home

go.avengingf.space

Domain Information

Server location:
Washington, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
avengingf.space

Scanner detections:
Detections  (75% detected)

Scan engine
Details
Detections

Norman
Gen:Variant.Midie.9564
100.00%

ESET NOD32
Win32/IStartSurf.X potentially unwanted application
66.67%

Reason Heuristics
PUP.IStartSurf
33.33%

avast!
Win32:Rootkit-gen [Rtk]
33.33%

The domain go.avengingf.space has been seen to resolve to the following 16 IP addresses.

52.85.142.24
server-52-85-142-24.iad12.r.cloudfront.net
May 31, 2016

52.85.142.226
server-52-85-142-226.iad12.r.cloudfront.net
May 31, 2016

52.85.142.216
server-52-85-142-216.iad12.r.cloudfront.net
May 31, 2016

52.85.142.182
server-52-85-142-182.iad12.r.cloudfront.net
May 31, 2016

52.85.142.125
server-52-85-142-125.iad12.r.cloudfront.net
May 31, 2016

52.85.142.113
server-52-85-142-113.iad12.r.cloudfront.net
May 31, 2016

52.85.142.56
server-52-85-142-56.iad12.r.cloudfront.net
May 31, 2016

52.85.142.42
server-52-85-142-42.iad12.r.cloudfront.net
May 31, 2016

52.85.131.119
server-52-85-131-119.iad53.r.cloudfront.net
May 28, 2016

52.85.131.60
server-52-85-131-60.iad53.r.cloudfront.net
May 28, 2016

52.85.131.14
server-52-85-131-14.iad53.r.cloudfront.net
May 28, 2016

52.85.131.208
server-52-85-131-208.iad53.r.cloudfront.net
May 28, 2016

52.85.131.202
server-52-85-131-202.iad53.r.cloudfront.net
May 28, 2016

52.85.131.151
server-52-85-131-151.iad53.r.cloudfront.net
May 28, 2016

52.85.131.142
server-52-85-131-142.iad53.r.cloudfront.net
May 28, 2016

52.85.131.141
server-52-85-131-141.iad53.r.cloudfront.net
May 28, 2016

File downloads found at URLs served by go.avengingf.space.

0 / 68
http://go.avengingf.space/?s=co&ses=509075804147869376&flp=1  (office timeline plus edition keygen.exe.iso)

3 / 68      (PUP)
http://go.avengingf.space/?ses=910682119894772768  (sniper ghost 2 pc full version.exe)

2 / 68      (PUP)
http://go.avengingf.space/?ses=687657122965902080  (sniper ghost 2 pc full version.exe)

2 / 68      (PUP)
http://go.avengingf.space/?ses=589048580732196544  (sniper ghost 2 pc full version.exe)

The following 18 files have been seen to comunicate with go.avengingf.space in live environments.

TCP » 52.85.142.216:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.216:80
Mobogenie.exe (Mobogenie by Mobogenie.com)

TCP » 52.85.142.216:80
Mobogenie.exe (Mobogenie by Mobogenie.com)

TCP » 52.85.142.182:80
UCBrowser.exe (by UCWeb)

TCP » 52.85.142.56:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.42:80
ssn.exe (ssn)

TCP » 52.85.142.125:443
browserairexec.exe (BrowserAir by Goobzo)

TCP » 52.85.142.56:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.56:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.85.142.182:443
whatsapptime.exe

TCP » 52.85.142.182:80
Mobogenie.exe (Mobogenie by Mobogenie.com)

TCP » 52.85.142.216:443
browser.exe (Browser)

TCP » 52.85.142.226:443
clearscreenplayer.exe (ClearScreen Player)

TCP » 52.85.142.113:80
Trezaa.Service.exe (Trezaa.Service by Microsoft)

TCP » 52.85.142.125:443
Allmyapps.exe (Allmyapps Desktop by Allmyapps)

TCP » 52.85.142.125:443
clearscreenplayerbrowser.exe

TCP » 52.85.142.216:443
online-guardian-v2.0.9.exe

TCP » 52.85.142.216:443
ssn.exe (ssn)

TCP » 52.85.142.216:443
online-guardian-v2.0.9.exe

TCP » 52.85.142.24:443
wdm.bin

 
Latest 20 of 37 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.