» data.phpnuke.org
Overview
Analysis
IPs Addresses (1)
Downloads (26)
Network (2)
Website Detail
Related Domains (7)

data.phpnuke.org

Domains By Proxy, LLC (Proxy Registrant)

Domain Information

The domain data.phpnuke.org is registered by proxy through GoDaddy.com, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Montreal, Quebec within Canada which resides on the OVH Hosting, Inc. network.

Registrant:

Domains By Proxy, LLC

Registrar:

GoDaddy.com, LLC

Server location:

Quebec, Canada (CA)

Root domain:

phpnuke.org

Whois:

3 phpnuke.org records

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.Installer.BREEINTERNET, PUP.InffinityInternetSL.N, PUP.SILICOMINTERNETSL.M, Threat.Installer.InffinityInternet, PUP.BREEINTERNET.Installer (M), PUP.MAFERINTERNET.Installer (M), PUP.Inffinity.InffinityInternet.Installer (M), PUP.Inffinity.Installer (M), PUP.InstallCore.Installer.Meta (M), PUP.MAFERINT.Installer (M), PUP.BREEINTE.Installer (M), PUP (M)

100.00%

Dr.Web

Adware.Downware.1036

8.00%

Trend Micro House Call

TROJ_GEN.F47V0825, TROJ_GEN.F47V0407

8.00%

VIPRE Antivirus

Threat.4150696

4.00%

avast!

Installer-Z [PUP]

4.00%

Avira AntiVirus

ADWARE/Adware.Gen

4.00%

ESET NOD32

Win32/Toggle

4.00%

AVG

Toolbar.Babylon

4.00%

Bitdefender

Application.Downloader.QJ

4.00%

F-Secure

Application.Downloader.QJ

4.00%

Emsisoft Anti-Malware

Application.Downloader.QJ

4.00%

G Data

Application.Downloader.QJ

4.00%

herdProtect (fuzzy)

a variant of 2d02221c89951f4f758bec67ac442cde9bf3929a

4.00%

The domain data.phpnuke.org has been seen to resolve to the following IP address.

198.50.173.223

downloads.phpnuke.org

May 1, 2014

File downloads found at URLs served by data.phpnuke.org.

1 / 68 (Adware)

http://data.phpnuke.org/lv/software/downloadf/.../Counter-Strike.htm?lang=es&country=ar&sign=f418fcbe (counterstrike.exe)

1 / 68 (Adware)

http://data.phpnuke.org/lv/software/downloadf/.../Driver_Canon_LBP-1210.htm?lang=en&country=vn&sign=c21a9ae4 (driver_canon_lbp1210.exe)

1 / 68 (Adware)

http://data.phpnuke.org/lv/software/downloadf/.../Age_of_Empires_III_The_Asian_Dynasties.htm?lang=en&country=mx&sign=a8e11549 ({blocked}.exe)

1 / 68 (Adware)

http://data.phpnuke.org/lv/software/downloadf/.../Hamsterball.htm?lang=en&country=my&sign=a482ae1a (hamsterball.exe)

1 / 68 (Adware)

http://data.phpnuke.org/lv/software/downloadf/.../Skype.htm?lang=en&country=eg&sign=a75eaa6d (skype.exe)

1 / 68 (Adware)

http://data.phpnuke.org/lv/software/downloadf/.../Adobe_Photoshop_CS6.htm?lang=en&country=il&sign=2b982d99 (adobe_photoshop_cs6.exe)

1 / 68 (Adware)

http://data.phpnuke.org/lv/software/downloadf/.../Ulead_VideoStudio_Plus.htm?lang=fr&country=tn&sign=e9846a66 (ulead_videostudio_plus.exe)

1 / 68 (Adware)

http://data.phpnuke.org/lv/software/downloadf/.../Virtual_DJ_Home.htm?lang=en&country=uy&sign=673b2174 (virtual_dj_home.exe)

1 / 68 (Adware)

http://data.phpnuke.org/lv/software/downloadf/.../Nokia_Ovi_Suite.htm?lang=es&country=ar&sign=eaaaa22b (nokia_ovi_suite.exe)

1 / 68 (Adware)

http://data.phpnuke.org/lv/software/downloadf/.../Sound_Forge.htm?lang=en&country=il&sign=f5be8ee9 (sound_forge.exe)

1 / 68 (Adware)

http://data.phpnuke.org/lv/software/downloadf/.../Medieval_II_Total_War.htm?lang=en&country=th&sign=69c791ce (medieval_ii_total_war.exe)

1 / 68 (Adware)

http://data.phpnuke.org/lv/software/downloadf/.../Nero_ShowTime.htm?lang=en&country=in&sign=8975bea8 (nero_showtime.exe)

1 / 68 (Adware)

http://data.phpnuke.org/lv/software/downloadf/.../Adobe_Photoshop.htm?lang=en&country=hr&sign=d2c9933a (adobe_photoshop.exe)

1 / 68 (PUP)

http://data.phpnuke.org/lv/software/downloadf/.../My_tribe.htm?lang=en&country=bs&sign=48091c2c (my_tribe.exe)

1 / 68 (Adware)

http://data.phpnuke.org/lv/software/downloadf/.../7-Zip_File_Manager.htm?lang=en&country=pl&sign=835f9c03 (7zip_file_manager.exe)

1 / 68 (Adware)

http://data.phpnuke.org/lv/software/downloadf/.../GTA_San_Andreas_Zombie_Alarm_Mod.htm?lang=en&country=ro&sign=4c9b35ca (gta_san_andreas_zombie_alarm_mod.exe)

2 / 68 (Adware)

http://data.phpnuke.org/lv/software/downloadf/.../Windows_Live_Messenger.htm?lang=it&country=it&sign=ee0c9c8d (uexphm0a.exe)

1 / 68 (Adware)

http://data.phpnuke.org/lv/software/downloadf/.../Adobe_Photoshop_CS6.htm?lang=en&country=in&sign=b2fb8046 (adobe_photoshop_cs6.exe)

1 / 68 (Adware)

http://data.phpnuke.org/lv/software/downloadf/.../Cinema_4d.htm?lang=es&country=mx&sign=e300d74d (cinema_4d.exe)

1 / 68 (Adware)

http://data.phpnuke.org/lv/software/downloadf/.../Photoscape.htm?lang=it&country=it&sign=3387a48f (photoscape.exe)

1 / 68 (Adware)

http://data.phpnuke.org/lv/software/downloadf/.../The_Sims.htm?lang=en&country=us&sign=9178e9b5 (the_sims.exe)

1 / 68 (Adware)

http://data.phpnuke.org/lv/software/downloadf/.../Grand_Theft_Auto_San_Andreas_Patch.htm?lang=fr&country=tn&sign=0cd3015f (grand_theft_auto_san_andreas_patch.exe)

8 / 68 (Adware)

http://data.phpnuke.org/lv/software/downloadf/.../Minecraft.htm?lang=en&country=us&sign=3679ebc2 (minecraft.exe)

2 / 68 (Adware)

http://data.phpnuke.org/lv/software/downloadf/.../Windows_Live_Messenger.htm?lang=nl&country=be&sign=6cc039f4 (uexphm0a.exe)

7 / 68 (Adware)

http://data.phpnuke.org/lv/software/downloadf/.../Counter-Strike.htm?lang=en&country=gr&sign=400fdb06 (counterstrike.exe)

1 / 68 (Adware)

http://data.phpnuke.org/lv/software/downloadf/.../The_Sims_2_Patch.htm?lang=en&country=dk&sign=daa081ee (the_sims_2_patch.exe)

The following 2 files have been seen to comunicate with data.phpnuke.org in live environments.

TCP » 198.50.173.223:443

browser.exe (Browser)

TCP » 198.50.173.223:443

1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

URL:

http://data.phpnuke.org/

Google Analytics:

UA-15728026

Title:

“Phpnuke Programs - (Free) download library”

SSL certificate subject:

CN=*.phpnuke.org, OU=Domain Control Validated

SSL certificate issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc."

Web server:

nginx

Related Domains

benjaminstrahs.com

downius.com

downloadshareware.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.