home

a.directdirect.xyz

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
directdirect.xyz

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Optional.PCUtilities.Task.Meta (M), Threat.Win.Reputation.IMP
100.00%

VIPRE Antivirus
Threat.4732184
25.00%

Dr.Web
Win32.Siggen.7
25.00%

Microsoft Security Essentials
Threat.Undefined
25.00%

McAfee
Virus.W32/Virut.n.gen
25.00%

The domain a.directdirect.xyz has been seen to resolve to the following 5 IP addresses.

52.27.128.56
ec2-52-27-128-56.us-west-2.compute.amazonaws.com
February 11, 2016

52.27.128.62
ec2-52-27-128-62.us-west-2.compute.amazonaws.com
February 11, 2016

52.27.128.59
ec2-52-27-128-59.us-west-2.compute.amazonaws.com
February 11, 2016

52.11.167.137
ec2-52-11-167-137.us-west-2.compute.amazonaws.com
July 1, 2015

52.27.23.115
ec2-52-27-23-115.us-west-2.compute.amazonaws.com
July 1, 2015

File downloads found at URLs served by a.directdirect.xyz.

1 / 68      (Malware)
http://a.directdirect.xyz/hp/?q=evxhIyTGa/6ilhabcd9372yHEJTMei2yGYk23zZ4Ix3g 3uZ8bbvY43cGMjPj4zNkDIJuDDaXRwFBpGRSBJeT2qJYsCH7eFam7vrjiHnvi9i0hBhlbRqfRgwq9KxxS47skUD1nLgUdnSW2KTXyxg2XhszBXOztRNVCh8Ou4rzLi9b5PaINmNAUH9fhzfoIPIQTK1IfcjwrBgArKQKZuFGt XY6NwMTWbYySBdGEGcSjJIi5Qw/BKyv6ny34l4yYSOmk8mZvCSVAuVHGPcEWjOl3sbUmqUIbCbbYsU84KDedufmmhKuIDkrM03W8tKdJo5w9SwWOiB/kg8p6tHbYB 5vgctXBcUvd5i3VRuvUtCn1udYUJ6dOYhyG1CjLlUyrU92MrUgbCZGEGFDnkwNwopLh 4ZQk46 HpxKlwEHcPUS0YeK1GrUxR65bT66QsGPm qqZPR7k9dRAtI8IgLAkp10drtjpMf/.../IrfKlJEi3UraJnsP3O0PYafDG0Vh4z6hwfcAdVoTSCDHyFZOokoDLmBhPmtlEx6nwmx5G6wTOdgKwuRYtLK6suxOnEkZIqXnwfjv2TddV  (old-school-eng-3491967.exe)

1 / 68      (Malware)
http://a.directdirect.xyz/hp/?q=0izaKm2dKp7djfABCDNAi4fxm S7WAuL9AG2XR6rExcAo3PNNEjUZNXkudY35d6332zFXg6PsYbXusN5j0UzGUG5uHaK/K Wu6UEde4Rl0ktnAn9JlQDdXosa/e22HOVltaUfYaYrpCzxOARxPP4T2W1VBhmRcE6gz7F1WNaXToUKHHEPoZ opUJjTUQnUzEwMQ3jabf3p/Qa7lLdg5K/bykwza/zeEBdA1LBuJoFuMns9OAju2G2HjYomYxlJRHHNWgy1C1SZJwG35SDNyoO7U kB16/IbOT8zZ6/tDXBTQmgXb/SaIE1/jLvnttvwZnqpjfW04b5MuIdjmo G2qhNYqxdnS7Lnvcd/JyQGUfLMFZBh9ZwmIyrlWjL6F8JxmDYzUFUIiTojtmOTjRRqeVKNaZCT0iW3vKsMnF1YHyYOsZuUcTElBp1P6pFYQrLtGzB 76gNeN 3gk74MOAT4RVY93ePadhvgUwcVKXksgKVFXIpyPlWdpQxOAG5qH5zh b/Tpdla6cPrfIBSoBEKNGfuVQ3rOb6D3xsZNxLEaclKQcwe GSJBNeX1a4zPXAhxaZwCnleZsEue4jxUGfjyWWz/.../kDl  (autocad-2016.exe)

1 / 68      (Malware)
http://a.directdirect.xyz/hp/?q=df/L554XcP2n3ABCDWPQAiCRJ3rl59dCse7gwf70OUI Mdra4fH4101JZlaZITuMeG2SoWLo9VT23dfJIctQUAjFcM lEfWeGNJZNnEwIrTrB/OP7C8VmiujvnO9ct7e6ZBS5XDe8FqEzCOiyQRVwSpnZdXD ymzTKV97YbkyRuXDdmu6zkxzPtaxg/2Wa06WFYj0ve/ PN2iucTc4Guq3rkYchTwbCzaRIHnxkg1Lz AhwERdi6t4yx1VGOYgYrksg4kS3MhBQRwf/6Tf9i/tXpND9Sk/K/vaBn1O2liYHammIZl A LaC/eT 2F1 XQQs0MSbf5yJHEU BcmIzRLxMQSs76a1UFTLHUdHRJrWjCGwGhvZTFZO4jEjXvHqOJ5KxKUs17uoRNDdKU1Y6MS22Zhd0KrBf354ShyTZ/tNMdbA3cSTMy/kKgT4Vcxdao6pHIoHQQpGHT9OSJmgrqSKIBjxYsQV8oqoJbT8cpHKWPEWTvazGtI9MAhxxmOgnbEfIRVSuTxFA0r5REP2bdKQenOcx7xvkPo44T6F8ZwjBLYvlgx21nu9xD/i82FIUqEWl4Eh/VnYIt/vkOCOEIv7Wijk1IEKSsiJloGRHZyjv5u2pHi5iKrMfS273m1YHDWQe/.../7brOR  (autocad-2016.exe)

5 / 68      (PUP)
http://a.directdirect.xyz/hp/?q=y2MzvySE2Yn4OCDWYSJSAkIjj5D1CnRtLleNznO/xkEOXidzf5pHfNJAJTrLtb63r2qh8QCgAOZyymySOav FIbpAOwOI/c82CtKfnFKzCYzpAa0/LG8Ojwfl62wducoGU4MiwNpOuRlDiDANXmIjhsb21GQJtqpGg0eh0jrX4cuD58CReNiz0znHJNZ1jeN5lcYUAD5ej/HW0it35Xn/d917X25 3mQZw6 P2EVCvcMNBUtn9wP2WxN7WtJ09BfoaozSJWRVLVLtpeQeCB3xN/FpbIb4i6Jid6wMSHUfsd0yYtRsuiFT6wlmMo0cL954IcJZh42iKkqfrwLUjWlQO8YMXthck9d rRdmxE4p/U//shLdCVqa3YkXM8xlHtociK9b0dh2de7vMUchAUN7BOXuNisdrxjAaNOjermJ52VA1A3Q0piim2qdVkctGcyOTfF5gXnGzULcbSDC1O7oQ8aXEgoJ6WugWwynQgypvCbbbSRMnCWhNXIaXGzr  (clash of clans.exe)

The following 2 files have been seen to comunicate with a.directdirect.xyz in live environments.

TCP » 52.11.167.137:80
download.exe

TCP » 52.27.128.56:80
updating.exe

TCP » 52.27.128.59:80
download.exe

TCP » 52.27.128.62:80
updating.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.