home

flvrunner.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain flvrunner.com is registered by proxy through GODADDY.COM, LLC and was originally registered in April of 2012. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Chicago, Illinois within the United States which resides on the GigeNET network.
Registrar:
GODADDY.COM, LLC

Server location:
Illinois, United States (US)

Create date:
Wednesday, April 4, 2012

Expires date:
Monday, April 4, 2016

Updated date:
Tuesday, April 30, 2013

Whois:
1 flvrunner.com record

Scanner detections:
Detections  (96% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Conduit.Q, PUP.Conduit.T, PUP.4218.Conduit.N, PUP.4203.Conduit.M, PUP.conduitinstaller.Conduit.Y, PUP.4327.Conduit.N, PUP.Conduit.Bundler (M), Win32.Generic, PUP.Softpulse (M)
97.96%

Dr.Web
Adware.Conduit.6, Adware.BGuard.15, Adware.Downware.1237, Adware.Conduit.3
24.49%

Malwarebytes
PUP.Optional.Conduit.A
20.41%

VIPRE Antivirus
Conduit
20.41%

ESET NOD32
Win32/Toolbar.Conduit, Win32/Wajam (variant), Win32/OpenCandy, Win32/Toolbar.Conduit.AE (variant), Win32/Toolbar.Conduit.AJ (variant)
16.33%

Panda Antivirus
Adware/Conduit, PUP/Conduit.A
10.20%

SUPERAntiSpyware
Adware.Conduit/Variant
10.20%

Trend Micro House Call
TROJ_GEN.F47V0127, TROJ_GEN.F47V0102, TROJ_GEN.F47V0613, TROJ_GEN.F47V0911
8.16%

Rising Antivirus
PE:PUF.OpenCandy!1.9DE5
6.12%

Boost by Reason
Adware.Conduit.Q
4.08%

herdProtect (fuzzy)
a variant of 1dc08d3d16d0fea70e55579219369411c99e00b4, a variant of fc850be0cdd6e3625c60df9068b94cf2c00350eb
4.08%

K7 AntiVirus
Unwanted-Program
4.08%

NANO AntiVirus
Riskware.Win32.BGuard.csnycu, Trojan.Win32.WebToolbar.dmqirt
4.08%

Kaspersky
not-a-virus:WebToolbar.JS.Condonit, not-a-virus:WebToolbar.Win32.Agent
4.08%

G Data
Win32.Adware.Conduit
4.08%

The domain flvrunner.com has been seen to resolve to the following 7 IP addresses.

69.39.236.56
ip-69.39.236.56.hosted.by.gigenet.com
June 5, 2016

172.99.89.194
May 31, 2016

172.99.89.213
May 27, 2016

50.63.202.40
ip-50-63-202-40.ip.secureserver.net
April 9, 2016

66.228.121.142
66.228.121.142-static.reverse.softlayer.com
July 26, 2015

184.173.251.168
184.173.251.168-static.reverse.softlayer.com
February 6, 2014

184.173.131.159
184.173.131.159-static.reverse.softlayer.com
February 6, 2014

File downloads found at URLs served by flvrunner.com.

1 / 68      (PUP)
http://flvrunner.com/.../download_fr.php  (fileconverter_1.5.exe)

1 / 68      (Adware)
http://flvrunner.com/.../download_pt.php  (setup.exe)

1 / 68      (PUP)
http://flvrunner.com/.../download_de.php  (fileconverter_1.3.exe)

1 / 68      (PUP)
http://flvrunner.com/.../download_du.php  (tb_fileconverter_1.4_b2.exe)

1 / 68      (PUP)
http://flvrunner.com/.../download.php  (flv_runner_b2.exe)

1 / 68      (PUP)
http://flvrunner.com/.../download_sw.php  (fileconverter_1.6.exe)

7 / 68      (PUP)
http://flvrunner.com/.../download_es.php  (fileconverter_1.2.exe)

9 / 68      (PUP)
http://flvrunner.com/.../downloadsp.php  (flvplayer_tsv34bdqg.exe)

The following 442 files have been seen to comunicate with flvrunner.com in live environments.

TCP » 69.39.236.56:80
globalupdate.exe (globalUpdate Update by globalUpdate)

TCP » 50.63.202.40:80
googleupdate.exe13d7b73 (globalUpdate Update by globalUpdate)

TCP » 69.39.236.56:8888
popdeals.exe (Today)

TCP » 69.39.236.56:80
9fe7cfbf-5cc9-4391-a512-8a764fd807c3-1-7.exe (CinemaPlus-3.2cV20.05 by Cinema PlusV20.05)

TCP » 69.39.236.56:80
9fe7cfbf-5cc9-4391-a512-8a764fd807c3-5.exe (CinemaPlus-3.2cV20.05 by Cinema PlusV20.05)

TCP » 69.39.236.56:80
1573.exe (SavePass 1.1 by OB)

TCP » 69.39.236.56:80
9fe7cfbf-5cc9-4391-a512-8a764fd807c3-3.exe (CinemaPlus-3.2cV20.05 by Cinema PlusV20.05)

TCP » 69.39.236.56:80
6054.exe (SavePass 1.1 by OB)

TCP » 69.39.236.56:80
5dfde4f5-80af-4a98-8da4-e95b948f183d-10.exe (Ge-Force by Webar)

TCP » 69.39.236.56:80
a4bc936c-5e01-43ed-9315-bef9a4ae2675-10.exe (SavePass 1.1 by OB)

TCP » 50.63.202.40:80
2c79909a-0790-4040-a366-a60e83b2a157-10.exe (MediaPlayersvideos 1.1 by Enter)

TCP » 69.39.236.56:80
pricehorse.exe (by Pay By Ads)

TCP » 69.39.236.56:80
tbhcn.exe (tcbhn by Blabbers Communications)

TCP » 69.39.236.56:80
d488e0ef-38ce-4f88-bb4a-7a53ee6d0463-1-7.exe (CinemaPlus-4.5vV22.05 by Cinema PlusV22.05)

TCP » 69.39.236.56:80
dailybee.exe

TCP » 69.39.236.56:80
024a6571-2a4e-4467-b299-604f4b85d0bf-7.exe (CinemaPlus-4.5vV23.05 by Cinema PlusV23.05)

TCP » 69.39.236.56:80
avast.exe

TCP » 69.39.236.56:80
shopwit.exe (by Pay By Ads)

TCP » 50.63.202.40:80
mediaplayersvideos 1.1-codedownloader.exe (MediaPlayersvideos 1.1 by Enter)

TCP » 69.39.236.56:80
72adc4fb-6293-4a4b-a6cc-4fa0a475afe3-1-7.exe (CinemaPlus-3.2cV21.05 by Cinema PlusV21.05)

 
Latest 20 of 456 files

URL:
http://flvrunner.com/

Title:
“Download Now”

Description:
“Free Video Converter Add-on”

Web server:
nginx/1.5.0 (PHP/5.3.29)

Facebook:
Likes:  671,064
Shares:  80
Comments:  3,052

Compete.com:
US visitors:  467,373

Statistics above are for the previous month of March 2024.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.