home

c.position-title.xyz

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
position-title.xyz

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Win.Reputation.IMP
100.00%

Lavasoft Ad-Aware
Gen:Variant.Kazy.618288
20.00%

F-Secure
Gen:Variant.Kazy.618288
20.00%

ESET NOD32
Win32/Adware.MultiPlug.KV application, Win32/Adware.MultiPlug.KX application
20.00%

Sophos
PUA 'MultiPlug' (of type Adware)
20.00%

MicroWorld eScan
Gen:Variant.Kazy.618288
20.00%

K7 AntiVirus
Trojan
20.00%

Bitdefender
Gen:Variant.Kazy.618288, Gen:Variant.Adware.Kazy.618288
20.00%

Emsisoft Anti-Malware
Gen:Variant.Kazy.618288, Gen:Variant.Adware.Kazy.618288
20.00%

G Data
Gen:Variant.Kazy.618288
20.00%

Vba32 AntiVirus
suspected of Heur.Malware-Cryptor.Multiplug
20.00%

F-Prot
W32/FakeAlert.5
10.00%

avast!
Win32:FakeDownload-E [PUP]
10.00%

Avira AntiVirus
TR/Crypt.XPACK.Gen
10.00%

AhnLab V3 Security
PUP/Win32.MultiPlug
10.00%

The domain c.position-title.xyz has been seen to resolve to the following 9 IP addresses.

31.170.178.179
July 9, 2016

185.28.193.192
192.193.28.185.gransy.com
July 9, 2016

52.27.128.59
ec2-52-27-128-59.us-west-2.compute.amazonaws.com
July 16, 2015

52.27.128.56
ec2-52-27-128-56.us-west-2.compute.amazonaws.com
July 16, 2015

52.27.128.62
ec2-52-27-128-62.us-west-2.compute.amazonaws.com
July 16, 2015

52.11.167.137
ec2-52-11-167-137.us-west-2.compute.amazonaws.com
June 26, 2015

52.26.142.209
ec2-52-26-142-209.us-west-2.compute.amazonaws.com
June 26, 2015

54.149.241.47
ec2-54-149-241-47.us-west-2.compute.amazonaws.com
May 28, 2015

54.69.228.231
ec2-54-69-228-231.us-west-2.compute.amazonaws.com
May 28, 2015

File downloads found at URLs served by c.position-title.xyz.

1 / 68      (Malware)
http://c.position-title.xyz/v3373?self_redirect=0&product_name=Vikings - 03x08 - To the Gates!&file size=&product_title=Vikings - 03x08 - To the Gates!&installer_file_name=Vikings - 03x08 - To the Gates!&product_file_name=Vikings - 03x08 - To the Gates!.srt&product_download_url=http://www.addic7ed.com/original/.../1  (vikings - 03x08 - to the gates!.exe)

1 / 68      (Malware)
http://c.position-title.xyz/v24390?self_redirect=0&product_name=MediaTek Drivers&file size=&product_title=MediaTek Drivers&installer_file_name=MediaTek Drivers&product_file_name=MediaTek Drivers.zip&product_download_url=http://.../get.php?file=fd92e02d&m  (mediatek drivers.exe)

1 / 68      (Malware)
http://c.position-title.xyz/v24390?self_redirect=0&product_name=preloader&file size=&product_title=preloader&installer_file_name=preloader&product_file_name=preloader.zip&product_download_url=http://.../get.php?file=547572d2&m  (preloader.exe)

1 / 68      (Malware)
http://c.position-title.xyz/v24390?self_redirect=0&product_name=CWM A106 Jellybean&file size=&product_title=CWM A106 Jellybean&installer_file_name=CWM A106 Jellybean&product_file_name=CWM A106 Jellybean.img&product_download_url=http://.../get.php?file=1be6d596&m  (cwm a106 jellybean.exe)

1 / 68      (Malware)
http://c.position-title.xyz/v24390/v377?product_name=[Naijaloaded.com.ng] Kiss Daniel - Laye [Official Video].mp4&filesize=18.88 MB&product_title=DFH Download Manager&installer_file_name=[Naijaloaded.com.ng] Kiss Daniel - Laye [Official Video]&product_file_name=[Naijaloaded.com.ng] Kiss Daniel - Laye [Official Video].mp4&product_download_url=http://.../get.php?file=ed2748b2&m  ([naijaloaded.com.ng] kiss daniel - laye [official video].exe)

1 / 68      (Malware)
http://c.position-title.xyz/v24390?self_redirect=0&product_name=Chew WGA 0.9&file size=&product_title=Chew WGA 0.9&installer_file_name=Chew WGA 0.9&product_file_name=Chew WGA 0.9.rar&product_download_url=http://.../get.php?file=eb0c22c6&m  (chew wga 0.9.exe)

1 / 68      (Malware)
http://c.position-title.xyz/v24390?self_redirect=0&product_name=[Andro-Biliraqi]game hack&file size=&product_title=[Andro-Biliraqi]game hack&installer_file_name=[Andro-Biliraqi]game hack&product_file_name=[Andro-Biliraqi]game hack.apk&product_download_url=http://.../get.php?file=d1339876&m  ([andro-biliraqi]game hack.exe)

1 / 68      (Malware)
http://c.position-title.xyz/v24390?self_redirect=0&product_name=unfedzombie mc accounts bypass-exploit!&file size=&product_title=unfedzombie mc accounts bypass-exploit!&installer_file_name=unfedzombie mc accounts bypass-exploit!&product_file_name=unfedzombie mc accounts bypass-exploit!.txt&product_download_url=http://.../get.php?file=a2f4eac1&m  ({blocked}.exe)

16 / 68    (PUP)
http://c.position-title.xyz/v24390?self_redirect=0&product_name=EPA2015&file size=&product_title=EPA2015&installer_file_name=EPA2015&product_file_name=EPA2015.zip&product_download_url=http://.../get.php?file=41b22ac1&m  (epa2015.exe)

11 / 68    (PUP)
http://c.position-title.xyz/de/.../Mt F2SsTEUmwcU1dkh0xXc4CFyb5X 1XIXA34QanERlt4KCORbfbgZPhQ4oq8MzK3b8uRWGYaMoo evKSItAYeSTdHiIHguxqg3vmLjG6wfj2qu2E5OusPChybUHhRRSGq NgTGFHiTgzDzW6tCzzXL4gGQS9 RLdhodJC2UFk1hY9AbrfI uQV8dunHlBSW9MEjY0qGAr0wjyurpn  (pokemon omega ruby.exe)

The following 26 files have been seen to comunicate with c.position-title.xyz in live environments.

TCP » 185.28.193.192:80
mdquickyksvc.exe (ModenQuick Service by PT. USENET)

TCP » 185.28.193.192:80
mdruyksvc.exe (ModernRu Service by PT. USENET)

TCP » 185.28.193.192:80
winmbskillssvc.exe (MobinSkills Service by PT.USENET)

TCP » 185.28.193.192:80
triggerlogs.exe

TCP » 185.28.193.192:80
wdm.bin

TCP » 185.28.193.192:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 185.28.193.192:80
winmbtuscasvc.exe (MobinTusca Service by PT.USENET)

TCP » 185.28.193.192:80
online-guardian-v2.0.9.exe

TCP » 185.28.193.192:80
Downloader.exe (Downloader)

TCP » 185.28.193.192:80
onlineguardian-v2.exe

TCP » 185.28.193.192:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 185.28.193.192:80
d9re-markablep23.exe

TCP » 185.28.193.192:80
winzillsvc.exe (ModenZill Service by PT.USENET)

TCP » 185.28.193.192:80
online-guardian.exe

TCP » 185.28.193.192:80
online-guardian-v2.exe

TCP » 185.28.193.192:80
update.exe (by Winner Updater Solutions)

TCP » 185.28.193.192:80
windilandsvc.exe (ModinLand Service by PT.USENET)

TCP » 185.28.193.192:80
windihepssvc.exe (ModinHeps Service by PT.USENET)

TCP » 185.28.193.192:80
windimixsvc.exe (ModinMix Service by PT.USENET)

TCP » 185.28.193.192:8000
buool.exe (LgGJSHMt)

 
Latest 20 of 28 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.