» ni871050_1.vweb02.nitrado.net
Overview
Analysis
IPs Addresses (1)
Downloads (10)
Website Detail

ni871050_1.vweb02.nitrado.net

marbis GmbH

Domain Information

The domain ni871050_1.vweb02.nitrado.net registered by marbis GmbH was initially registered in January of 2005 through CPS-DATENSYSTEME GMBH. Currently this domain has been known to host various forms of malware. The hosted servers are located in Malsch, Baden-Wurttemberg within Germany which resides on the RIPE Network Coordination Centre network.

Registrant:

marbis GmbH

Registrar:

CPS-DATENSYSTEME GMBH

Server location:

Baden-Wurttemberg, Germany (DE)

Create date:

Friday, January 21, 2005

Expires date:

Saturday, January 21, 2017

Updated date:

Wednesday, January 6, 2016

ASN:

AS34309 LINK11 Link11 GmbH,DE

Root domain:

Whois:

1 nitrado.net record

Scanner detections:

Malware distribution (90% detected)

Scan engine

Details

Detections

Emsisoft Anti-Malware

Trojan.GenericKD.3000350, Gen:Variant.Symmi.59468, Gen:Variant.Symmi.60333, Trojan.GenericKD.3053326

80.00%

Qihoo 360 Security

HEUR/QVM33.0.Malware.Gen, HEUR/QVM19.1.Malware.Gen, Win32/Trojan.ced

60.00%

MicroWorld eScan

Trojan.GenericKD.3000350, Gen:Variant.Symmi.59468, Gen:Variant.Symmi.60333, Trojan.GenericKD.3053326

50.00%

Bitdefender

Trojan.GenericKD.3000350, Gen:Variant.Symmi.59468, Gen:Variant.Symmi.60333, Trojan.GenericKD.3053326

50.00%

Arcabit

Trojan.Generic.D2DC81E, Trojan.Symmi.DE84C, Trojan.Symmi.DEBAD, Trojan.Generic.D2E970E

50.00%

Lavasoft Ad-Aware

Trojan.GenericKD.3000350, Gen:Variant.Symmi.59468, Gen:Variant.Symmi.60333, Trojan.GenericKD.3053326

50.00%

F-Secure

Trojan.GenericKD.3000350, Gen:Variant.Symmi.59468, Gen:Variant.Symmi.60333, Trojan.GenericKD.3053326

50.00%

G Data

Trojan.GenericKD.3000350, Gen:Variant.Symmi.59468, Gen:Variant.Symmi.60333, Trojan.GenericKD.3053326

50.00%

Avira AntiVirus

TR/Rogue.1661952.3, TR/Symmi.2402304.1, TR/Symmi.1629184, TR/Spy.Agent.2391040

40.00%

avast!

Win32:Evo-gen [Susp]

40.00%

Norman

Gen:Variant.Symmi.60333, Gen:Variant.Symmi.59468

40.00%

Reason Heuristics

Riskware.GameTool

30.00%

ESET NOD32

Win32/Packed.Themida suspicious application

30.00%

nProtect

Trojan.GenericKD.3000350, Trojan.GenericKD.3053326

20.00%

AegisLab AV Signature

Troj.Generickd!c, Gen.Variant.Symmi!c

20.00%

The domain ni871050_1.vweb02.nitrado.net has been seen to resolve to the following IP address.

194.169.211.186

vweb02.nitrado.net

February 28, 2016

File downloads found at URLs served by ni871050_1.vweb02.nitrado.net.

11 / 68 (Malware)

http://ni871050_1.vweb02.nitrado.net/.../M2Bob_Dll.dll (9066c86ac4a22cc2e755738d762db55c)

17 / 68 (Malware)

http://ni871050_1.vweb02.nitrado.net/.../M2Bob.exe (81c11ccb691640c0adcdc2984a0ec504)

8 / 68 (Malware)

http://ni871050_1.vweb02.nitrado.net/.../M2Bob_Dll.dll (7b1d625fdbdd94640a7f019282a51624)

1 / 68 (inconclusive)

http://ni871050_1.vweb02.nitrado.net/M2Bob - Patcher.exe (3dbbbc4d0882edc9630b8a2304500719)

2 / 68 (PUP)

http://ni871050_1.vweb02.nitrado.net/.../M2Bob_Dll.dll (2a939571128e6533279a411b391e084f)

5 / 68 (Malware)

http://ni871050_1.vweb02.nitrado.net/.../M2Bob.exe (2de699e31484cc4e1f1f4ada350108cf)

3 / 68 (PUP)

http://ni871050_1.vweb02.nitrado.net/.../M2Bob_Dll.dll (913a001e942a64e2654c21b95045efa7)

5 / 68 (Malware)

http://ni871050_1.vweb02.nitrado.net/.../M2Bob.exe (42fd0a0eb7c794b806c2438d802bf6f3)

11 / 68 (PUP)

http://ni871050_1.vweb02.nitrado.net/.../M2Bob_Dll.dll (3d95cf5e852223d5b685005957d6c056)

19 / 68 (Malware)

http://ni871050_1.vweb02.nitrado.net/.../M2Bob.exe (1daa54f78f7248255ee7cc598e779090)

URL:

http://ni871050_1.vweb02.nitrado.net/

Title:

“nitrado.net - your gameserver provider”

Web server:

Apache/2.2.16

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.