» masternal.com
Overview
Analysis
IPs Addresses (6)
Downloads (30)
Network (32)
Website Detail

masternal.com

Gal Ulishgen

Domain Information

The domain masternal.com registered by Gal Ulishgen was initially registered in August of 2014 through EVOPLUS LTD. Currently this domain has been known to host various forms of malware. The hosted servers are located in Chicago, Illinois within the United States which resides on the GigeNET network.

Registrant:

Gal Ulishgen

Registrar:

EVOPLUS LTD

Server location:

Illinois, United States (US)

Create date:

Sunday, August 31, 2014

Expires date:

Monday, August 31, 2015

Updated date:

Saturday, February 28, 2015

ASN:

AS32181 ASN-GIGENET - GigeNET,US

Whois:

1 masternal.com record

Scanner detections:

Malware distribution (100% detected)

Scan engine

Details

Detections

Reason Heuristics

Threat.Win.Reputation.IMP, PUP.installCore.DovgilMa.Installer (M), Adware.Generic.AT (M)

93.10%

Emsisoft Anti-Malware

Gen:Variant.Adware.Mplug.30, Gen:Variant.Adware.Kazy.552220, Gen:Variant.Adware.MPlug.31, Gen:Variant.Adware.Kazy.552533

41.38%

ESET NOD32

Win32/Adware.MultiPlug.EP application, Win32/Adware.MultiPlug.ES application, Win32/Adware.MultiPlug.EZ application

41.38%

F-Secure

Gen:Variant.Adware.Mplug.30, Gen:Variant.Adware.Kazy.552220, Gen:Variant.Adware.MPlug.31, Variant.Downloader.188

41.38%

AVG

Generic6, Adware Generic6.OUJ, Win.Threat.Medium, Adware Generic6.NEI, Adware Generic6.MVR, Adware Generic6.MVO

41.38%

McAfee

Program.MultiPlug-FVH, Program.Multiplug-FVQ, Program.MultiPlug-FVQ, Program.MultiPlug-FVZ, Program.MultiPlug-FVJ

37.93%

Lavasoft Ad-Aware

Gen:Variant.Adware.Mplug.30, Gen:Variant.Adware.Kazy.552220, Gen:Variant.Adware.MPlug.31, Gen:Variant.Adware.Kazy.552533

34.48%

MicroWorld eScan

Gen:Variant.Adware.Mplug.30, Gen:Variant.Adware.Kazy.552220, Gen:Variant.Adware.MPlug.31, Gen:Variant.Adware.Kazy.552533

34.48%

Bitdefender

Gen:Variant.Adware.Mplug.30, Gen:Variant.Adware.Kazy.552220, Gen:Variant.Adware.MPlug.31, Gen:Variant.Adware.Kazy.552533

34.48%

AhnLab V3 Security

PUP/Win32.MultiPlug, Adware/Win32.MultiPlug

34.48%

G Data

Gen:Variant.Adware.Mplug.30, Gen:Variant.Adware.Kazy.552220, Gen:Variant.Adware.MPlug.31, Gen:Variant.Adware.Kazy.552533

34.48%

Vba32 AntiVirus

suspected of Heur.Malware-Cryptor.Multiplug

34.48%

K7 AntiVirus

Unwanted-Program

31.03%

Sophos

MultiPlug, PUA 'MultiPlug' (of type Adware)

31.03%

Avira AntiVirus

ADWARE/MultiPlug.Gen4, ADWARE/MultiPlug.Gen7

31.03%

The domain masternal.com has been seen to resolve to the following 6 IP addresses.

70.32.1.32

ip-70.32.1.32.hosted.by.gigenet.com

September 1, 2016

103.224.182.234

May 17, 2016

52.26.71.172

ec2-52-26-71-172.us-west-2.compute.amazonaws.com

July 23, 2015

52.27.166.51

ec2-52-27-166-51.us-west-2.compute.amazonaws.com

July 23, 2015

52.27.146.26

ec2-52-27-146-26.us-west-2.compute.amazonaws.com

July 23, 2015

54.69.104.255

ec2-54-69-104-255.us-west-2.compute.amazonaws.com

May 28, 2015

File downloads found at URLs served by masternal.com.

1 / 68 (Malware)

http://masternal.com/v20796?product_name=ayuntamientos_nivel9&filesize=29MB&product_title=ayuntamientos_nivel9&installer_file_name=ayuntamientos_nivel9&product_file_name=ayuntamientos_nivel_9.rar&product_download_url=http://clanpegaso.com/wp-content/uploads/2014/.../Ayuntamientos-9.rar (ayuntamientos_nivel9.exe)

1 / 68 (Malware)

http://masternal.com/v21735?product_name=Asphalt 8: Airborne for PC&filesize=2&product_title=Asphalt 8: Airborne for PC&installer_file_name=Asphalt 8: Airborne for PC&product_file_name=Asphalt 8: Airborne for PC.exe&product_download_url=http://cdn.bluestacks.com/public/.../BlueStacks-SplitInstaller_native.exe&locale=EN (asphalt 8_ airborne for pc.exe)

1 / 68 (Malware)

http://masternal.com/v21735?product_name=RescuePRO&filesize=2&product_title=RescuePRO&installer_file_name=RescuePRO&product_file_name=RescuePRO.exe&product_download_url=http://www.lc-tech.com/productdemo/.../RPDLXWIN.zip&locale=EN (33f33b6232d54f88ba036c482b2d9758)

7 / 68 (PUP)

http://masternal.com/v20058?product_name=Wiz_Khalifa_Black_And_Yellow_G_Mix_ft_Snoop_Dogg_Juicy_J_T_Pain.mp3&file_size=&product_title=Wiz Khalifa - Black And Yellow [G-Mix] ft. Snoop Dogg, Juicy J & T-Pain&installer_file_name=Wiz_Khalifa_Black_And_Yellow_G_Mix_ft_Snoop_Dogg_Juicy_J_T_Pain.mp3&product_file_name=Wiz_Khalifa_Black_And_Yellow_G_Mix_ft_Snoop_Dogg_Juicy_J_T_Pain.mp3&product_download_url=http://static.convertonmp3.com/downloads/03/.../Wiz_Khalifa_Black_And_Yellow_G_Mix_ft_Snoop_Dogg_Juicy_J_T_Pain.mp3?h=wybyk3-PUkpxtpvrL5NrhQ&e=1423442953 (wiz_khalifa_black_and_yellow_g_mix_ft_snoop_dogg_juicy_j_t_pain.mp3.exe)

8 / 68 (PUP)

http://masternal.com/v20058?product_name=Snoop_Dogg_y_Wiz_Khalifa_Jovenes_salvajes_y_libres_Hip_Hop_Nuevo_2011.mp3&file_size=&product_title=Snoop Dogg y Wiz Khalifa - Jóvenes salvajes y libres [Hip Hop Nuevo] 2011&installer_file_name=Snoop_Dogg_y_Wiz_Khalifa_Jovenes_salvajes_y_libres_Hip_Hop_Nuevo_2011.mp3&product_file_name=Snoop_Dogg_y_Wiz_Khalifa_Jovenes_salvajes_y_libres_Hip_Hop_Nuevo_2011.mp3&product_download_url=http://static.convertonmp3.com/downloads/a5/.../Snoop_Dogg_y_Wiz_Khalifa_Jovenes_salvajes_y_libres_Hip_Hop_Nuevo_2011.mp3?h=1UsSMNc_LwGNCasPV2u7sA&e=1423446657 (snoop_dogg_y_wiz_khalifa_jovenes_salvajes_y_libres_hip_hop_nuevo_2011.mp3.exe)

1 / 68 (Malware)

http://masternal.com/v21158?product_name= F.7.720p.HDRip.ArabSeed.CoM.Taha.mkv&filesize=1&product_title=Product_Title_Parameter&installer_file_name= F.7.720p.HDRip.ArabSeed.CoM.Taha.mkv&product_file_name= F.7.720p.HDRip.ArabSeed.CoM.Taha.mkv.XXX&product_download_url=download (-f.7.720p.hdrip.arabseed.com.taha.exe)

1 / 68 (Malware)

http://masternal.com/v22605?product_name=Google Chrome&file_size=&product_title=Google Chrome&installer_file_name=Google Chrome&product_download_url=http://dl.google.com/chrome/install/.../chrome_installer.exe&locale=FR (google chrome.exe)

1 / 68 (Malware)

http://masternal.com/v2921?product_name=Cami Gallardo - Volver a los 17 - Cover - Violeta Parra.mp3&filesize=1mb&product_title=Cami Gallardo - Volver a los 17 - Cover - Violeta Parra.mp3&installer_file_name=Cami Gallardo - Volver a los 17 - Cover - Violeta Parra.mp3&product_file_name=Cami Gallardo - Volver a los 17 - Cover - Violeta Parra.mp3&product_download_url=http://srv25.clipconverter.cc/download/.../Cami Gallardo - Volver a los 17 - Cover - Violeta Parra.mp3 (cami gallardo - volver a los 17 - cover - violeta parra.mp3.exe)

1 / 68 (Adware)

http://masternal.com/v21735?product_name=HangARoo&filesize=2&product_title=HangARoo&installer_file_name=HangARoo&product_file_name=HangARoo.exe&product_download_url=http://dlr.ncbuy.com/downloads/.../hangaroo_setup.exe&locale=EN (129871cb53f5d21b5b3f09cf27ba7439)

1 / 68 (Malware)

http://masternal.com/v2921?product_name=J. Balvin - Ay Vamos.3gp&filesize=1mb&product_title=J. Balvin - Ay Vamos.3gp&installer_file_name=J. Balvin - Ay Vamos.3gp&product_file_name=J. Balvin - Ay Vamos.3gp&product_download_url=http://srv68.clipconverter.cc/download/.../J. Balvin - Ay Vamos.3gp (j. balvin - ay vamos.3gp.exe)

1 / 68 (Malware)

http://masternal.com/v21735?product_name=Five Nights at Freddy’s for PC&filesize=2&product_title=Five Nights at Freddy’s for PC&installer_file_name=Five Nights at Freddy’s for PC&product_file_name=Five Nights at Freddy’s for PC.exe&product_download_url=http://cdn.bluestacks.com/public/.../BlueStacks-SplitInstaller_native.exe&locale=EN (five nights at freddys for pc.exe)

1 / 68 (Malware)

http://masternal.com/v20059?product_name=Pack_Intro_GoPro_Silva.mp4&file_size=&product_title=Pack Intro GoPro - Silva&installer_file_name=Pack_Intro_GoPro_Silva.mp4&product_file_name=Pack_Intro_GoPro_Silva.mp4&product_download_url=http://youtubemp4s.com/downloads/.../2121460?h=j5C_1Ht8sevVy6h5PGbBdw&e=1423599682 (pack_intro_gopro_silva.mp4.exe)

1 / 68 (Malware)

http://masternal.com/v20058?product_name=Iggy_Azalea_ft_Rita_Ora_Black_Widow_Ahzee_Remix.mp3&file_size=&product_title=Iggy Azalea ft. Rita Ora - Black Widow (Ahzee Remix)&installer_file_name=Iggy_Azalea_ft_Rita_Ora_Black_Widow_Ahzee_Remix.mp3&product_file_name=Iggy_Azalea_ft_Rita_Ora_Black_Widow_Ahzee_Remix.mp3&product_download_url=http://static.convertonmp3.com/downloads/9d/.../Iggy_Azalea_ft_Rita_Ora_Black_Widow_Ahzee_Remix.mp3?h=FU_2SfrT7hyv0nBlqFXzMw&e=1423547597 (iggy_azalea_ft_rita_ora_black_widow_ahzee_remix.mp3.exe)

1 / 68 (Malware)

http://masternal.com/v21156?product_name=TrpMix.CoM.Semsm Shahab.Mesta7mleen ...&filesize=10.43 MB&product_title=Download TrpMix.CoM.Semsm Shahab.Mesta7mleen ...&installer_file_name=TrpMix.CoM.Semsm Shahab.Mesta7mleen.BY.ElMaSrY.mp3&product_file_name=TrpMix.CoM.Semsm Shahab.Mesta7mleen.BY.ElMaSrY.mp3&product_download_url=http://.../get_file.php?h=lh4r5fs5wl&uid=dsrtgriz1kc (trpmix.com.semsm shahab.mesta7mleen.by.elmasry.mp3.exe)

1 / 68 (Malware)

http://masternal.com/v22605?product_name=Madura English-Sinhala Dictionary&file_size=&product_title=Madura English-Sinhala Dictionary&installer_file_name=Madura English-Sinhala Dictionary&product_download_url=http://www.maduraonline.com/.../madura.exe&locale=FR (madura english-sinhala dictionary.exe)

9 / 68 (PUP)

http://masternal.com/v20058?product_name=Dj_tiesto_Titanic_remix_Dj_Titanic.mp3&file_size=&product_title=Dj tiesto - Titanic remix (Dj Titanic)&installer_file_name=Dj_tiesto_Titanic_remix_Dj_Titanic.mp3&product_file_name=Dj_tiesto_Titanic_remix_Dj_Titanic.mp3&product_download_url=http://static.convertonmp3.com/downloads/87/.../Dj_tiesto_Titanic_remix_Dj_Titanic.mp3?h=Ent0xys6VcAd2ADfCrKh-A&e=1423452662 (dj_tiesto_titanic_remix_dj_titanic.mp3.exe)

1 / 68 (Malware)

http://masternal.com/v21105?product_name=Clash of Clans&filesize=3&product_title=Clash of Clans&installer_file_name=Clash of Clans&Product_File_Name=Clash of Clans.exe&product_download_url=http://cdn.bluestacks.com/public/.../BlueStacks-SplitInstaller_native.exe&locale=XX (d282e7f956f23396f01308e70465d4a0)

1 / 68 (Malware)

http://masternal.com/v22597?product_name=Snapchat&file_size=&product_title=Snapchat&installer_file_name=Snapchat&product_download_url=http://cdn.bluestacks.com/public/.../BlueStacks-SplitInstaller_native.exe&locale=XX (snapchat.exe)

21 / 68 (PUP)

http://masternal.com/v20059?product_name=Wheel_of_Time_TV_pilot_Winter_Dragon.mp4&file_size=&product_title=Wheel of Time TV pilot: "Winter Dragon"&installer_file_name=Wheel_of_Time_TV_pilot_Winter_Dragon.mp4&product_file_name=Wheel_of_Time_TV_pilot_Winter_Dragon.mp4&product_download_url=http://youtubemp4s.com/downloads/.../2197788?h=LSMQijbpoiPwal1rRpmy0A&e=1423529096 (wheel_of_time_tv_pilot_winter_dragon.mp4.exe)

23 / 68 (PUP)

http://masternal.com/v2921?product_name=???? ???? ?????? ??? ??????? - Surat Yusuf Saad el ghamdi.mp4&filesize=1mb&product_title=???? ???? ?????? ??? ??????? - Surat Yusuf Saad el ghamdi.mp4&installer_file_name=???? ???? ?????? ??? ??????? - Surat Yusuf Saad el ghamdi.mp4&product_file_name=???? ???? ?????? ??? ??????? - Surat Yusuf Saad el ghamdi.mp4&product_download_url=http://srv41.clipconverter.cc/download/.../سورة يوسف القارئ سعد الغامدي - Surat Yusuf Saad el ghamdi.mp4 (- surat yusuf saad el ghamdi.mp4.exe)

24 / 68 (PUP)

http://masternal.com/v2921?product_name=24 Hours After - Hiroshiima.mp4&filesize=1mb&product_title=24 Hours After - Hiroshiima.mp4&installer_file_name=24 Hours After - Hiroshiima.mp4&product_file_name=24 Hours After - Hiroshiima.mp4&product_download_url=http://srv40.clipconverter.cc/download/.../24 Hours After - Hiroshiima.mp4 (24 hours after - hiroshiima.mp4.exe)

21 / 68 (PUP)

http://masternal.com/v2921?product_name=24 Hours After Hiroshima. Full Documentary..mp4&filesize=1mb&product_title=24 Hours After Hiroshima. Full Documentary..mp4&installer_file_name=24 Hours After Hiroshima. Full Documentary..mp4&product_file_name=24 Hours After Hiroshima. Full Documentary..mp4&product_download_url=https://r16---sn-2gb7ln7l.googlevideo.com/.../mp4&ipbits=0&initcwndbps=1577500&requiressl=yes&dur=2974.220&source=youtube&fexp=907263,912151,917000,927622,934947,934954,9405987,943917,947225,948124,948703,950500,952302,952605,952612,952901,955301,957201,959701&key=yt5&signature=0814BAD92F2EAF28C01D07531A1A9BFCD588788A.F53FF94E52EBFA2176EC29DD93175E7B1A3D6C68&expire=1424114515&upn=jhyE-NrjCAM&sver=3&itag=22&ratebypass=yes&ip=2001:41d0:1:6118:8d3c:aa83:2687:a5b0&pl=48&mv=m&mt=1424092735&ms=au&mm=31&id=o-AJbGAEuG3q6uaVbGW96s5nw5sclxRyUqz_VFKdKxy_Nk&&title=24 (24 hours after hiroshima. full documentary..mp4.exe)

26 / 68 (PUP)

http://masternal.com/v21117?product_name=Snapseed&file_size=&product_title=Snapseed&installer_file_name=Snapseed&product_download_url=http://cdn.bluestacks.com/public/.../BlueStacks-SplitInstaller_native.exe&locale=XX (snapseed.exe)

26 / 68 (PUP)

http://masternal.com/v22597?product_name=WhatsApp&file_size=&product_title=WhatsApp&installer_file_name=WhatsApp&product_download_url=http://.../getandy.php&locale=XX (whatsapp.exe)

17 / 68 (PUP)

http://masternal.com/v22597?product_name=WhatsApp&file_size=&product_title=WhatsApp&installer_file_name=WhatsApp&product_download_url=http://.../getandy.php&locale=XX (whatsapp.exe)

22 / 68 (PUP)

http://masternal.com/v95?product_name=GillSans Font&product_title=GillSans Font&installer_file_name=gillsans_ufonts.com&product_file_name=gillsans.ttf&product_download_url=http://.../xjc?d951853 (gillsans_ufonts.com.exe)

17 / 68 (PUP)

http://masternal.com/v21735?product_name=SHAREit for PC&filesize=2&product_title=SHAREit for PC&installer_file_name=SHAREit for PC&product_file_name=SHAREit for PC.exe&product_download_url=http://cdn.bluestacks.com/public/.../BlueStacks-SplitInstaller_native.exe&locale=EN (b1bd3d20357df89e698e0bb5f21b3b00)

16 / 68 (PUP)

Latest 30 of 30 download URLs

The following 32 files have been seen to comunicate with masternal.com in live environments.

TCP » 70.32.1.32:80

trusted saver-updater.exe (Trusted Saver)

TCP » 70.32.1.32:80

ea778645-acd3-4ff9-b713-d5fa4ab4ed81-7.exe (OMG-Music+_05 by BND_C)

TCP » 70.32.1.32:80

3006.exe (CinemaPlus-4.5vV28.05 by Cinema PlusV28.05)

TCP » 70.32.1.32:80

945c0e10-1e56-4743-9d6c-14d08bdeed9b-1-7.exe (App Lid by Lid)

TCP » 70.32.1.32:80

citrio.exe (Citrio by CatalinaGroup)

TCP » 70.32.1.32:80

1975.exe (CinemaPlus-3.2cV26.05 by Cinema PlusV26.05)

TCP » 70.32.1.32:80

plus-hd-2.3-updater.exe (Plus-HD-2.3 by Plus HD)

TCP » 70.32.1.32:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 70.32.1.32:80

Traffic Exchange Updater.exe (Traffic Exchange by Microleaves)

TCP » 70.32.1.32:80

hdvid codec v1-updater.exe (HDvid Codec V1 by installdaddy)

TCP » 70.32.1.32:80

6ed2b960-c61c-44c2-a90e-f4d0681bb4fb-1-7.exe (CinemaPlus-3.2cV25.05 by Cinema PlusV25.05)

TCP » 70.32.1.32:443

vosteran.exe

TCP » 70.32.1.32:80

plus-hd-2.6-updater.exe (Plus-HD-2.6 by Plus HD)

TCP » 70.32.1.32:80

7pm tech - w8 aio tool 1.1.0.1.exe (7pm Tech - W8 AIO Tool by 7pm Tech)

TCP » 54.69.104.255:80

tmp781a.tmp

TCP » 54.69.104.255:80

tmp5600.tmp

TCP » 54.69.104.255:80

tmp61f7.tmp

TCP » 70.32.1.32:80

plus-hd-2.2-chromeinstaller.exe (Plus-HD-2.2 by Plus HD)

TCP » 70.32.1.32:80

1038.exe (SavePass 1.1 by OB)

TCP » 70.32.1.32:80

5dec1504-22f9-4360-a193-ddafd030c991-1-7.exe (CinemaPlus-3.2cV26.05 by Cinema PlusV26.05)

Latest 20 of 33 files

URL:

http://masternal.com/

Web server:

ngx_openresty (PHP/5.4.37)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.