home

google.pl

Domain Information

Server location:
California, United States (US)

ASN:
AS15169 GOOGLE - Google Inc.,US

Scanner detections:
Malware distribution  (67% detected)

Scan engine
Details
Detections

Dr.Web
Win32.Sector.30
50.00%

F-Prot
W32/Virut.AI!Generic
50.00%

VIPRE Antivirus
Threat.4819585
50.00%

avast!
Win32:Sality-GR
50.00%

McAfee
Virus.W32/Sality.gen.z
50.00%

Kaspersky
Trojan-Ransom.Win32.Blocker
50.00%

AVG
Win32/Sality
50.00%

ESET NOD32
Win32/Sality.NDR virus
50.00%

Norman
Win32.Sality.4
50.00%

Sophos
Virus 'Mal/Sality-E'
50.00%

Reason Heuristics
PUP.Adknowledge.Fileange.Bundler (M)
50.00%

The domain google.pl has been seen to resolve to the following 14 IP addresses.

172.217.4.35
lga15s46-in-f3.1e100.net
September 13, 2016

172.217.1.3
iad23s25-in-f3.1e100.net
July 8, 2016

216.58.217.67
iad23s41-in-f3.1e100.net
June 23, 2016

172.217.1.195
iad23s26-in-f3.1e100.net
June 18, 2016

216.58.195.131
iad23s24-in-f3.1e100.net
May 31, 2016

216.58.217.163
iad23s44-in-f3.1e100.net
May 16, 2016

172.217.2.195
iad23s23-in-f3.1e100.net
April 16, 2016

172.217.1.67
lga15s44-in-f3.1e100.net
April 2, 2016

74.125.29.94
qg-in-f94.1e100.net
February 26, 2016

74.125.228.216
iad23s23-in-f24.1e100.net
February 26, 2016

74.125.228.215
iad23s23-in-f23.1e100.net
February 26, 2016

74.125.228.207
iad23s23-in-f15.1e100.net
February 26, 2016

74.125.228.223
iad23s23-in-f31.1e100.net
February 26, 2016

74.125.22.94
qh-in-f94.1e100.net
February 16, 2016

File downloads found at URLs served by google.pl.

1 / 68      (Adware)
http://google.pl/setup.exe  (7d1b839f78e0f41f4bac84050174827e)

0 / 68
http://google.pl/internet.exe  (0bc23f21dd05c7cca357ac74aac44f4c)

10 / 68    (Malware)
http://google.pl/ChromeSetup.exe  (a78e50b78b6bb9598e0960db0d439deb)

The following 16 files have been seen to comunicate with google.pl in live environments.

TCP » 172.217.1.195:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 172.217.1.67:443
browser.exe (Speed Browser by Smart Applications)

TCP » 172.217.1.67:80
browser.exe (Browser)

TCP » 172.217.4.35:443
browser.exe (Speed Browser by Long Mile Solutions)

TCP » 172.217.4.35:443
catwsprx.exe (CatWSPrx.exe by Catalytix Web Services)

TCP » 172.217.4.35:443
browser.exe (Speed Browser by Smart Applications)

TCP » 216.58.217.163:443
Toolbar.exe (Toolbar Core by APN)

TCP » 216.58.217.67:443
netman.exe

TCP » 216.58.217.67:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 216.58.217.67:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 216.58.217.67:443
cdhtr.exe

TCP » 216.58.217.67:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 74.125.22.94:443
LookThisUp.exe (LookThisUp)

TCP » 74.125.22.94:80
Explore.exe (Chromium by The Chromium Authors)

TCP » 74.125.22.94:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 74.125.228.207:443
browser.exe (Yandex by YANDEX)

TCP » 74.125.228.207:443
mbot_ca_499.exe

TCP » 74.125.29.94:443
HD-Network.exe (BlueStacks by BlueStack Systems)

TCP » 74.125.29.94:443
PastaLeadsService.exe (PastaLeadsService)

May 20, 2016
books.google.pl

May 28, 2016
translate.google.pl

February 16, 2016
www.google.pl

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.