home

www.pchealth.co

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain www.pchealth.co is registered by proxy through GODADDY.COM, INC. and was originally registered in June of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Scottsdale, Arizona within the United States which resides on the GoDaddy.com, LLC network.
Registrar:
GODADDY.COM, INC.

Server location:
Arizona, United States (US)

Create date:
Wednesday, June 11, 2014

Expires date:
Friday, June 10, 2016

Updated date:
Thursday, June 11, 2015

ASN:
AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC,US

Root domain:
pchealth.co

Whois:
2 pchealth.co records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Optional.Installer.T, Win32.Generic
100.00%

Qihoo 360 Security
Malware.QVM05.Gen
50.00%

Dr.Web
infected with BackDoor.Infector.133, Adware.Downware.8416
50.00%

Sophos
Install Core Click run software
50.00%

G Data
Win32.Application.PCHealthBoost
50.00%

Vba32 AntiVirus
Signed-Riskware.PCHealthBoost
50.00%

AVG
BoostSoftwareInc
25.00%

The domain www.pchealth.co has been seen to resolve to the following 3 IP addresses.

184.168.221.32
ip-184-168-221-32.ip.secureserver.net
April 9, 2016

104.28.30.40
November 17, 2014

104.28.31.40
November 17, 2014

File downloads found at URLs served by www.pchealth.co.

1 / 68      (PUP)
http://www.pchealth.co/download.php  (pchealthboost-setup.exe)

1 / 68      (PUP)
http://www.pchealth.co/download.php  (pchealthboost-setup.exe)

6 / 68      (PUP)
http://www.pchealth.co/download.php  (pchealthboost-setup.exe)

7 / 68      (PUP)
http://www.pchealth.co/download.php  (pchealthboost-setup.exe)

The following 49 files have been seen to comunicate with www.pchealth.co in live environments.

TCP » 184.168.221.32:80
googleupdate.exe13d7b73 (globalUpdate Update by globalUpdate)

TCP » 184.168.221.32:80
53431e5d-123a-4132-929f-edd70094c003-5.exe (Sense by Object Browser)

TCP » 184.168.221.32:80
111d40f8-4a7e-41e8-89c6-9280f3bbdccc-5.exe (Ge-Force by iWebar)

TCP » 184.168.221.32:80
3b0963c3-f34e-4ea1-b698-b22e42d44528-10.exe (MediaPlayersvideos 1.1 by Enter)

TCP » 184.168.221.32:80
199a15b42c3bcdccaf79bb920057390f5de049fcf37ab82699bb0ec62cd855e4 (I - Cinema by DiscountFrenzy)

TCP » 184.168.221.32:80
ddc263de-b91b-4f7b-9315-f0b9ef68a3a0-5.exe (GoHD by InstallMoon)

TCP » 184.168.221.32:80
53431e5d-123a-4132-929f-edd70094c003-4.exe (Sense by Object Browser)

TCP » 184.168.221.32:80
fe0aba47-b5bc-435c-8c40-10352fa23d1b-5.exe (HD-Quality-1.1V02.12 by HD-QualityV02.12)

TCP » 184.168.221.32:80
132fb973-4298-4853-a196-f2c937c3c504-5.exe (HQ-Video-Pro-2.1cV02.12 by HQ-VideoV02.12)

TCP » 184.168.221.32:80
sexymligofpe.exe

TCP » 184.168.221.32:80
app lid-codedownloader.exe (App Lid by Lid)

TCP » 184.168.221.32:80
5c9d1a28-82c6-4b06-9649-83cc90f16ffe-5.exe (HQ-VidPro-2.5cV04.12 by HQ-Video2.5dV04.12)

TCP » 184.168.221.32:80
57718c3a-e93d-4413-b4fd-f9d6d46e78d3-5.exe (TheTorntvs V10 1.1 - by no)

TCP » 184.168.221.32:25
sexymligofpe.exe

TCP » 184.168.221.32:80
b157cc16-2c62-4e68-8e21-75b6d6ed8111-5.exe (Object Browser)

TCP » 184.168.221.32:80
c6576ccf-ef1b-42f7-aaf1-49268a4dbfba-2.exe (App Lid by Lid)

TCP » 184.168.221.32:80
fe0aba47-b5bc-435c-8c40-10352fa23d1b-7.exe (HD-Quality-1.1V02.12 by HD-QualityV02.12)

TCP » 184.168.221.32:80
34f10d8a-b8ba-4bec-bae2-1dd6495b7ae3-5.exe (Internet Speed Checker by Speedchecker)

TCP » 184.168.221.32:80
3b1819cd61fb94db4848bf3096c646eed94904aa3e125c986384ebc3dbf78159 (I - Cinema by DiscountFrenzy)

TCP » 184.168.221.32:80
111d40f8-4a7e-41e8-89c6-9280f3bbdccc-7.exe (Ge-Force by iWebar)

 
Latest 20 of 52 files

URL:
http://www.pchealth.co/

Web server:
Microsoft-IIS/7.5 (ASP.NET) (Version: 4.0.30319)

brown1switch.com

juicyadult.com

win-torrent-download.net

0106solutions.info

0111life.info

0122d.info

424odd.com

acceptready.com

advinapps.com

aviatorbrowser.com

chipcalculator.info

comcircuit.info

computedomain.info

computerresearch.info

down1213tech.info

down9876group.info

downloadchip.info

exfilesdesk.com

file16desktop.com

file26desktop.com

fourthdownmanage.com

freevidlogger.com

greencastlecomponent.info

knowledgeinternet.info

mattjrosenberg.com

menuspeech.info

napbestfiles.com

oathready.com

pagedigital.info

rampgoing.com

30 of 40 related domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.