» a.settercenter.link
Overview
Analysis
IPs Addresses (5)
Downloads (4)
Network (2)

a.settercenter.link

Domain Information

Server location:

Oregon, United States (US)

ASN:

AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:

settercenter.link

Scanner detections:

Malware distribution (100% detected)

Scan engine

Details

Detections

Reason Heuristics

Threat.Win.Reputation.IMP, PUP.Optional.PCUtilities (M)

100.00%

The domain a.settercenter.link has been seen to resolve to the following 5 IP addresses.

ec2-52-27-128-59.us-west-2.compute.amazonaws.com

February 6, 2016

ec2-52-27-128-56.us-west-2.compute.amazonaws.com

February 6, 2016

ec2-52-27-128-62.us-west-2.compute.amazonaws.com

February 6, 2016

ec2-52-27-23-115.us-west-2.compute.amazonaws.com

July 1, 2015

ec2-52-11-167-137.us-west-2.compute.amazonaws.com

July 1, 2015

File downloads found at URLs served by a.settercenter.link.

1 / 68 (Malware)

http://a.settercenter.link/hp/?q=9fk79xWZ7deD3FHwysjdQv7v2nWHtN/GFGPthsjrDqf9q2Yh r5W7o7ZiRqFoGOmKTaB M 93x5FOR15A/CTxN/d6Df4JshQ38MJW3t9vHHFMCai7iQ8u/IoD0kLv6vJDqWg8paJYIS7jgujh8fqKaDrgE7ZK4Q/XHa8rXyMBp7Jg7wMrbGDj1YiHj40xrRE9ixtBojkktgtidnHhQmAeTKq2O8npfa8s9KDn l87zRnWTKvUAjuPo1EWAHRESEyWD0A4A4tzY3ovr6lDvYqwX13r6goviMOdyzjkSq1R93GHUwWnHRB5t08U43nbOIYnYTGCOp7RGzlcPbAxUtDowiLBj VGpDW qvVHj40VIcdGUy2w/B4n4GkL66HCvacgWw5 ICzy8NP5pBixYQWnPQhUWppuu17UkqFtD zArGQRYqCMOx6vczVaU26lJZ4O/ICAP h/.../H (windows xp professional sp3 32 bit black edition 2012 6 17 zip.exe)

1 / 68 (Malware)

http://a.settercenter.link/hp/?q=wir3HAXMuAcogPRJLFvnvZPoT/Pkp1d/HxxYZrJNhvaSQeEgsf13ODEUflTpJ8IQB2NC7jXQ5bxxCf o5Te6wsdhSenZ1cm3yPAQPWNiIcoMxk230RWuyZEX809q4Ku5m /FzXhqRKcVpvi/IUR72VplzW1qL22aeGB3Kcd1CKeFNUSIstakGNCN8KE2VOooYqq kkmqtF/L0RODYTC6o7uwTJFvYr/.../KNwCm9dOf15PcQVaG (doom 3 bfg edition nosteam.exe)

1 / 68 (PUP)

http://a.settercenter.link/hp/?q=xxlBDySIZ1rnTVNPRJzhvVKbfy9lYB15KxwlqbRXXSacUSMqmQuv/eYA/y4VZd1Jl7pdf59XNDC4ZaVO7vfJNYwTyZ/.../mB813uTsZDj3wTEc3yY AXo3JYMRSxqXnyT6ntfFKl8OFeGUjEIL c4yi5lKlhzcntNZsZzkJI2wMz73rmvXdc425cdHI7xkwMtEAfJLNZshf6jCiFQmY3BxsWHi (download.exe)

1 / 68 (Malware)

http://a.settercenter.link/hp/?q=/ky0Jru0m52T6ysurpaIICaQdIQweLnOrF bWFv0ViAN5mc4s9td6nUL0lYsHU2wBQ8wK5JwO /iXcZ0X3aV8u0qbDlXh 4uao4UxQWNRWa1i8F7xgMIPu9DnVpBzgBQFXl8KTED0aw5 8f Vj6HLsOhAXIcNfbvyPjv51KCUDt5bYfl2oyIdiv7Sjojzj1iB0Fxv7Q5QqBvzpqIbuxdWdgYAAAtgNFQZ8LdP9WAjonED4LzXKpnZbUpZDKZXqYLIWLmN0jvXgLaSx HlpHtKZsxzHD/ifHRq5Wc7oPGtmieNz48GIzsTIY 3sXU5z04/LbZOZFQ1f92HamCH2POyB/nfCGSkkoEVLmtBRS0oGXvuBSjY1ohc6tyMjkzba90XciYbtgoc6A2MzFDta1c CSzyZrVTefIcJq 4/kF5D29VV 54PhURVHoe12yz1MIsHm1UWhO 9T2TfCWTG/.../m64znH3VFtsoPrhlSwykWktlbGN (zippyshare.com - wifi-password-hacker-pro-2014.apk.exe)

The following 2 files have been seen to comunicate with a.settercenter.link in live environments.

TCP » 52.11.167.137:80

TCP » 52.27.128.56:80

TCP » 52.27.128.59:80

TCP » 52.27.128.62:80

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.