» get.ysshortdisru.bid
Overview
Analysis
IPs Addresses (8)
Downloads (1)
Network (20)

get.ysshortdisru.bid

Domain Information

Server location:

Washington, United States (US)

ASN:

AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:

ysshortdisru.bid

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

Reason Heuristics

Adware.Bundle

100.00%

The domain get.ysshortdisru.bid has been seen to resolve to the following 8 IP addresses.

server-52-84-125-69.iad16.r.cloudfront.net

September 16, 2016

server-52-84-125-65.iad16.r.cloudfront.net

September 16, 2016

server-52-84-125-7.iad16.r.cloudfront.net

September 16, 2016

server-52-84-125-212.iad16.r.cloudfront.net

September 16, 2016

server-52-84-125-174.iad16.r.cloudfront.net

September 16, 2016

server-52-84-125-157.iad16.r.cloudfront.net

September 16, 2016

server-52-84-125-126.iad16.r.cloudfront.net

September 16, 2016

server-52-84-125-124.iad16.r.cloudfront.net

September 16, 2016

File downloads found at URLs served by get.ysshortdisru.bid.

1 / 68 (PUP)

http://get.ysshortdisru.bid/?gaA75LBQrZQ78XAnBmiycGVD_SLASH_kG5Q_SLASH_cdHCy1Zzt8Krk_EQUALS_ (the.legend.of.tarzan.2016.hd-ts.mazika2day.com.mkv.exe)

The following 20 files have been seen to comunicate with get.ysshortdisru.bid in live environments.

TCP » 52.84.125.126:80

crossbrowse.exe (Crossbrowse)

TCP » 52.84.125.174:80

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.84.125.126:80

TCP » 52.84.125.174:443

citrio.exe (Citrio by CatalinaGroup)

TCP » 52.84.125.126:80

browser.exe (Browser)

TCP » 52.84.125.65:80

Trezaa.Service.exe (Trezaa.Service by Microsoft)

TCP » 52.84.125.174:443

new_chrome.exe (BoBrowser by The BoBrowser Authors)

TCP » 52.84.125.174:443

UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.7:443

1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

TCP » 52.84.125.174:80

browser.exe (Browser)

TCP » 52.84.125.157:443

TCP » 52.84.125.157:80

Trezaa.Service.exe (Trezaa.Service by Microsoft)

TCP » 52.84.125.157:443

online-guardian-v2.0.9.exe

TCP » 52.84.125.157:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.174:443

UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.174:80

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.84.125.212:443

UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.212:80

Trezaa.Service.exe (Trezaa.Service by Microsoft)

TCP » 52.84.125.65:80

niches.exe (Niches)

TCP » 52.84.125.7:443

stormwatchapp.exe

Latest 20 of 44 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.