» get.ualexcessh.club
Overview
Analysis
IPs Addresses (8)
Downloads (1)
Network (17)

get.ualexcessh.club

Domain Information

Server location:

Washington, United States (US)

ASN:

AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:

ualexcessh.club

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

Reason Heuristics

Adware.iStartSurf

100.00%

The domain get.ualexcessh.club has been seen to resolve to the following 8 IP addresses.

server-52-84-125-101.iad16.r.cloudfront.net

August 7, 2016

server-52-84-125-88.iad16.r.cloudfront.net

August 7, 2016

server-52-84-125-58.iad16.r.cloudfront.net

August 7, 2016

server-52-84-125-53.iad16.r.cloudfront.net

August 7, 2016

server-52-84-125-245.iad16.r.cloudfront.net

August 7, 2016

server-52-84-125-174.iad16.r.cloudfront.net

August 7, 2016

server-52-84-125-147.iad16.r.cloudfront.net

August 7, 2016

server-52-84-125-107.iad16.r.cloudfront.net

August 7, 2016

File downloads found at URLs served by get.ualexcessh.club.

1 / 68 (PUP)

http://get.ualexcessh.club/?affId=1522&instId=941&appTitle=Alice In Chains Dirt (alice in chains dirt.exe)

The following 17 files have been seen to comunicate with get.ualexcessh.club in live environments.

TCP » 52.84.125.174:80

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.84.125.174:443

citrio.exe (Citrio by CatalinaGroup)

TCP » 52.84.125.101:80

Mobogenie.exe (Mobogenie by Mobogenie.com)

TCP » 52.84.125.174:443

new_chrome.exe (BoBrowser by The BoBrowser Authors)

TCP » 52.84.125.101:80

Mobogenie.exe (Mobogenie by Mobogenie.com)

TCP » 52.84.125.174:443

UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.147:80

beamrise.exe (Beamrise by The Beamrise Authors)

TCP » 52.84.125.107:443

browser.exe (Browser)

TCP » 52.84.125.174:80

browser.exe (Browser)

TCP » 52.84.125.53:80

browser.exe (Browser)

TCP » 52.84.125.174:443

UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.174:80

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.84.125.88:80

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.84.125.107:80

browser.exe (Browser)

TCP » 52.84.125.174:80

secureassist.exe (SecureAssist.exe by SecureAssist)

TCP » 52.84.125.174:443

ManyCam.exe (ManyCam Virtual Webcam by Visicom Media)

TCP » 52.84.125.53:80

Trezaa.Service.exe (Trezaa.Service by Microsoft)

TCP » 52.84.125.53:443

playthruplayer.exe (Playthru Player)

TCP » 52.84.125.58:80

Trezaa.Service.exe (Trezaa.Service by Microsoft)

TCP » 52.84.125.58:443

online-guardian-v2.0.9.exe

Latest 20 of 31 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.