home

a.sendard.xyz

Domain Information

Server location:
Jihocesky Kraj, Czech Republic (CZ)

ASN:
AS60592 GRANSY Gransy s.r.o.,CZ

Root domain:
sendard.xyz

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Win.Reputation.IMP
100.00%

The domain a.sendard.xyz has been seen to resolve to the following 2 IP addresses.

185.28.193.192
192.193.28.185.gransy.com
August 9, 2016

31.170.178.179
August 9, 2016

File downloads found at URLs served by a.sendard.xyz.

1 / 68      (Malware)
http://a.sendard.xyz/hp/?q=ulMzvzVFMlu3HwysurhP0FLZ2sCPaJcK18T1oQlb6nJ/r3Gg72NzcZ EEbYJ3rI6kHwF8U5C4xFtZdgL4HAQF3DABla73MmNWYE QokwOgwNf23mzctPjhJGYanH7AmbkHMFOJ7ZOyUDC2Y7pOmp1x70t4A02LXAoxCOpFGFAvUZCy TjZk/F AvzF22EiLDOyS0ApLyHhf/9r5c/rMqjSKxRm47A0RnyXQu4dXjTCCWE7Z8 QOHuajFKqZMwDAJaiK0NoRCUjFGhI2woSwrHAVqlzi1J7w8O92pziF9tW8dOgYz0hZuXqOyYVEAD851JuEpjW7mTvfbixRHrjVItLdMtsFTzGZLmzsjW/up00Rc1sukfTHTKPLSNB919lGqoLxcerxOiXWcTt3nzqvzm U0BcSAEfNSrbyxuSue8dALLNIdLmxPMUOEQDrkwyj3 xKB5tlFYl1sM27z6YZGPS0chqaVhqDdaMM0C9ezBY3nJ yW4ing2mI3r6kxKfLNlJ6fBUglesWXmtDYYACDQr2Ski/6ScgMhtWfyM0axKOrvVjWkj35KcWFoyutNwZzHs/lfFIX/pnpatQDJLjEyqYJZCIbeDadeFJczUbX7i6Rt0LMsd5wKABVny0HOu0AhgqIf4AaMpHpOe6/.../hiKrj5WhKS2Kr&external_id=1435335093825013045  (kid-cannabis-rum-6084441.exe)

1 / 68      (Malware)
http://a.sendard.xyz/hp/?q=738R3jATYlVW/XZTVNGr3d2Q5HoBCvIvXF59Q/q26DXHzZYEaIXQ2jvoHet/7JNdxfqJ9UgHBPs8Zd7XOqyTdgvfmGa5rv/Htr4UgLk1VNLnBj1zDcorv2oWZ2ynBzfzjsMEYDZzOyKAtlr X915WGnCKWY79W5/3Ni/vsE95lLAQ 7m4o51K4 dxX8wdqvTYiuiSNpNr4ZlhQDw6JbUQXZlnHZ05wqjW7aIBqlRRaqnQE3JQ rH97K7wiZzNihUmeLna4F4NaNLiwxKGp91BnN6dhTIV7Vp5Cr96zPCFAx95CpmnZFOs/7lxlipDkyef8zVmFLgTGB/YHIfzcd0J/Xp9WeCfI76vwE9Wb7lS 7tUDYilC4P4kqDHVJP6JZAoIbqCxWA27HTenFVWaiTjbhgzLZYrVNYq/upqYT9uvnO/53VXvAyW 5s o5DcXqD4DNmI3ZgciTaULwmtQ/mTU06/XLzjtS8HwOuullCHnYhfRDlSQddNl7ZbA grWVp3lxR09tsozNDnYQKZ9tDo1P7IP 3bhOUpSIOHxrpK/uo83/.../iCcxo7hNm54gQpoTVClk&external_id=1435335218670107925  (kid-cannabis-ara-6176685.exe)

1 / 68      (Malware)
http://a.sendard.xyz/hp/?q=R84TNMYK17kjfXZTVNGvMrGF8EeMcVp7WNojAhx7g2y5eA1 xccAH4VF0R8rZ69GQCXL8lUrjahsz4Nnlp4m34A/tJVB1Sf1HLPFOJ6XcEWfDmRdLTy5JypqeXpdm Sdw8Lwj2hQmNVtB9S3b0yXceriZeRrjFIW8iJwlUzENSWFqYxsNZKUPt1dobtZT5oHlVsaS0KX712ysPYj5kCYihn0ok 5/a25nZimBwSt V aiCpGN0pNNB/J3csJIjsc3Qy0o/x69GgHzI5fY2rLdm707lCvix88t7bWWRXnx5yQzZpayL37z7BFhSHatTXfOi5RP1ngJLuulQ1c jqXBrGHb/w51SxX60gfY5a8s9ExieCw28LpjJ5rLAozVzLbdQou KKQwEDra1OBssljNOiGr yJixWEGUtR69Hwe0kp2L/74jrD8 HeFtnV5eiXKhH5V0pz7Ac yeqmd Bo7pUQ0kJ30RZhSsWVEiKq pGPTesdbLosS0CZV8g2MzB fl9Jn5 BqLLMaFDnKgLx7I5Iwe3AqMk oBAcHczEDk9Ayv0lrUqEtSt/EyVB9KHt92RWB8yXm3tRi6G9iGWBebasKUy/8XIYZHLGbHGL9WBT7viaRpWuTnw3apF82Uk7QiKUXyZ0Ce3T/6ki2v3TCVpUEZoKXBTaOBHQULsxhhjgI8BPVwZplEBTaiQ2FBO7tzzPyVK/QtMnqUYcuEe8u6/mH9HthVTb4UqLw wYA3kA/.../hgWPOHVZLqC7ToknQQpolZYp 3Uub1&external_id=1435332799836107632  (dj pain 1 summer 2013 loops.exe)

The following 21 files have been seen to comunicate with a.sendard.xyz in live environments.

TCP » 185.28.193.192:80
mdquickyksvc.exe (ModenQuick Service by PT. USENET)

TCP » 185.28.193.192:80
mdruyksvc.exe (ModernRu Service by PT. USENET)

TCP » 185.28.193.192:80
winmbskillssvc.exe (MobinSkills Service by PT.USENET)

TCP » 185.28.193.192:80
triggerlogs.exe

TCP » 185.28.193.192:80
wdm.bin

TCP » 185.28.193.192:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 185.28.193.192:80
winmbtuscasvc.exe (MobinTusca Service by PT.USENET)

TCP » 185.28.193.192:80
online-guardian-v2.0.9.exe

TCP » 185.28.193.192:80
Downloader.exe (Downloader)

TCP » 185.28.193.192:80
onlineguardian-v2.exe

TCP » 185.28.193.192:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 185.28.193.192:80
d9re-markablep23.exe

TCP » 185.28.193.192:80
winzillsvc.exe (ModenZill Service by PT.USENET)

TCP » 185.28.193.192:80
online-guardian.exe

TCP » 185.28.193.192:80
online-guardian-v2.exe

TCP » 185.28.193.192:80
update.exe (by Winner Updater Solutions)

TCP » 185.28.193.192:80
windilandsvc.exe (ModinLand Service by PT.USENET)

TCP » 185.28.193.192:80
windihepssvc.exe (ModinHeps Service by PT.USENET)

TCP » 185.28.193.192:80
windimixsvc.exe (ModinMix Service by PT.USENET)

TCP » 185.28.193.192:8000
buool.exe (LgGJSHMt)

 
Latest 20 of 21 files

always-wind.xyz

any-unix.xyz

app-match.xyz

bar-best.xyz

birdieu.xyz

birdle.xyz

contextdiscount.xyz

contract-your.xyz

creatorhelpusa.xyz

dljquery.net

dog-clock-north.xyz

downloader-toolbar.info

downloads-toolbar.info

fajdmr.com

fastwindowlink.xyz

find-laboratory.xyz

findermultiple.xyz

firmproviders.xyz

fleshplayers.xyz

forceaggregator.xyz

forcefinaljob.xyz

goodgrab.xyz

groupparent.xyz

job-version-ios.xyz

masterests.xyz

muchotorrente.com

mysticed.xyz

north-system.xyz

operatorteam.xyz

position-title.xyz

30 of 34 related domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.