware.Mplug.46
22.22%

Avira AntiVirus
TR/Crypt.XPACK.Gen
22.22%

Norman
Gen:Variant.Adware.Mplug.46
22.22%

ESET NOD32
Win32/Adware.MultiPlug.LX application, Win32/Adware.MultiPlug.LW application
22.22%

MicroWorld eScan
Gen:Variant.Adware.Mplug.46
22.22%

K7 AntiVirus
Trojan
22.22%

Arcabit
Trojan.Adware.Mplug.46
22.22%

Bitdefender
Gen:Variant.Adware.Mplug.46
22.22%

AhnLab V3 Security
Win-PUP/MultiPlug
22.22%

G Data
Gen:Variant.Adware.Mplug.46
22.22%

McAfee
MultiPlug-FXN, MultiPlug-FYT
22.22%

The domain b.goody-office.xyz has been seen to resolve to the following 7 IP addresses.

23.253.126.58
June 6, 2016

54.72.130.67
ns1.ibspark.com
April 9, 2016

52.27.128.62
ec2-52-27-128-62.us-west-2.compute.amazonaws.com
August 12, 2015

52.27.128.59
ec2-52-27-128-59.us-west-2.compute.amazonaws.com
August 12, 2015

52.27.128.56
ec2-52-27-128-56.us-west-2.compute.amazonaws.com
August 12, 2015

54.69.228.231
ec2-54-69-228-231.us-west-2.compute.amazonaws.com
June 19, 2015

54.149.241.47
ec2-54-149-241-47.us-west-2.compute.amazonaws.com
June 19, 2015

File downloads found at URLs served by b.goody-office.xyz.

1 / 68      (Malware)
http://b.goody-office.xyz/hp/?q=qYMzvzOsAvnTpnikg0fEBTCTJ8JF7gFPiR9OmUYOf1dOfDzYOOe/BhRq7b95t0ZCfHUkCqEv0o120ia/pJVwH0gA4pyqQs1jb48nuTBWk23URA/MVv6m8HiGXWvF4GgqvFWwpsBjFJ YuQm6j0iOeQs2mrhf/swWmu6WmuY85LuGqRPPmQ9lHa9c4Oo4SOzP9TLKz9Tme2Jd/hg16xZGxvDTLp3UluPrLe8UIJ3kfal/ 9FXWZtDv7iM4sTE8lyzMij7F/GOyyPyr7BqTTmvH32nOpFASCw2W948KlmUv0bfUXHkV1hIHMnE0xWmN0LWbOXNaZ2wG8TtU4JYAyqYIAwcQDQvFUaOYepfHlNw8kO 2/XyV5qk8/.../kpA4&external_id=1433623528001977799  (download.exe)

1 / 68      (Malware)
http://b.goody-office.xyz/hp/?q=ImZH7Tf73Cll rpnikdzz9OG7v3HH1irJ5eLKXJ75jXmeZVxtX iyeIIgF72RuBKmF7bXYq8qfDMRL4K6vJU/rZsDbvlatGD4aTln5NtFpdf9ACipPgeFKtpSeCCZjZZfoxTvedXlhi9kYXlZ50swilHsm40BC7ErUQBzCymTw3gVWWFoGJ4q9UoYMHImUaUu/LOud2jMT8m9LhNyEp5AUGjhq8doBelnsgeJPP7bKRMqpQBwNUIsUogUEDnE6vo32AAiziWiZ8UxtQSK6FW8cxVU1I1i9U8BnwekkCmcemvhEbrE2Xy4mCVH43XLqBwCI0H6weOG9gfXMZSYMEKKE48u1aznUmzDie5sZvICTDf1r7L6d8aYOfNRFI0PEZxjnOS/.../n6WSZzYStejip9MOd5L yz0zzg1jxfHBoq1sz&external_id=1433623610668946810  (la lengua de las mariposas.exe)

1 / 68      (Malware)
http://b.goody-office.xyz/hp/?q=X9FigM/X3XGziqomjl4t3fBsognUCiv4OCHSMiVmien5aIp TDWxeuQKmK3RJHpjXp9m3OWkpQBRqC2xYP7ZrBe8RfSHEfnXQtT0lVluEqZmEZEIfmUFz0gn0SBm730eXfpTvuCiV2qcE6cY8VICbvDeScsGorAJyPGBW UiABEPBCMNwmcLdkayBO4SOcH01LJJKCA/Ty4aOxAAOUrMr6YWGQjv2yLJsIlfXA27QtwY9kM/.../AJEHG31s k9GORw7Y8ijkeiFBe6MO 1gydtICLPTOP9YhrUswPaybfPOgEvu73v8y2fLHW2ZGDJPBYx5lGg0vIckAIz92j&external_id=1433630940312192312  (lvero1480_veomov.wordpress.part1.rar.exe)

1 / 68      (Malware)
http://b.goody-office.xyz/hp/?q=M62XTAYJSQlEw789/XQJSk zzrw 5qNLbfD8U8rGShz/x/WlrE0w5W8w8o/o6/7wyjPtjG8LlC1jt3wQamCiQ7THBc3cqxAPQbAcWlVp/fGvrvn0RnoikuQBqj91OPyCcJE3EV6K3kqQYCkptVJQXaIFcEXsaZrLcLjrX5K8tlqMt8vjWu2SDvjG9eOwirDMFCjsFYbgPsjb9WrG7VVTei80MM83mYPJbddFufjUsYcjO8F4y30cTWJhkHEFK0VtPr6Sno1ZewL wdL39duuwj1COhJcl 80Be3eq2zosBBKUdN2YiGf/Mp6WXxD7cczuKKdFPKIh4Jch3D8NSeOE0WuBtVav ia0plOVYikLYVatHJ/58SZtt7b4TGU8AMCU1Ay74MizoXoG1sy6tgmZ8YU 9VOvFDJ/kU8XBWPbe/Y7ntwo wo4s0L9c5thjqkOC1LLKSGz29uK/l/PEeRV u3NfzukxYEakvEcaBHzOb vG07boHRX9a8q501h18WE1MQl0weGgQ lzObnt0phBGt7WXjWfTiOqW45lnnhXTKoauOKOMzFq5gkR4U7D7SJa4N1HjvJbF0QpD9A/UlM4rLBki5YlooGsMnjVx9x12TWTfr1wT0ImPA lDrVdhI8UbaoX31iQ4MZ 5HB0 D4hxt5rCThu54X8hMl IeG7JpMhTXrUnsRuDU74YkWkEh7VvAif1CO3QTcHf1vX54aI9YaWupcjlsrWZNfh1WEn/BFReeFIoEaULimWZxNOynpi D51G5wxGLUeDdeuKE97zXQZirsYvoKRBItTLrWUZg1GwAyyC6e/XzYmsl3Py99u55aEiEKQ3LkriaS8GQuIvsjyVstCDgyVql4HKveFIwE3MxvA8y40uNUiO9M/ylgPNi 9NzyVI8mTKvMuZQOSJc2wuk MjALApw/.../s8TKdHRNdoEl7  (download.exe)

1 / 68      (Malware)
http://b.goody-office.xyz/hp/?q=KlKoj7SOP5mYpnikg0fFYAWTcq3ZdrzP6BUukI58gdtm/ps4Yu2JVAjvvGXHLZE DmPLqTx2GsA/kO/rsb2 Rn/LcEJSrAlCzZplHphNB6zs2b2TiBCIJA3ZcV6HPYCuhlCiWWMWNpxNwzZwQWjrnyiaV7MItWsLuJLpZhm/jNOoNOjy1k8y2LIN4/lCxMOD4SQGdwJSvsWf1cubfOzYHiKrmGB0Is/4OJKVkIs7eeQaLX9Af9EvsIQBwNA8YnMgl3AN6028a08xgPUEkwLN1MDCUa1AbfDYlZzWEMQGDTWFvWstNFzwCv9tOCaC6mFMm SfDqvY1eeVitgmT6dOPEBwc/wvkTZc6IS8jRZfoNJS5axH2oA6zNnCUTTfYcGVReqK9yAS u67jqxfk91f5pOEF6jrSv/GBqZxjhPSgktb4Rdk/.../IS MJZPDlKLs6rU2kpx6TWbZSsIdidE1kpGVmuJqHWc1A7VdlTiANxKbspjIz6s50NGrS7Ha9jBoO7ag xzyOhKi43T&external_id=1433626494014817625  (game dev tycoon 1 4 5 full espanol mega.exe)

1 / 68      (Malware)
http://b.goody-office.xyz/hp/.../QE4nxUTYs0tDoPh2O37MQRr7wO8iRBPUEKmJomnK6OrqHDYixOasyrZQki99cn41gHrMTg4 3K74quT02Gk0NUsqDfQB9gHxjarv69CcYTlQ6a&external_id=1433627304225134133  (download.exe)

1 / 68      (PUP)
http://b.goody-office.xyz/hp/.../3kUwl4sQWhYmfqBcmw0rvnaKicJ1LopKYL8flfG7G80Rkv4OMXwLvWizrRUb XKmU7EiNwl62xRxA7khqkNcJJBVZ7QS&external_id=1433622705798186743  (2015 dvdrip.exe)

16 / 68    (PUP)
http://b.goody-office.xyz/hp/?q=efqd 7TQg/UukfABCDN7sGc2nf6sE5dNcLq/HgWCGNcVZXa5Bf2SqNKtbytifdFAOaZxGyOskaxY3KVOqSRIgN7/iyQK06YWdP/giuXtk7eOGrnMyOr5KEinfh9a4S/M/pZiM5b0BvdVdom5tqlC8wYdG1lvFmTL6egKhWoBMZB23vlX5F3jnyKTxNQNQ7qbYxhXPl7QT7/ 5Al642kjkhALd0pL1AVd6kLc0UxLJJHaEGIoqmPDio9 8ZlXO cU4jZx2Ur4GGgbGK5GCSfCJ2c8b69MFw7WYGcw4CaVfOTJ1tRt3pUrH1xwOvT5PFO4FambjE5DAUoBlYq Soc6l4xRi13vnF5y8Dba RtvbkZfpYq4mB70uHeIglLT39gxrD5kjARWSXqP2 XGRpoje9FNa1Ey/o47SjZtK1PInF0QZhooeQQ8tIkqsuaDCAz/.../nujimu5bs71QSdBuwGMhlsnM748oIHar13mX5Ls&external_id=1433621982521294257&uuid=U4JWbCDe2NqL3ShAbSpEcAdZnzWzQt9FnMXHuu1WwGnMQQvxUq2v6pJ8aulFtRdlpL10KWDTkmGML40wvLEtYALEBtrQ0qPwOohlTI5iLhmW0b8BtenkQ5CShNnX5knYVQnPNHY6HzJmcsAAaQQnv74vAPtMeap8kV1rvOU4YhEeiyAqg5N96GtLKcTlxmseLUiRzeJ3BEB9UFlllFb5nTA921EbhMg8Kg1TQ4kxlBBDr4FnjScH4IB6oj7iYRC1Y90c4xyxQQZZwErSlMsEl1vl9K8bTiuvrq  (drastic_r2.2.1.2a.apk.exe)

17 / 68    (PUP)
http://b.goody-office.xyz/hp/?q=t509Xj7MCB2lQxztvq0QSuKqiNg4upM2SyPG7L7Tk9e2Dv9sklk/I/IS/VMqgSpGophxxpt1/rlIcNiSaiFN82UwrPGVFjvO4yPbFm/F1XaA0MMpNpLLsbaBlS73Jd6gBivK7Ot/.../g7ukie8rpKQkte0Wg3VPn3d0c95yziXaFz cliKtyKq7ndVOCOOTYn9YyKazdJTU0MJrnO4cJEQPjS7OF2ZKoiM6EAKi148LnJ3Mo7Uqs&external_id=1433628400086480776  (proshow.rar.exe)

The following 147 files have been seen to comunicate with b.goody-office.xyz in live environments.

TCP » 54.72.130.67:80
simplefilesupdater.exe (SimpleFiles Application by http://simple-files.com/)

TCP » 54.72.130.67:80
yourfileupdater.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80
uninstall12590625.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80
uninstall5322109.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80
yourfileupdater.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80
uninstall190602.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80
yourfileupdater.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80
googleupdate.exe

TCP » 54.72.130.67:80
browserserver.exe

TCP » 54.72.130.67:80
sm.exe (System Monitor)

TCP » 54.72.130.67:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.72.130.67:80
uninstall129231.exe (SimpleFiles Application by http://simple-files.com/)

TCP » 54.72.130.67:80
sfupdater.exe (SimpleFiles Application by http://simple-files.com/)

TCP » 54.72.130.67:80
kometa.exe (Kometa by @COMPANY_FULLNAME@)

TCP » 54.72.130.67:80
TBNotifier.exe (Ask TBNotifier by APN)

TCP » 54.72.130.67:80
pepperzip.exe

TCP » 54.72.130.67:80
internetenhancer.exe (Internet Enhancer)

TCP » 54.72.130.67:80
ssn.exe (ssn)

TCP » 54.72.130.67:443
mintcast_updater_service.exe (AutomaticUpdater)

TCP » 54.72.130.67:80
yacqq.exe

 
Latest 20 of 160 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.