home

netuksetsetnews.info

NirCohen c/o Dynadot Privacy

Domain Information

This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Phoenix, Arizona within the United States which resides on the CloudFlare, Inc. network. The domain uses the CloudFlare CDN, a distributed domain name server service which utilizes a number of reverse proxy IP Addresses (see below).
Registrar:
Dynadot, LLC (R259-LRMS)

Server location:
Arizona, United States (US)

ASN:
AS13335 CLOUDFLARENET - CloudFlare, Inc.,US

Whois:
1 netuksetsetnews.info record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Avira AntiVirus
TR/Crypt.XPACK.Gen, ADWARE/Adware.Gen4, ADWARE/MultiPlug.Gen4
100.00%

MicroWorld eScan
Gen:Variant.Adware.Kazy.288218, Gen:Variant.Application.Bundler.16
100.00%

McAfee
MultiPlug
100.00%

NANO AntiVirus
Riskware.Win32.MultiPlug.deldri, Riskware.Win32.MultiPlug.dekkbu
100.00%

Bitdefender
Gen:Variant.Adware.Kazy.288218, Gen:Variant.Application.Bundler.16
100.00%

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.288218, Gen:Variant.Application.Bundler.16
100.00%

F-Secure
Gen:Variant.Kazy.288218, Gen:Variant.Application.Bundler
100.00%

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.288218, Gen:Variant.Application.Bundler.16
100.00%

G Data
Gen:Variant.Adware.Kazy.288218, Gen:Variant.Application.Bundler.16
100.00%

AhnLab V3 Security
PUP/Win32.MultiPlug
100.00%

AVG
Adware Generic5.BIVI, Adware Generic5.BIMM
100.00%

Kaspersky
not-a-virus:AdWare.Win32.MultiPlug, HEUR:Trojan.Win32.Generic
80.00%

Dr.Web
BackDoor.Andromeda.421, Trojan.Crossrider.31895
80.00%

ESET NOD32
Win32/AdWare.MultiPlug.CB (variant), Win32/AdWare.MultiPlug.BS (variant)
80.00%

Comodo Security
Application.Win32.MultiPlug.YX
60.00%

The domain netuksetsetnews.info has been seen to resolve to the following 2 IP addresses.

104.28.19.41
September 2, 2014

104.28.18.41
September 2, 2014

File downloads found at URLs served by netuksetsetnews.info.

15 / 68    (PUP)
http://netuksetsetnews.info/v1319/lp/?q=Rb/L5AWP2elb/34567SDrPKbIt3MOhhdRHOWGjJeAIAcfV62dczvUngZvwVkEGVenlohaXGJeGc4cRtD9VUqSMnlIcrQzp/LJ5yXbfJzAw/.../yNn8E0VmggiFCBkFPbG0xYsHTJOPZrOLR1WTqrC7Bat8gXRA4FUx4EIo&external_id=1409465531575665463  (Download.exe)

22 / 68    (PUP)
http://netuksetsetnews.info/v625/lp/?q=yyZH7UA/m17K789/XZIYbYvur09WVvgGxTWJejqx48EBs8Q5oa8xy9XnHRbZ4c0Zq9yo6evv/Cb/0R838FywMaq8JMH14y5FisqQxT2AiUWlPVTvBEudSzJlQsI/Yp1naq8F05OWXPF7sf9faZF2WuPT1NozZLRdwY1bpfR DlsZHCA3YhT4AwL3uPQ4Su0KSmeIH2Xp7ATvkIwtvfwmKrEy3YbbWqFX9OPymjpC m005a4mg9c7kIxKZqUgi6YyWq8ZU1bK7xf 2BFHJLrI3i2zTYkRwR3/.../Am&external_id=1409460470290596626  (IGG-The.Escapists.Early.rar.exe)

15 / 68    (PUP)
http://netuksetsetnews.info/v2825/lp/?q=mGp4wDwmKvmi4KEG xnCcvotS8K7B6Y76UwHL07wCeaHiKyXfz91CoGC45uGHuZuSIbA1QDUVIWaS5tk/6laN8yZEnqnNze8Bwno6u6e4DFtUT DEG/.../Gkojj7CbGGaA0h4kMVNYqEYoolACo TrJ7xM&external_id=1409509904283179053  (Roommates.exe)

15 / 68    (PUP)
http://netuksetsetnews.info/v2145/lp/?q=DYeUOOVJJTEPCbcdefXgPK4i7JDScIXERyPGPYeSbyg5KeKss35FwHjdSg6JU4I7q iux BEb2/w/ziRJrVJx1NiEVt2QsSboJet9xV RoRpIivrfr3KLVUI5cZTgZposrJ2Hy6VVhDVekxj6vJVeOCPaetRW2Ayb9NEOW0LYcMXkXsO1SsmPV5UEmMWXb5kUYN2/kdhgTHpugBdRtvucyQA5lf4mPXG2Ckk7sKJX13grUqAiajsy 3SJImWmbMaLpEi1nKR4zlW5vB0 P4Pz7gwGNn8kl4URNG7ZH/nkptzmrosD4QVvrI7K0NLbfpFcxTjcrsMVIrWDNLEy6EwNXlumW8HYvfsSX/D1L340vgds3/x0wDdW/IwzlqswJkGNam5paQ1UYcAyXT7eFFyDCbGIQw2YjH3s5FVGUc72O7fvve0iD2fHttYC tSGXWFrXw1nxEhM2AUuw7Z3qeN6jgiJ3n8lSVqiwQHzQhUWRDJX4j8IT m5sAZEnVElJ6eISvobnMno6 ZKrOFdxhf4iADoA2/.../xafZGdyb9A5RHqf5eI bXy0sCSUbn8HJHHvdbEz9bQEVA5xisaHU5WSrd3FIxw9ndZAPNurS&external_id=1409510441222174157  (the roommates full game patch eng - all mobile drivers l pc software free download.exe)

15 / 68    (PUP)
http://netuksetsetnews.info/v2825/lp/?q=Dcy0JvzvBWmRkg0123CbIZ K7JMCbOv2ux4aZFMUey48TDlCJ35 X23Ocg7XPANJmICb1nxrSipzCr3VliQOW8YxGCaBWFRHVHDWj1dHfLoqY2cv aaNW41f8qUX3MHmPX ua9LgKwAmcjT5FcbyBDuq1x4N TZM6dwk5 No8PsnUycS9q1zVaHT8rqvu6c2NKyE1hW5ag8I1RdpZtoyXthbpqbKJiA71 JNrJwYiLDxHynNKokh4fbA89tMBKGU0ypRes2l1Shm9CwqbNM pGWVvDjXG1SD0fbvoi4xvYPNbd0tmg1ATL3KmYqGsBjppXyBVLeN0pPuZ bvTOiyJ45BHgYSzJ1QrOrYmxnGLuZ04oW68F7sK3GsQ0c2M15cO338PriNzxUuxYRZ7nllz1wcf0Vp2y5IH/.../K7u1EhZ1kWvkDpziEUvAhirb1rN0pmFtRak8Kbopp5cy510qlCyyxRNGiH1IbMibruuT9QC4QFFPvbi&external_id=1409510550675234098  (The Roommates Full Game Patch Eng.exe)

URL:
http://netuksetsetnews.info/

Title:
“Welcome to nginx!”

SSL certificate subject:
CN=sni40076.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
cloudflare-nginx (ASP.NET)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.