home

intva31.advice4updating.xyz

Domain Information

Server location:
Virginia, United States (US)

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US

Root domain:
advice4updating.xyz

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.DownloadAdmin.RedLightMedia (M)
100.00%

The domain intva31.advice4updating.xyz has been seen to resolve to the following IP address.

52.72.142.4
ec2-52-72-142-4.compute-1.amazonaws.com
April 12, 2016

File downloads found at URLs served by intva31.advice4updating.xyz.

1 / 68      (PUP)
http://intva31.advice4updating.xyz/dl-pure/1200543/.../?bc=1200543&checksum=58805495&filename=adobe_flash_player.exe&cb=-393996865&hashstring=jb2252016&usefilename=true&executableroutePath=1199715&stub=true  (adobe_flash_player-54970743.exe)

1 / 68      (PUP)
http://intva31.advice4updating.xyz/dl-pure/1200543/.../?bc=1200543&checksum=58726715&filename=adobe_flash_player.exe&cb=1133623168&hashstring=jb2252016&usefilename=true&executableroutePath=1199715&stub=true  (adobe_flash_player-54977405.exe)

1 / 68      (PUP)
http://intva31.advice4updating.xyz/dl-pure/1200543/.../?bc=1200543&checksum=58815755&filename=adobe_flash_player.exe&cb=-1739859246&usefilename=true&executableroutePath1199715&stub=true  (adobe_flash_player-54970743.exe)

1 / 68      (PUP)
http://intva31.advice4updating.xyz/dl-pure/1200543/.../?bc=1200543&checksum=58616967&filename=adobe_flash_player.exe&cb=-1741633768&hashstring=jb2252016&usefilename=true&executableroutePath=1199715&stub=true  (adobe_flash_player-58635327.exe)

1 / 68      (PUP)
http://intva31.advice4updating.xyz/dl-pure/1200543/.../?bc=1200543&checksum=58651323&filename=adobe_flash_player.exe&cb=1796989545&hashstring=jb2252016&usefilename=true&executableroutePath=1199715&stub=true  (adobe_flash_player-58635327.exe)

1 / 68      (PUP)
http://intva31.advice4updating.xyz/dl-pure/1200543/.../?bc=1200543&checksum=58885387&filename=adobe_flash_player.exe&cb=-457463133&usefilename=true&executable=1199715&stub=true  (adobe_flash_player-54970743.exe)

1 / 68      (PUP)
http://intva31.advice4updating.xyz/dl-pure/1200543/.../?bc=1200543&checksum=58640731&filename=adobe_flash_player.exe&cb=1246780449&hashstring=jb2252016&usefilename=true&executableroutePath=1199715&stub=true  (adobe_flash_player-54970743.exe)

The following 10 files have been seen to comunicate with intva31.advice4updating.xyz in live environments.

TCP » 52.72.142.4:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.72.142.4:80
UCBrowser.exe (by UCWeb)

TCP » 52.72.142.4:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.72.142.4:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.72.142.4:80
adobe_flash_player-71871229.exe

TCP » 52.72.142.4:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.72.142.4:80
adobe_flash_player-77344887.exe

TCP » 52.72.142.4:80
pmropn.exe (PremierOpinion by VoiceFive)

TCP » 52.72.142.4:80
updateadmin.exe

TCP » 52.72.142.4:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.