home

a.contextdiscount.xyz

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
contextdiscount.xyz

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Win.Reputation.IMP
100.00%

Emsisoft Anti-Malware
Gen:Variant.Adware.MPlug.51
33.33%

F-Secure
Gen:Variant.Adware.MPlug
33.33%

Lavasoft Ad-Aware
Gen:Variant.Adware.MPlug.51
33.33%

Norman
Gen:Variant.Adware.MPlug.51
33.33%

MicroWorld eScan
Gen:Variant.Adware.MPlug.51
33.33%

McAfee
Multiplug-FAD
33.33%

Malwarebytes
PUP.Optional.Multiplug
33.33%

K7 AntiVirus
Unwanted-Program
33.33%

Arcabit
Trojan.Adware.MPlug.51
33.33%

avast!
Win32:MultiPlug-AAE [PUP]
33.33%

Bitdefender
Gen:Variant.Adware.MPlug.51
33.33%

AhnLab V3 Security
PUP/Win32.MultiPlug
33.33%

G Data
Gen:Variant.Adware.MPlug.51
33.33%

Vba32 AntiVirus
suspected of Heur.Malware-Cryptor.Multiplug
33.33%

The domain a.contextdiscount.xyz has been seen to resolve to the following 5 IP addresses.

185.28.193.192
192.193.28.185.gransy.com
July 27, 2016

31.170.178.179
July 27, 2016

52.26.142.237
ec2-52-26-142-237.us-west-2.compute.amazonaws.com
June 26, 2015

52.26.130.111
ec2-52-26-130-111.us-west-2.compute.amazonaws.com
June 26, 2015

52.25.121.207
ec2-52-25-121-207.us-west-2.compute.amazonaws.com
June 26, 2015

File downloads found at URLs served by a.contextdiscount.xyz.

1 / 68      (Malware)
http://a.contextdiscount.xyz/hp/?q=adk79HeCW8a3ynikg0fErPT6cY9lCIjD vrlhFgMHVZ1MIfbTmpHG/.../yBYfkF0nPoBgUYMLaIrKZMsZ9NCfaJ8R4uGJIzagNM1C9ecJWzgKzkh  (download.exe)

1 / 68      (Malware)
http://a.contextdiscount.xyz/hp/?q=vMp4wDygWux8CDWYSULM8FEEp6rERcMqxq4hoZAjKnoO00 I3zeLRL3O7b8Sm cU PMZrjr4hq7lnx5F5 ac/Jc8QFK1CR4dzPHRpN oYXHdxIxOIiRlqsjkB3V/eNFxkt7meEbIp0PZTpb1itzpD2c500rqAFrpMVN27BBIAoFPgacDJh1/P4TzobwiSSW4F3sQTmOOpIQI3u7o St6H2YPjp/.../FtpjhFHemuRgkXjIM x5fYWqT9Limt7 mOEXXdGYmd  (download.exe)

20 / 68    (PUP)
http://a.contextdiscount.xyz/hp/?q=6r7P2rur82sL ABCDWPQ2Oqo4nrLdmfIsvPP er FEhP hhuNCbVu5h0k10VeetMgV Z8 /TzgX88rEVCvcMAQzGX9ZHPX/.../poBR0Wn5CGb95JGduii0z2KVIu0ObGLuSnbqw9GF8VAFw8FBcxX8K0M3VbYoVqpaI3bIc1CMBNvX5IYJ52V0TG3IriiszzIY6phQDID7bDfq625Iv0Q7rG6VdW Wt8aObuOEBWw85Ar1ReTHgJLamO7yBueG4VcakhBS  (vso convertxtodvd 5.2.exe)

The following 21 files have been seen to comunicate with a.contextdiscount.xyz in live environments.

TCP » 185.28.193.192:80
mdquickyksvc.exe (ModenQuick Service by PT. USENET)

TCP » 185.28.193.192:80
mdruyksvc.exe (ModernRu Service by PT. USENET)

TCP » 185.28.193.192:80
winmbskillssvc.exe (MobinSkills Service by PT.USENET)

TCP » 185.28.193.192:80
triggerlogs.exe

TCP » 185.28.193.192:80
wdm.bin

TCP » 185.28.193.192:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 185.28.193.192:80
winmbtuscasvc.exe (MobinTusca Service by PT.USENET)

TCP » 185.28.193.192:80
online-guardian-v2.0.9.exe

TCP » 185.28.193.192:80
Downloader.exe (Downloader)

TCP » 185.28.193.192:80
onlineguardian-v2.exe

TCP » 185.28.193.192:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 185.28.193.192:80
d9re-markablep23.exe

TCP » 185.28.193.192:80
winzillsvc.exe (ModenZill Service by PT.USENET)

TCP » 185.28.193.192:80
online-guardian.exe

TCP » 185.28.193.192:80
online-guardian-v2.exe

TCP » 185.28.193.192:80
update.exe (by Winner Updater Solutions)

TCP » 185.28.193.192:80
windilandsvc.exe (ModinLand Service by PT.USENET)

TCP » 185.28.193.192:80
windihepssvc.exe (ModinHeps Service by PT.USENET)

TCP » 185.28.193.192:80
windimixsvc.exe (ModinMix Service by PT.USENET)

TCP » 185.28.193.192:8000
buool.exe (LgGJSHMt)

 
Latest 20 of 21 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.