home

trackmms.galatools.xyz

Domain Information

Server location:
California, United States (US)

ASN:
AS14061 DIGITALOCEAN-ASN - Digital Ocean, Inc., US

Root domain:
galatools.xyz

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Vittalia (M)
100.00%

The domain trackmms.galatools.xyz has been seen to resolve to the following IP address.

159.203.253.236
fd-04-do-w-sf-1.gtdlrfwd.com
September 2, 2016

File downloads found at URLs served by trackmms.galatools.xyz.

1 / 68      (PUP)
http://trackmms.galatools.xyz/v2/click/n7zkjpqi/?d=http://.../FREE_STARCOINS_AND_DIAMONDS_ON_MSP.zip&key=e4df38d2271a090e0bb49836ede2c1cac437345ffe3ed32638230b50abf73d71&sid=MOVIESTAR PLANET&uid=&affiliate_image=http://.../32x32msp.png&product_image=http://.../moviestarplanet.png&n=MOVIESTAR PLANET&filename=MOVIESTAR PLANET  (moviestar planet.exe)

The following 32 files have been seen to comunicate with trackmms.galatools.xyz in live environments.

TCP » 159.203.253.236:80
setup.exe (ImgBurn by Software Assistant)

TCP » 159.203.253.236:80
setup_imgburn_2.5.8.0_download.exe (ImgBurn by Software Assistant)

TCP » 159.203.253.236:80
kik for computer setup-efb5180a561c2ec1.exe

TCP » 159.203.253.236:80
setup.exe (ImgBurn by Software Assistant)

TCP » 159.203.253.236:80
mpc-hc.1.7.10.x86_download.exe (Media Player Classic HomeCinema Edition by Software Assistant)

TCP » 159.203.253.236:80
setupimgburn_2.5.8.0_installer.exe (ImgBurn by Software Assistant)

TCP » 159.203.253.236:80
setup.exe (ImgBurn by Software Assistant)

TCP » 159.203.253.236:80
microsoft toolkit-4f2c4058580128b8.exe

TCP » 159.203.253.236:80
setup.exe (Chrome by Software Assistant)

TCP » 159.203.253.236:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 159.203.253.236:80
chrome setup.exe (Chrome by Software Assistant)

TCP » 159.203.253.236:80
setup.exe (Minecraft by Software Assistant)

TCP » 159.203.253.236:80
n.exe (ImgBurn by Software Assistant)

TCP » 159.203.253.236:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 159.203.253.236:80
setup.exe (FIFA 15 by Software Assistant)

TCP » 159.203.253.236:80
setup.exe (Chrome by Software Assistant)

TCP » 159.203.253.236:80
setup.exe (ImgBurn by Software Assistant)

TCP » 159.203.253.236:80
extreme injector.exe (Extreme Injector v3.6 by Software Assistant)

TCP » 159.203.253.236:80
the forest setup.exe (The Forest by Software Assistant)

TCP » 159.203.253.236:80
setup.exe (File Downloader by Software Assistant)

 
Latest 20 of 33 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.