home

cppasswordfinder.pbworks.com

Martin Bogomolni

Domain Information

The domain cppasswordfinder.pbworks.com registered by Martin Bogomolni was initially registered in November of 2006 through CSL COMPUTER SERVICE LANGENBACH GMBH D/B/A JOKER.COM. Currently this domain has been known to host various forms of malware. The hosted servers are located in San Francisco, California within the United States which resides on the GoGrid, LLC network.
Registrar:
CSL COMPUTER SERVICE LANGENBACH GMBH D/B/A JOKER.COM

Server location:
California, United States (US)

Create date:
Monday, November 13, 2006

Expires date:
Sunday, November 13, 2016

Updated date:
Monday, October 6, 2014

ASN:
AS26228 SERVEPATH - GoGrid, LLC,US

Root domain:
pbworks.com

Whois:
1 pbworks.com record

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

Malwarebytes
HackTool.Agent.Gen
100.00%

K7 AntiVirus
Riskware
100.00%

Kaspersky
not-a-virus:RiskTool.Win32.Agent
100.00%

VIPRE Antivirus
Trojan.Win32.Generic
100.00%

Avira AntiVirus
TR/Rogue.1407030
100.00%

SUPERAntiSpyware
Trojan.Agent/Gen-BKHN
100.00%

McAfee
Artemis!123F7A5EF921
100.00%

Baidu Antivirus
Hacktool.Win32.Agent
100.00%

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
100.00%

IKARUS anti.virus
Trojan-PWS.Win32.OnLineGames
100.00%

AVG
PSW.OnlineGames4
100.00%

Qihoo 360 Security
Win32/Virus.RiskTool.4ac
100.00%

The domain cppasswordfinder.pbworks.com has been seen to resolve to the following 2 IP addresses.

208.96.18.237
pbworks.com
April 16, 2016

208.96.18.238
pbworks.com
April 16, 2016

File downloads found at URLs served by cppasswordfinder.pbworks.com.

12 / 68    (Malware)
http://cppasswordfinder.pbworks.com/.../Club Penguin Password Finder.exe  (club penguin password finder.exe)

The following 4 files have been seen to comunicate with cppasswordfinder.pbworks.com in live environments.

TCP » 208.96.18.238:443
online-guardian-v2.0.9.exe

TCP » 208.96.18.238:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 208.96.18.237:80
onlineguardian-v2.exe

TCP » 208.96.18.238:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 208.96.18.238:80
online-guardian-v2.0.9.exe

TCP » 208.96.18.238:80
onlineguardian-v2.exe

URL:
http://cppasswordfinder.pbworks.com/

Google Analytics:
UA-2694787

Title:
“CP Password Finder [licensed for non-commercial use only] / Cp Hack”

SSL certificate subject:
CN=*.pbworks.com, OU=PremiumSSL Wildcard, O=PBworks, STREET=1 Waters Park Drive, L=San Mateo, S=California, PostalCode=94403, C=US

SSL certificate issuer:
CN=COMODO RSA Organization Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
nginx/0.7.67

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.