home

a.forceaggregator.xyz

Domain Information

Server location:
Jihocesky Kraj, Czech Republic (CZ)

ASN:
AS60592 GRANSY Gransy s.r.o.,CZ

Root domain:
forceaggregator.xyz

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Win.Reputation.IMP
100.00%

The domain a.forceaggregator.xyz has been seen to resolve to the following 2 IP addresses.

185.28.193.192
192.193.28.185.gransy.com
June 4, 2016

31.170.178.179
June 4, 2016

File downloads found at URLs served by a.forceaggregator.xyz.

1 / 68      (Malware)
http://a.forceaggregator.xyz/hp/?q=e209Xk9S79ToWIKEG pljVLLfRbjbsEfs88c2UxJsV230RSVfICrQw25eqMXKwOELq1e1aBn5MHRKaAZqYxH/7jBbryf9P2Swpu4/kq2tTt6Zk7SrO7JpF76nm57AKeJq/FIGUjmFR/ 8Vbbej9zgdgZv0NN9bDW7vrVzDhsBq6ufzVV15h6Ye2ZtZF8VR x0YcSIxskr H6hR1gIm3InPwMi8hQq4 cT1iYoXKxPnUWbREy6VM25S5Fcm3fOj178FnbhF8u84qRMJnzt0SsNCEldK408vel0r7UKCQG/L4CulmbgcoyqxoBgm54AEc77OpHGN4NbKU788IYQN/w4wfFWOGDt5K7kGKHW8KTw07pXbgWaZUBT6ViTX86wRPXNycxLIlvAUm0h/HAcgoVO87ibTm4 ZI2UP6Xd7GPtIjc3sL4FZJGQZyXxSPUHVTIu3kz/TEU2ZANMEjDaI4sLBjPOFShH/HCwtN6WoriTyNCJYQJAqqjQFwJDMkWfnINSq0OgsHKXdlQGxEPziQR0td/l5i51QtAnIxQRuT/FuKUjcX6MmTh4wfQosjv9FVqiq07d73SeDfaaz9WKUrHYWZZEktt8zSSFJtp/.../Gnj5lgGry8fctQY8stM 23GWltDXBMFHLUwff  (frase_ para ti.exe)

1 / 68      (Malware)
http://a.forceaggregator.xyz/hp/?q=uHLnk/tkeDeKvABCDWPQSov SiNYJ232yR9y/xe05lZEfqBIUdZ3 E 9RlMI4WihTG9p5OtNesVez4HLMO1PoYL719dBbYNLUOmD/59L2dsSI9Ii9pLw05gwXN 00qHkoA9HN/I21QAr6DLOINRbvc51RYwHwf1J55GQUH9MpIa9CSElxt4Syo IpVUD8O944jq3s/1lgEdCOW9VovMsWUUvbyiVfOiknPyVCXwnQ5iXs8U31Da527Fg8eG2JZnkHAbffTFVaLeuqO7oiBVw4Exs5gCbzBR4VpnTBZfbSfH5BjhQFV1fp2oVnM7p37T6 elfZJgHsd1 41/ogB23nmdOY2MR223mx63e/S xuv4FNLYNPtnc4aOqcvAI1VbQiyUCpCqgcI125GCXNLBUWnL rE8LOrmrghvB6dECUcbDmxn8OKzC1 o8BJrkE wrcsImkyhsyLU8JSr4vVSJTH5rCnucsl4ww7tTYD24fPNpVFHWqDl4kkNjBHxKBmlEZ2uT9yac7MOFaOaG74jdV6MOvnuTs5GUvb6S85vkGTDMWDgw0g/rDsm9AlTyQC5I5WhOYIZUKt7Yrifpsf qlVLNM XDHjhi2ObYmPXrNtqPPor53GNL6b1rc8IYOdb nyVp3kjdKm/Kmvs63BZwm3zF8e1Woc53MnZpaJRpsQIVpyvI7fiCKMDcEtn0eZGDNnEqSJSY /.../Z 2qjvoAozONrR5dNpFsWR8cw  (caminaras_con_el_sol_-_alfonso_mateo-sagasta.exe)

1 / 68      (Malware)
http://a.forceaggregator.xyz/hp/?q=2TwgRxXJ/3KRl xztvg7Le5wiyPGFAz03gsNi D ahVidvoLhzuXV92SoR/j6OfJ537Ta4slGbX1vKd7RjXKSMJquKzff4ff/YxpCozZvfmr6cvJq0NkxANrQp9V/XOC2VTuAjVxAS1K9VsbdLdZva1/Dg0O2E6zqy5bWx62vhzsWrWA/ylWDAomQjHGoLynof4VqeMwv9Q2nt74MRBJOiua0vfubi7pwpdBneILmWqm4i9i1HU4od29xCk6XYrmnN7AK2HZHboRxGXfEeC6wIQ7U35lKdloghrfzuz7U5xdXTwA6YSuY3x YwMKh67vfbK5DXf/6lWgr6W pcvFY1eMY5hJRFpn3L4hbzAAno2s1 h7AS3iBa4ceZJPV2mAZ/lf5oMaZSJn9r1DZzD7px62e5QBpqFCXljlGPFKFJtnJT3M58mP3aq0iQlu4Yrx1nP9zCsPOkmKpmV2 52E8SgmvhQQMg8wLLgwBaTGCaKYGvjbou2sAWNJo G9DyqVXLbKr85/Zwhvc14ih9Mfs/.../Jd  (tf2teleporter-1.7.10.jar.exe)

The following 21 files have been seen to comunicate with a.forceaggregator.xyz in live environments.

TCP » 185.28.193.192:80
mdquickyksvc.exe (ModenQuick Service by PT. USENET)

TCP » 185.28.193.192:80
mdruyksvc.exe (ModernRu Service by PT. USENET)

TCP » 185.28.193.192:80
winmbskillssvc.exe (MobinSkills Service by PT.USENET)

TCP » 185.28.193.192:80
triggerlogs.exe

TCP » 185.28.193.192:80
wdm.bin

TCP » 185.28.193.192:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 185.28.193.192:80
winmbtuscasvc.exe (MobinTusca Service by PT.USENET)

TCP » 185.28.193.192:80
online-guardian-v2.0.9.exe

TCP » 185.28.193.192:80
Downloader.exe (Downloader)

TCP » 185.28.193.192:80
onlineguardian-v2.exe

TCP » 185.28.193.192:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 185.28.193.192:80
d9re-markablep23.exe

TCP » 185.28.193.192:80
winzillsvc.exe (ModenZill Service by PT.USENET)

TCP » 185.28.193.192:80
online-guardian.exe

TCP » 185.28.193.192:80
online-guardian-v2.exe

TCP » 185.28.193.192:80
update.exe (by Winner Updater Solutions)

TCP » 185.28.193.192:80
windilandsvc.exe (ModinLand Service by PT.USENET)

TCP » 185.28.193.192:80
windihepssvc.exe (ModinHeps Service by PT.USENET)

TCP » 185.28.193.192:80
windimixsvc.exe (ModinMix Service by PT.USENET)

TCP » 185.28.193.192:8000
buool.exe (LgGJSHMt)

 
Latest 20 of 21 files

always-wind.xyz

any-unix.xyz

app-match.xyz

bar-best.xyz

birdieu.xyz

birdle.xyz

contextdiscount.xyz

contract-your.xyz

creatorhelpusa.xyz

dljquery.net

dog-clock-north.xyz

downloader-toolbar.info

downloads-toolbar.info

fajdmr.com

fastwindowlink.xyz

find-laboratory.xyz

findermultiple.xyz

firmproviders.xyz

fleshplayers.xyz

forcefinaljob.xyz

goodgrab.xyz

groupparent.xyz

job-version-ios.xyz

masterests.xyz

muchotorrente.com

mysticed.xyz

north-system.xyz

operatorteam.xyz

position-title.xyz

sendard.xyz

30 of 34 related domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.