home

cdn.sysweatheralert.space

Domain Information

Server location:
Pennsylvania, United States (US)

ASN:
AS60068 CDN77 Datacamp Limited,GB

Root domain:
sysweatheralert.space

Scanner detections:
Malware distribution  (67% detected)

Scan engine
Details
Detections

Kaspersky
Trojan.Win32.Inject
100.00%

Norman
Gen:Variant.Razy.39481
100.00%

F-Secure
Variant.Razy.39481
66.67%

McAfee
Trojan.Artemis!19DE9FE98804
33.33%

ESET NOD32
Generik.NLJPRGF trojan
33.33%

The domain cdn.sysweatheralert.space has been seen to resolve to the following 3 IP addresses.

185.59.223.24
new-york-2.cdn77.com
May 25, 2016

185.59.223.28
new-york-20.cdn77.com
May 25, 2016

185.59.223.22
new-york-20.cdn77.com
May 24, 2016

File downloads found at URLs served by cdn.sysweatheralert.space.

3 / 68      (Malware)
http://cdn.sysweatheralert.space/autofiles/tw6rau3x3rrb//.../SysWeatherAlert_Setup_rec_prd.exe  (a5c142905612f54394ffc0c695551b1f)

2 / 68      (inconclusive)
http://cdn.sysweatheralert.space/autofiles/xe1yej8yt9mz//.../SysWeatherAlert_Setup_rec_prd.exe  (82c6428fbc6a45f7854350f509059472)

5 / 68      (Malware)
http://cdn.sysweatheralert.space/autofiles/qxk9dbu91x9x//.../SysWeatherAlert_Setup_rec_prd.exe  (19de9fe98804786dd77e623d8d36761c)

The following 8 files have been seen to comunicate with cdn.sysweatheralert.space in live environments.

TCP » 185.59.223.24:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 185.59.223.28:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 185.59.223.24:443
beaglebrowser.exe (BeagleBrowser by The BeagleBrowser Authors)

TCP » 185.59.223.24:443
mustang.exe (Mustang Browser by Rafotech)

TCP » 185.59.223.24:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 185.59.223.24:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 185.59.223.24:443
online-guardian-v2.0.9.exe

TCP » 185.59.223.24:80
browser.exe (Browser)

TCP » 185.59.223.24:443
online-guardian-v2.0.9.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.