home

www.emulesite.info

emule project s.l. B86464104

Domain Information

This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Scottsdale, Arizona within the United States which resides on the GoDaddy.com, LLC network.
Registrar:
GoDaddy.com, LLC (R171-LRMS)

Server location:
Arizona, United States (US)

ASN:
AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC,US

Root domain:
emulesite.info

Whois:
1 emulesite.info record

Scanner detections:
Detections  (90% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Vitallia.ROMEOSOUTH.Installer (M), PUP.ELECTRONICCOMMERCEFACTORYSL.X, PUP.ELECTRONICCOMMERCEFACTORYSL.I, PUP.Installer.ELECTRONICCOMMERCEFACTORYSL.h, PUP.Solimba (M)
94.74%

ESET NOD32
Win32/InstallCore.QB (variant), Win32/InstallCore.QW (variant), Win32/InstallCore.SO (variant), Win32/WebDevAZ.C potentially unwanted
21.05%

Trend Micro House Call
Suspicious_GEN.F47V0722, Suspicious_GEN.F47V1204, Suspicious_GEN.F47V1218
15.79%

Avira AntiVirus
ADWARE/InstallCore.Gen9, ADWARE/InstallCore.Gen7
15.79%

Baidu Antivirus
Adware.Win32.InstallCore
15.79%

McAfee
Artemis!E7CB41DA74A3, Artemis!478CEBBF9346, Artemis!2D556569AE19
15.79%

ESET NOD32
Win32/InstallCore.ADX.gen potentially unwanted application, Win32/WebDevAZ.C potentially unwanted application
15.79%

Rising Antivirus
PE:Trojan.Win32.Generic.137A42C9!326779593
10.53%

Fortinet FortiGate
Riskware/InstallCore
10.53%

AVG
Generic
10.53%

Dr.Web
Trojan.InstallCore.1903
10.53%

Qihoo 360 Security
Win32/Virus.Adware.f22
5.26%

Sophos
Generic PUA PF
5.26%

avast!
Win32:Rootkit-gen [Rtk]
5.26%

VIPRE Antivirus
Trojan.Win32.Generic
5.26%

The domain www.emulesite.info has been seen to resolve to the following 3 IP addresses.

184.168.221.92
ip-184-168-221-92.ip.secureserver.net
June 30, 2015

173.192.13.146
173.192.13.146-static.reverse.softlayer.com
December 20, 2014

108.168.141.58
108.168.141.58-static.reverse.softlayer.com
August 17, 2014

File downloads found at URLs served by www.emulesite.info.

1 / 68      (Adware)
http://www.emulesite.info/down/dm/def/versions/w/.../eMule0.60.exe  (4cc3fa3297b01919c50d5ef1c237ed54)

1 / 68      (PUP)
http://www.emulesite.info/down/dm/.../eMule0.60-v1.0.0.4.exe  (2a769539_stp.exe)

2 / 68      (PUP)
http://www.emulesite.info/down/dm/def/versions/.../eMule0.60.exe  (a82faee33f66e8715e4122c4b7c90c2f)

3 / 68      (PUP)
http://www.emulesite.info/down/dm/def/versions/.../eMule0.60.exe  (f48dc8575bd91ca2f184f1a987c654c2)

3 / 68      (PUP)
http://www.emulesite.info/down/dm/def/versions/.../eMule0.60.exe  (598d93f4e17e93e5fc1b455f71c5f0a0)

8 / 68      (Adware)
http://www.emulesite.info/down/dm/def/versions/.../eMule0.60.exe  (e7cb41da74a3bafdfd20c28c43f7d41c)

1 / 68      (PUP)
http://www.emulesite.info/down/dm/.../eMule0.60.exe  (045c5bc208cae07aab70f4aeb000549f)

2 / 68      (PUP)
http://www.emulesite.info/down/dm/.../eMuleTorrent.exe  (4f3775a9fc09edacefd4f02e384d7c0c)

0 / 68
http://www.emulesite.info/down/dm/.../eMule0.60.exe  (e9d036b6fbf9f304cb7fcf2ddd6d9b95)

1 / 68      (PUP)
http://www.emulesite.info/down/dm/.../eMule0.60-v1.0.0.1.exe  (4c3fc05ed33625ef6796c054699963ea)

3 / 68      (Adware)
http://www.emulesite.info/down/dm/.../eMule0.60.exe  (icreinstall_emule0.60.exe)

4 / 68      (inconclusive)
http://www.emulesite.info/down/dm/def/versions/.../eMule0.60.exe  (2d556569ae19f7f30dfea065eb714204)

1 / 68      (PUP)
http://www.emulesite.info/down/dm/.../eMule0.60.exe  (426aca6b5653649fe9b76deee2ae8e70)

10 / 68    (Adware)
http://www.emulesite.info/down/dm/def/versions/.../EmulePC.exe  (emulepc_setup_v1.0.5.a0.1_31028_450_stub.exe)

3 / 68      (PUP)
http://www.emulesite.info/down/dm/def/versions/.../EmulePC.exe  (icreinstall_emulepc.exe)

3 / 68      (Adware)
http://www.emulesite.info/down/dm/def/versions/.../eMule0.60.exe  (b71a2daab77e1e6775c89280223f4082)

3 / 68      (Adware)
http://www.emulesite.info/down/dm/def/versions/.../eMule0.60.exe  (b71a2daab77e1e6775c89280223f4082)

3 / 68      (Adware)
http://www.emulesite.info/down/dm/.../eMule0.60.exe  (b71a2daab77e1e6775c89280223f4082)

1 / 68      (PUP)
http://www.emulesite.info/down/dm/.../eMule0.60.exe  (9e196ca7004067456e5ceacb1f5fbdd1)

1 / 68      (PUP)
http://www.emulesite.info/down/dm/.../eMule0.60.exe  (d9e0b649e894bd463400a94e40badaa2)

2 / 68      (PUP)
http://www.emulesite.info/down/dm/.../emule050a.exe  (db19f78d9666b01fd60e2bd9e29fd7fa)

2 / 68      (PUP)
http://www.emulesite.info/down/dm/.../emule049c.exe  (c4a5ad1952dac2be3ee8b766e9755cb1)

The following 2 files have been seen to comunicate with www.emulesite.info in live environments.

TCP » 184.168.221.92:80
produpd.exe (produpd.exe by Vested Development, Inc)

TCP » 184.168.221.92:80
UCBrowser.exe (UC Browser by UCWeb)

URL:
http://www.emulesite.info/

Web server:
Microsoft-IIS/7.5 (ASP.NET) (Version: 4.0.30319)

emulestore.com

dwnmula.com

emule.com

dcepage.net

getwebcake.com

portalprogramas-descarga.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.