home

get.oncussionhj.bid

Domain Information

Server location:
Washington, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
oncussionhj.bid

The domain get.oncussionhj.bid has been seen to resolve to the following 16 IP addresses.

54.192.19.229
server-54-192-19-229.iad12.r.cloudfront.net
August 22, 2016

54.192.19.223
server-54-192-19-223.iad12.r.cloudfront.net
August 22, 2016

54.192.19.149
server-54-192-19-149.iad12.r.cloudfront.net
August 22, 2016

54.192.19.139
server-54-192-19-139.iad12.r.cloudfront.net
August 22, 2016

54.192.19.57
server-54-192-19-57.iad12.r.cloudfront.net
August 22, 2016

54.192.19.47
server-54-192-19-47.iad12.r.cloudfront.net
August 22, 2016

54.192.19.26
server-54-192-19-26.iad12.r.cloudfront.net
August 22, 2016

54.192.19.244
server-54-192-19-244.iad12.r.cloudfront.net
August 22, 2016

52.84.125.103
server-52-84-125-103.iad16.r.cloudfront.net
August 21, 2016

52.84.125.65
server-52-84-125-65.iad16.r.cloudfront.net
August 21, 2016

52.84.125.31
server-52-84-125-31.iad16.r.cloudfront.net
August 21, 2016

52.84.125.16
server-52-84-125-16.iad16.r.cloudfront.net
August 21, 2016

52.84.125.234
server-52-84-125-234.iad16.r.cloudfront.net
August 21, 2016

52.84.125.164
server-52-84-125-164.iad16.r.cloudfront.net
August 21, 2016

52.84.125.154
server-52-84-125-154.iad16.r.cloudfront.net
August 21, 2016

52.84.125.125
server-52-84-125-125.iad16.r.cloudfront.net
August 21, 2016

File downloads found at URLs served by get.oncussionhj.bid.

2 / 68      (inconclusive)
http://get.oncussionhj.bid/?lIAPIwjPG0D_PLUS_RyaaeRHG_SLASH_T8nctc0XyJx3wWtoVQNXsA_EQUALS_  (adobe_flash_player.exe.exe)

1 / 68      (PUP)
http://get.oncussionhj.bid/?iO2Ag6yE0QZq1NB2s3UR2vH4Ltr0Z36BaEH1k1407Ps_EQUALS_  (eset nod32 antivirus 9.0.386.1 full.exe)

The following 112 files have been seen to comunicate with get.oncussionhj.bid in live environments.

TCP » 54.192.19.57:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 54.192.19.244:443
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

TCP » 52.84.125.125:80
se.exe

TCP » 54.192.19.229:443
online-guardian-v2.0.9.exe

TCP » 54.192.19.26:80
saber.exe

TCP » 54.192.19.26:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.19.57:443
online-guardian-v2.0.9.exe

TCP » 54.192.19.57:80
ed2k.exe (aMule by http://www.amule.org/)

TCP » 54.192.19.244:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.19.149:443
new_chrome.exe (1stBrowser by The 1stBrowser Authors)

TCP » 54.192.19.244:80
messengertime.exe

TCP » 52.84.125.125:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.19.229:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.19.26:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.19.57:443
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

TCP » 54.192.19.139:80
uvconverter.exe (TODO: <Product name> by TODO: <Company name>)

TCP » 54.192.19.139:80
saber.exe

TCP » 54.192.19.229:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.19.57:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.234:443
UCBrowser.exe (UC Browser by UCWeb)

 
Latest 20 of 169 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.