home

get.wishdropjh.bid

Domain Information

Server location:
Virginia, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
wishdropjh.bid

Scanner detections:
Detections  (80% detected)

Scan engine
Details
Detections

Reason Heuristics
Adware.Bundle
100.00%

The domain get.wishdropjh.bid has been seen to resolve to the following 19 IP addresses.

54.230.193.86
server-54-230-193-86.iad53.r.cloudfront.net
September 1, 2016

54.230.193.75
server-54-230-193-75.iad53.r.cloudfront.net
September 1, 2016

54.230.193.72
server-54-230-193-72.iad53.r.cloudfront.net
September 1, 2016

54.230.193.58
server-54-230-193-58.iad53.r.cloudfront.net
September 1, 2016

54.230.193.211
server-54-230-193-211.iad53.r.cloudfront.net
September 1, 2016

54.230.193.190
server-54-230-193-190.iad53.r.cloudfront.net
September 1, 2016

54.230.193.181
server-54-230-193-181.iad53.r.cloudfront.net
September 1, 2016

54.230.193.135
server-54-230-193-135.iad53.r.cloudfront.net
September 1, 2016

52.84.125.18
server-52-84-125-18.iad16.r.cloudfront.net
August 27, 2016

52.84.125.233
server-52-84-125-233.iad16.r.cloudfront.net
August 27, 2016

52.84.125.184
server-52-84-125-184.iad16.r.cloudfront.net
August 27, 2016

52.84.125.234
server-52-84-125-234.iad16.r.cloudfront.net
August 21, 2016

52.84.125.164
server-52-84-125-164.iad16.r.cloudfront.net
August 21, 2016

52.84.125.154
server-52-84-125-154.iad16.r.cloudfront.net
August 21, 2016

52.84.125.125
server-52-84-125-125.iad16.r.cloudfront.net
August 21, 2016

52.84.125.103
server-52-84-125-103.iad16.r.cloudfront.net
August 21, 2016

52.84.125.65
server-52-84-125-65.iad16.r.cloudfront.net
August 21, 2016

52.84.125.31
server-52-84-125-31.iad16.r.cloudfront.net
August 21, 2016

52.84.125.16
server-52-84-125-16.iad16.r.cloudfront.net
August 21, 2016

File downloads found at URLs served by get.wishdropjh.bid.

1 / 68      (PUP)
http://get.wishdropjh.bid/?647VHb9ipgkVGJTt_SLASH_phv86H6eMaZZIypNvW4MZPx_PLUS_8w_EQUALS_  (free download games gta san andreas full version for pc-laptop _ kempretan blog.exe)

1 / 68      (PUP)
http://get.wishdropjh.bid/?sg2neNzpKJZ_SLASH_PbJiCxHLZNrmfWxeJ5J0RZo19joGsVc_EQUALS_  (free download games gta san andreas full version for pc-laptop _ kempretan blog.exe)

0 / 68
http://get.wishdropjh.bid/?gnCv5c_PLUS_PS_SLASH_y3he6QE6FWQy1yfBNbyG9nRwfLWho3p6Yk3y0e5bpxOxV6KhwRZdka&flp=1  (adobe_flash_player.exe.img)

1 / 68      (PUP)
http://get.wishdropjh.bid/?g1vDxm0XC6Fxb2jjNIMJ_PLUS_63XzxQGQ89xVd47Y1wAStE_EQUALS_  (f1 2015 full version pc game download free.exe)

1 / 68      (PUP)
http://get.wishdropjh.bid/?rLHXwjw4_SLASH_r3u8cSEDMw_PLUS_8U4kJ51CjTDqVpSqk2ARNUI_EQUALS_  (snapchat account hacker tool working bot cheats no surveys.exe)

The following 22 files have been seen to comunicate with get.wishdropjh.bid in live environments.

TCP » 52.84.125.125:80
se.exe

TCP » 52.84.125.18:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.125:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.18:80
bobrowser.exe (BoBrowser by The BoBrowser Authors)

TCP » 52.84.125.234:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.154:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.164:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.84.125.125:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.154:80
Mobogenie.exe (Mobogenie by Mobogenie.com)

TCP » 52.84.125.16:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.65:80
Trezaa.Service.exe (Trezaa.Service by Microsoft)

TCP » 52.84.125.184:80
browser.exe (Browser)

TCP » 52.84.125.164:80
browser.exe (Browser)

TCP » 52.84.125.234:443
online-guardian-v2.0.9.exe

TCP » 52.84.125.234:443
browser.exe (Speed Browser by Long Mile Solutions)

TCP » 54.230.193.75:443
online-guardian-v2.0.9.exe

TCP » 52.84.125.125:80
browser.exe (Speed Browser by Smart Applications)

TCP » 52.84.125.125:443
ManyCam.exe (ManyCam Virtual Webcam by Visicom Media)

TCP » 52.84.125.154:80
Mobogenie.exe (Mobogenie by Mobogenie.com)

TCP » 52.84.125.154:443
online-guardian-v2.0.9.exe

 
Latest 20 of 46 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.