home

qsoh.gamesflight.com

Moniker Online Services LLC (DONE ACCOUNT)

Domain Information

The domain qsoh.gamesflight.com registered by Moniker Online Services LLC (DONE ACCOUNT) was initially registered in April of 2015 through Moniker Online Services. Currently this domain has been known to host various forms of malware. The hosted servers are located in Nuremberg, Bayern within Germany which resides on the RIPE Network Coordination Centre network.
Registrar:
Moniker Online Services

Server location:
Bayern, Germany (DE)

Create date:
Wednesday, April 1, 2015

Expires date:
Saturday, April 1, 2017

Updated date:
Wednesday, April 6, 2016

ASN:
AS24940 HETZNER-AS Hetzner Online GmbH,DE

Root domain:
gamesflight.com

Whois:
2 gamesflight.com records

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP (M), PUP.GamesFli.Installer (M)
100.00%

The domain qsoh.gamesflight.com has been seen to resolve to the following 5 IP addresses.

74.120.16.179
September 1, 2016

54.235.159.97
ec2-54-235-159-97.compute-1.amazonaws.com
June 23, 2016

144.76.0.242
static.242.0.76.144.clients.your-server.de
April 6, 2016

144.76.1.130
static.130.1.76.144.clients.your-server.de
April 6, 2016

209.59.182.44
November 10, 2015

File downloads found at URLs served by qsoh.gamesflight.com.

1 / 68      (Malware)
http://qsoh.gamesflight.com/flight/setup.php?ss=YTE2NDE0MjU4NjnboUUqDbSzw93 Igg/22CzVB4t97xpKrMOXjmxPva2dBwKrEWiEVQ/.../36w6cZ4JzgAbSZmGkI lQSii66ZeipFx jZEbBJXPClvnkqBGNL9RM=  (gamesflightgames.exe)

1 / 68      (Malware)
http://qsoh.gamesflight.com/flight/setup.php?ss=YTMxNzU4ODc0ODHboUUqDbSzw93 Igg/22Cz4VkSPsRNsf4nm3W10Jf7 ud OZwjZniNjmn2Gt/.../43tp 5uikVvL1PImdjl4is4X2cbjr1CgS1F3bQlEKwXIT9uMlbI=  (gamesflightgames.exe)

1 / 68      (Malware)
http://qsoh.gamesflight.com/flight/setup.php?ss=YTE5OTE4NDg4MTLboUUqDbSzw93 Igg/.../M9ekAii2oYLEdQ1orTuHitGzGSxbiVtJfHtvKS7pTP4giPlr6g==  (gamesflightgames.exe)

1 / 68      (Malware)
http://qsoh.gamesflight.com/flight/setup.php?ss=YTMzMjY4ODMzMzfboUUqDbSzw93 Igg/22Cz4VkSPsRNsf7tEbT9kRERCakulirNSvk/MAPlWUMnaGWA5iPstYfGdTL1wsmL1pwuQZA/.../slvdq3sxFr58dY72UAqGx6GlocG07npTP4giPlr6g==  (gamesflightgames.exe)

1 / 68      (Malware)
http://qsoh.gamesflight.com/flight/setup.php?ss=YTIxNjIwNDUzMjPboUUqDbSzw93 Igg/.../vEZgcMuwxkWVN6VHk7oqK7IQTXLWbfn4rP9Ex6PpdFVzY1UswcXdf3KrXlkFwVXGPXDelSjuW6lfNHVRP7ZAUv9I=  (gamesflightgames.exe)

1 / 68      (Malware)
http://qsoh.gamesflight.com/flight/setup.php?ss=YTI2ODQzNjc3NTfboUUqDbSzw93 Igg/22Cz4VkSPsRNsf7tV4UnfDhro3qflpfsEaAIUbu/.../3pTP4giPlr6g==  (gamesflightgames.exe)

1 / 68      (Malware)
http://qsoh.gamesflight.com/flight/setup.php?ss=YTE3NjQ1Njk3ODbboUUqDbSzw93 Igg/.../jR0UWyAyGoKYdOnClanrUEFZU3Tkf6xzh5udUBCBzPrtidxSB2Prhy5nzDMMY5xW9M81kRikmN7oCh4 ZcFZWppUOlST2zpTP4giPlr6g==  (gamesflightgames.exe)

1 / 68      (Malware)
http://qsoh.gamesflight.com/flight/setup.php?ss=YTEwMzYxMzcxNDnboUUqDbSzw93 Igg/22Cz2BlitKkcAwl8bBmIldQe8Zax9elcpRZQeFlhXUaS/LcbOnf7jFFq//.../M7ng=  (gamesflightgames.exe)

1 / 68      (Malware)
http://qsoh.gamesflight.com/flight/setup.php?ss=YTIyMjk4MDgyMznboUUqDbSzw93 Igg/.../Loo0As9cvOok OFuR xzh5udUBCB6d5h0oXKNiPbqDnrjxPbn fSFtTKGsqNP4KPPVj9yB6lpd2Hl146Vs=  (gamesflightgames.exe)

1 / 68      (Malware)
http://qsoh.gamesflight.com/flight/.../22Cz2BlitKkcAwmf n49p4Vky2JsJZ8jnsIOX4Zw6LboQw2xzh5udUBCB4TQwnm9VqaUPZxmATJdIDI1JUdgR3gvdhGcHRHPmOXRw9Am05 NcpY=  (gamesflightgames.exe)

1 / 68      (Malware)
http://qsoh.gamesflight.com/flight/setup.php?ss=OTY3MzAwMDI3OduhRSoNtLPD3f4iCD/bYLNSsjAObVJFKYdw hYiNuRdEig/5kmJd0XSQzByVVbAThs6d/.../U7xGAbaAevMOJVxObqRDuyFsw B5oWaRJO7dpMtiRnp6glhEHUjYDQ==  (gamesflightgames.exe)

1 / 68      (Malware)
http://qsoh.gamesflight.com/flight/.../22CzUrIwDm1SRSmp8n81CdGOmFRoe7s0AWJvdOq6p42xwySxzh5udUBCB9SdaT2IWT3m6tp FYNO CI1yVYZcBCkU47OXRZSgmwT1jImgJgBrxs=  (gamesflightgames.exe)

1 / 68      (Malware)
http://qsoh.gamesflight.com/flight/.../22CzUrIwDm1SRSkTN66x1k8JujQNMOq4iS23LteQSbXbbZkTXLWbfn4rP54s6TVImmlS6owHly4ndNzLs1uz2eAk YCjQEmxs7thXvJQ815akdM=  (gamesflightgames.exe)

1 / 68      (Malware)
http://qsoh.gamesflight.com/flight/.../22Cz2BlitKkcAwllagYkTfXKLjW7cwYKv2U8gXHbYJzUDNsTXLWbfn4rP4qJejyMGZgO11RfWls21lTZ4MGjjLV puIcTOEo oHOhoLrMciH HM=  (gamesflightgames.exe)

1 / 68      (Malware)
http://qsoh.gamesflight.com/flight/.../22Cz4VkSPsRNsf7vkOq7kLmMwO1sLWXPI0cOGmf89kmnZY6xzh5udUBCB05gqdmqfY 5AKANAZmL0welMqKL5vtKJW7RcVsnRkxltwRI7G8YCwU=  (gamesflightgames.exe)

1 / 68      (PUP)
http://qsoh.gamesflight.com/flight/setup.php?ss=OTU4OTExNTMyMtuhRSoNtLPD3f4iCD/bYLPhWRI xE2x/uAXCbuZIqjV51kpxOvF4/.../DA9njCRGi0oEH9JXnpJOzL3gTvjKFM KbO9Ont4PXFiEqXK1 wjFPQ==  (gamesflightgames.exe)

1 / 68      (Malware)
http://qsoh.gamesflight.com/flight/setup.php?ss=YTI1NTIzNzgwODPboUUqDbSzw93 Igg/22Cz4VkSPsRNsf5zkIHxHREj7GT/.../tBw LdTwaLvjYnzijhKGWBmn19n3Xyy4lbGUEOUHnheNebm2tzF3LvSBX6yura8gC5H59M8vrERSnKw=  (gamesflightgames.exe)

1 / 68      (Malware)
http://qsoh.gamesflight.com/flight/setup.php?ss=OTgxNzExNDE3N9uhRSoNtLPD3f4iCD/bYLM4SsXzxIgkTYzkadfb/Q18VuyjACA45sTuaOZASXqVvRNctZt fis/.../cosjsORIWyYPCgwVSw==  (gamesflightgames.exe)

1 / 68      (Malware)
http://qsoh.gamesflight.com/.../setup.php?ss=YTI4NTM1MTU4MjLboUUqDbSzw5VZ6C2AjfX2M6JBn7sxOHJ4VMJvier0T Vfn1WhjbsggnX xt64BdJptcNbVBjWfjX1JyC12gf9U1xAvFndxhU3DcSS9RaqUZgEt3nBZZnuH24jfev gjw=  (gamesflightgames.exe)

1 / 68      (Malware)
http://qsoh.gamesflight.com/flight/setup.php?ss=YTEzMzM2NzAxNjXboUUqDbSzw93 Igg/.../UWH1fz951xllrlv wqGwkYDwHnEclT5qnLk=  (gamesflightgames.exe)

1 / 68      (Malware)
http://qsoh.gamesflight.com/flight/setup.php?ss=YTMwNTU5NTU2NTbboUUqDbSzw93 Igg/22CzUrIwDm1SRSn9IpE102AB1/.../QnqM=  (gamesflightgames.exe)

1 / 68      (Malware)
http://qsoh.gamesflight.com/flight/setup.php?ss=OTI0MzU0MzkyNNuhRSoNtLPD3f4iCD/bYLPhWRI xE2x/p0YlG4cCLWSb1IubSw6zliOvpj/.../ygI9h7G ywi3VQNRjkSUArcnInTIi8mg==  (gamesflightgames.exe)

1 / 68      (Malware)
http://qsoh.gamesflight.com/flight/setup.php?ss=OTQ1NzQ1MzU2MtuhRSoNtLPD3f4iCD/bYLPhWRI xE2x/.../wa8FxrbYlIcKBy5RSSr7uV1BClwvDcv3CZT94Yw==  (gamesflightgames.exe)

1 / 68      (Malware)
http://qsoh.gamesflight.com/flight/setup.php?ss=YTI3NDQzMzE2OTjboUUqDbSzw93 Igg/22Cz4VkSPsRNsf6nQ25SScUnk10XZsF0JDwherG7F2aYd8/ijhKGWBmn10ORtwnJ2JlGERO9OSkzMDdJX2E/.../a2c=  (gamesflightgames.exe)

1 / 68      (Malware)
http://qsoh.gamesflight.com/flight/setup.php?ss=OTIxNTgyMTk3MNuhRSoNtLPD3f4iCD/.../qiKlKCsSAd2uFVzMKpotky9P4dHs ioTuKOEoZYGafXQ5G3CcnYmUYRE705KTMwN4d7kDvFJqRArK6tryALkfn7xmNphpNUFA==  (gamesflightgames.exe)

1 / 68      (Malware)
http://qsoh.gamesflight.com/flight/setup.php?ss=YTM0Mjk0NDY4NDnboUUqDbSzw93 Igg/22CzUrIwDm1SRSl6/E239Xjc9UbhkJ/.../W8TU8KJf0USFe8t1FyCyHhbnt66CIIDY0DCP MEsz3pTP4giPlr6g==  (gamesflightgames.exe)

1 / 68      (Malware)
http://qsoh.gamesflight.com/flight/setup.php?ss=YTE2NjM0NDY5NzXboUUqDbSzw93 Igg/.../4kr8vRiCO1Vipg7FjqD1dzEApzvXdUUO3xF9xHOHCIhcCN13GLKXG8=  (gamesflightgames.exe)

1 / 68      (Malware)
http://qsoh.gamesflight.com/flight/setup.php?ss=YTMwOTY2NTU0ODTboUUqDbSzw93 Igg/.../EmD8yrpTP4giPlr6g==  (gamesflightgames.exe)

1 / 68      (Malware)
http://qsoh.gamesflight.com/flight/setup.php?ss=YTE3MDU0NTUwNzLboUUqDbSzw93 Igg/22CzUrIwDm1SRSnHHuWf7qHKuZs9KBaKuB5NkRARc3VcPQUTXLWbfn4rPyyHHdrVeOL5clV9VAh29v/.../XRhcCBlIed1Ix2Ov4Y14n7R7 cU=  (gamesflightgames.exe)

1 / 68      (Malware)
http://qsoh.gamesflight.com/flight/setup.php?ss=YTI0MjQ1MTc0NzLboUUqDbSzw93 Igg/22Cz4VkSPsRNsf4RuLMW2/.../2nxQKf4UN9gu7Bl1VGyr9hA6QzVNmQ=  (gamesflightgames.exe)

 
Latest 30 of 2,782 download URLs

The following 25 files have been seen to comunicate with qsoh.gamesflight.com in live environments.

TCP » 144.76.0.242:80
jingling.exe

TCP » 144.76.0.242:80
Trezaa.Service.exe (Trezaa.Service by Microsoft)

TCP » 144.76.0.242:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 144.76.0.242:80
setupv.exe (project1 by Microsoft)

TCP » 144.76.1.130:443
apptrailers.exe

TCP » 144.76.0.242:443
online-guardian-v2.0.9.exe

TCP » 144.76.0.242:80
AdxEngine.exe (MPC AdCleaner by DotC United Inc)

TCP » 144.76.0.242:80
microsoft toolkit 2.6.6__9465_il667.exe

TCP » 144.76.1.130:80
microsoft toolkit 2.6.6__9465_il667.exe

TCP » 144.76.0.242:80
kmspico10.2.1__8174_il55.exe

TCP » 144.76.0.242:25
init.exe

TCP » 144.76.0.242:80
UCBrowser.exe (by UCWeb)

TCP » 144.76.1.130:80
kdlink32.exe (KDLink by QuestPRO Software)

TCP » 144.76.0.242:80
setup__2140_il20839.exe (arsenal by Emirates)

TCP » 144.76.0.242:80
kmspico10.2.1__11516_il55.exe

TCP » 144.76.0.242:80
windowsupdatekb12695__7428_il1.exe

TCP » 144.76.0.242:80
setup__15200_i1936892346_il29444.exe

TCP » 144.76.1.130:80
setup__2140_il20839.exe (arsenal by Emirates)

TCP » 144.76.1.130:80
kmspico10.2.1__11516_il55.exe

TCP » 144.76.1.130:80
windowsupdatekb12695__7428_il1.exe

 
Latest 20 of 31 files

URL:
http://qsoh.gamesflight.com/

Web server:
nginx

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.