home

b.masterests.xyz

Domain Information

Server location:
Jihocesky Kraj, Czech Republic (CZ)

ASN:
AS60592 GRANSY Gransy s.r.o.,CZ

Root domain:
masterests.xyz

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Win.Reputation.IMP
100.00%

The domain b.masterests.xyz has been seen to resolve to the following 2 IP addresses.

31.170.178.179
July 13, 2016

185.28.193.192
192.193.28.185.gransy.com
July 13, 2016

File downloads found at URLs served by b.masterests.xyz.

1 / 68      (Malware)
http://b.masterests.xyz/hp/?q=T7y0JvzgMGfYeG xztkei2TAMxXTSD8nWlWr/a nqalCB8mCBWbJbFruPXj1ozhNRrfok DCK1 vpGD5J0zo6vJYJz5xxFVx0a7p/kbN1eQBmv1K7IclSta85mmu2N1HeXdgNrRLwUgoC6DqgSHFgfWN/.../8b4iH12g&external_id=1436339276640796364  (download.exe)

1 / 68      (Malware)
http://b.masterests.xyz/hp/?q=zG2XTf6BXsMyTVNPRJz0s BXapTopy62vUx xvKfiTeNkktSSeeYSvv8gIXHlkDooxUiH4A0Zd322t13XJwGk/L4so7qSTEBAkCm48LgtXqLPKuoUO6b75fwYZFqGhrjTNcO2KJGn/GKIJNt3Y/L9/ HaCGT29lF9zR5OfcUciPQY9UfgzuYQtFXqqFPtdQFwuY33pUDPwIjy0P202kgmESzwvgjmyrjEKGuLFzI4D2FVZ sOej7/3bUMBwd6t PwELMpcuZP502RT0yGkhHHmfbNxrb yxdy/xNbo6K/ILp7C8mFpeBOzpJFGVZ55ov4GCd/hu7m4EZYqn3waPj5gVKrsUI6XeIGW 3Sa2hv4pYsjENkeDrK7rCKESDGcsEltfbCqAl3bLIYgt91TGHT7ROotPnmt4 5r1BIRcmbTylfKRJkbVjxLbTjU05d93VskBsxfkeCgZ68p3AjIfQztbm5XN0IZFNa53CDYBDz15Hyad2ziZ54OeCP2jV5vt9RyEyKA48O8BerpTb4dfbvy3Munce5pUPK022MWGqLMpN3O3AbsfiiFoVjakH8GA0DrSqlHDl7yuYqwNKZ/9ESsAroqutjrCGIs7SvX3/iYHxfMNxL4yVKjtAQTCrfOKeT/hwnxKnZNm20J OX6GRjfgcVo5jU0w3CprbpKNU/1cQaijxHBv3vKRifl80r5S1W/TGsNAeZxlZw8dbqzAArLXdp8L42QO6CY4y0NltWHcsEjHcKUnTxxU60Z/.../&external_id=1436280461032973743  (download.exe)

1 / 68      (Malware)
http://b.masterests.xyz/hp/?q=zG2XTf6BXsMyTVNPRJz0s BXapTopy62vUx xvKfiTeNkktSSeeYSvv8gIXHlkDooxUiH4A0Zd322t13XJwGk/L4so7qSTEBAkCm48LgtXqLPKuoUO6b75fwYZFqGhrjTNcO2KJGn/GKIJNt3Y/L9/ HaCGT29lF9zR5OfcUciPQY9UfgzuYQtFXqqFPtdQFwuY33pUDPwIjy0P202kgmESzwvgjmyrjEKGuLFzI4D2FVZ sOej7/3bUMBwd6t PwELMpcuZP502RT0yGkhHHmfbNxrb yxdy/xNbo6K/ILp7C8mFpeBOzpJFGVZ55ov4GCd/hu7m4EZYqn3waPj5gVKrsUI6XeIGW 3Sa2hv4pYsjENkeDrK7rCKESDGcsEltfbCqAl3bLIYgt91TGHT7ROotPnmt4 5r1BIRcmbTylfKRJkbVjxLbTjU05d93VskBsxfkeCgZ68p3AjIfQztbm5XN0IZFNa53CDYBDz15Hyad2ziZ54OeCP2jV5vt9RyEyKA48O8BerpTb4dfbvy3Munce5pUPK022MWGqLMpN3O3AbsfiiFoVjakH8GA0DrSqlHDl7yuYqwNKZ/9ESsAroqutjrCGIs7SvX3/iYHxfMNxL4yVKjtAQTCrfOKeT/hwnxKnZNm20J OX6GRjfgcVo5jU0w3CprbpKNU/1cQaijxHBv3vKRifl80r5S1W/TGsNAeZxlZw8dbqzAArLXdp8L42QO6CY4y0NltWHcsEjHcKUnTxxU60Z/.../&external_id=1436280461032973743  (download.exe)

1 / 68      (Malware)
http://b.masterests.xyz/hp/?q=zG2XTf6BXsMyTVNPRJz0s BXapTopy62vUx xvKfiTeNkktSSeeYSvv8gIXHlkDooxUiH4A0Zd322t13XJwGk/L4so7qSTEBAkCm48LgtXqLPKuoUO6b75fwYZFqGhrjTNcO2KJGn/GKIJNt3Y/L9/ HaCGT29lF9zR5OfcUciPQY9UfgzuYQtFXqqFPtdQFwuY33pUDPwIjy0P202kgmESzwvgjmyrjEKGuLFzI4D2FVZ sOej7/3bUMBwd6t PwELMpcuZP502RT0yGkhHHmfbNxrb yxdy/xNbo6K/ILp7C8mFpeBOzpJFGVZ55ov4GCd/hu7m4EZYqn3waPj5gVKrsUI6XeIGW 3Sa2hv4pYsjENkeDrK7rCKESDGcsEltfbCqAl3bLIYgt91TGHT7ROotPnmt4 5r1BIRcmbTylfKRJkbVjxLbTjU05d93VskBsxfkeCgZ68p3AjIfQztbm5XN0IZFNa53CDYBDz15Hyad2ziZ54OeCP2jV5vt9RyEyKA48O8BerpTb4dfbvy3Munce5pUPK022MWGqLMpN3O3AbsfiiFoVjakH8GA0DrSqlHDl7yuYqwNKZ/9ESsAroqutjrCGIs7SvX3/iYHxfMNxL4yVKjtAQTCrfOKeT/hwnxKnZNm20J OX6GRjfgcVo5jU0w3CprbpKNU/1cQaijxHBv3vKRifl80r5S1W/TGsNAeZxlZw8dbqzAArLXdp8L42QO6CY4y0NltWHcsEjHcKUnTxxU60Z/.../&external_id=1436280461032973743  (download.exe)

The following 21 files have been seen to comunicate with b.masterests.xyz in live environments.

TCP » 185.28.193.192:80
mdquickyksvc.exe (ModenQuick Service by PT. USENET)

TCP » 185.28.193.192:80
mdruyksvc.exe (ModernRu Service by PT. USENET)

TCP » 185.28.193.192:80
winmbskillssvc.exe (MobinSkills Service by PT.USENET)

TCP » 185.28.193.192:80
triggerlogs.exe

TCP » 185.28.193.192:80
wdm.bin

TCP » 185.28.193.192:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 185.28.193.192:80
winmbtuscasvc.exe (MobinTusca Service by PT.USENET)

TCP » 185.28.193.192:80
online-guardian-v2.0.9.exe

TCP » 185.28.193.192:80
Downloader.exe (Downloader)

TCP » 185.28.193.192:80
onlineguardian-v2.exe

TCP » 185.28.193.192:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 185.28.193.192:80
d9re-markablep23.exe

TCP » 185.28.193.192:80
winzillsvc.exe (ModenZill Service by PT.USENET)

TCP » 185.28.193.192:80
online-guardian.exe

TCP » 185.28.193.192:80
online-guardian-v2.exe

TCP » 185.28.193.192:80
update.exe (by Winner Updater Solutions)

TCP » 185.28.193.192:80
windilandsvc.exe (ModinLand Service by PT.USENET)

TCP » 185.28.193.192:80
windihepssvc.exe (ModinHeps Service by PT.USENET)

TCP » 185.28.193.192:80
windimixsvc.exe (ModinMix Service by PT.USENET)

TCP » 185.28.193.192:8000
buool.exe (LgGJSHMt)

 
Latest 20 of 21 files

always-wind.xyz

any-unix.xyz

app-match.xyz

bar-best.xyz

birdieu.xyz

birdle.xyz

contextdiscount.xyz

contract-your.xyz

creatorhelpusa.xyz

dljquery.net

dog-clock-north.xyz

downloader-toolbar.info

downloads-toolbar.info

fajdmr.com

fastwindowlink.xyz

find-laboratory.xyz

findermultiple.xyz

firmproviders.xyz

fleshplayers.xyz

forceaggregator.xyz

forcefinaljob.xyz

goodgrab.xyz

groupparent.xyz

job-version-ios.xyz

muchotorrente.com

mysticed.xyz

north-system.xyz

operatorteam.xyz

position-title.xyz

sendard.xyz

30 of 34 related domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.