home

i1.moodclock.xyz

Domain Information

Server location:
Dublin City, Ireland (IE)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
moodclock.xyz

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.EZDownloader.Installer.M, PUP.Bundled, Adware.SInstaller.I, PUP.Optional.PCBackupSoftwareLimited.K
100.00%

Trend Micro House Call
TROJ_GEN.F47V0611, TROJ_GEN.F47V0114
50.00%

Dr.Web
Trojan.Searcher.1197, riskware program Program.Unwanted.75
50.00%

ESET NOD32
Win32/SProtector.M potentially unwanted application, MSIL/MyPCBackup.B potentially unwanted application
50.00%

Malwarebytes
PUP.Optional.EZDownloader.A
25.00%

Bkav FE
HW32.Stranacty
25.00%

Vba32 AntiVirus
SScope.Malware-Cryptor.SProtector
25.00%

XVirus List
Win.Detected
25.00%

Emsisoft Anti-Malware
Application.MPlug
25.00%

F-Prot
W32/Multiplug.C
25.00%

VIPRE Antivirus
Threat.4150696
25.00%

AVG
Generic
25.00%

The domain i1.moodclock.xyz has been seen to resolve to the following 2 IP addresses.

54.72.130.67
ns1.ibspark.com
April 14, 2016

54.191.15.203
ec2-54-191-15-203.us-west-2.compute.amazonaws.com
February 4, 2016

File downloads found at URLs served by i1.moodclock.xyz.

2 / 68      (PUP)
http://i1.moodclock.xyz/.../trnt_egg.exe  (down.2436.fastdownload.exe)

5 / 68      (PUP)
http://i1.moodclock.xyz/.../Cloud_Backup_Setup.exe  (mypcbackup.exe)

3 / 68      (Adware)
http://i1.moodclock.xyz/.../ezdownloader.exe  (71f784969d24240764d5e5d752d55a41)

8 / 68      (Adware)
http://i1.moodclock.xyz/.../sinstall.exe  (71c2ea2b936ba80f4bad80937b369adf)

The following 145 files have been seen to comunicate with i1.moodclock.xyz in live environments.

TCP » 54.72.130.67:80
simplefilesupdater.exe (SimpleFiles Application by http://simple-files.com/)

TCP » 54.72.130.67:80
yourfileupdater.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80
uninstall12590625.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80
uninstall5322109.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80
yourfileupdater.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80
uninstall190602.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80
yourfileupdater.exe (YourFile Downloader by http://yourfiledownloader.com)

TCP » 54.72.130.67:80
googleupdate.exe

TCP » 54.72.130.67:80
browserserver.exe

TCP » 54.72.130.67:80
sm.exe (System Monitor)

TCP » 54.72.130.67:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.72.130.67:80
uninstall129231.exe (SimpleFiles Application by http://simple-files.com/)

TCP » 54.72.130.67:80
sfupdater.exe (SimpleFiles Application by http://simple-files.com/)

TCP » 54.72.130.67:80
kometa.exe (Kometa by @COMPANY_FULLNAME@)

TCP » 54.72.130.67:80
TBNotifier.exe (Ask TBNotifier by APN)

TCP » 54.72.130.67:80
pepperzip.exe

TCP » 54.72.130.67:80
internetenhancer.exe (Internet Enhancer)

TCP » 54.72.130.67:80
ssn.exe (ssn)

TCP » 54.72.130.67:443
mintcast_updater_service.exe (AutomaticUpdater)

TCP » 54.72.130.67:80
yacqq.exe

 
Latest 20 of 157 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.