home

www.pdfcore.com

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain www.pdfcore.com is registered by proxy through ENOM, INC. and was originally registered in July of 2008. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Houston, Texas within the United States which resides on the ThePlanet.com Internet Services, Inc. network.
Registrar:
ENOM, INC.

Server location:
Texas, United States (US)

Create date:
Thursday, July 10, 2008

Expires date:
Sunday, July 10, 2016

Updated date:
Wednesday, June 10, 2015

ASN:
AS21844 THEPLANET-AS - ThePlanet.com Internet Services, Inc.

Root domain:
pdfcore.com

Whois:
3 pdfcore.com records

Google Safe Browsing:
unwanted

Scanner detections:
Detections  (83% detected)

Scan engine
Details
Detections

ESET NOD32
Win32/OpenCandy, Win32/OpenCandy (variant), Win32/InstallCore.UF (variant)
100.00%

Reason Heuristics
PUP.Optional.Installer.P, PUP.Bundler (L), PUP.Bundler.TsingsoftImaginationInformationTechnologyCo.Installer.Meta (L), Win32.Generic.TechEvolveGMBH.Installer.Meta
100.00%

NANO AntiVirus
Trojan.Win32.OpenCandy.cumjqq
40.00%

McAfee
Artemis!C1C27B93CDD3
20.00%

K7 AntiVirus
Unwanted-Program
20.00%

Norman
InstallCore.CERT
20.00%

Trend Micro House Call
Suspicious_GEN.F47V1222
20.00%

Comodo Security
ApplicUnwnt
20.00%

Dr.Web
Trojan.InstallCore.11
20.00%

VIPRE Antivirus
InstallCore
20.00%

Sophos
Generic PUA CI
20.00%

Avira AntiVirus
ADWARE/InstallCore.Gen9
20.00%

Baidu Antivirus
Adware.Win32.InstallCore
20.00%

Fortinet FortiGate
Riskware/InstallCore
20.00%

The domain www.pdfcore.com has been seen to resolve to the following 2 IP addresses.

184.173.227.114
184.173.227.114-static.reverse.softlayer.com
July 7, 2015

174.123.129.103
67.81.7bae.static.theplanet.com
December 22, 2013

File downloads found at URLs served by www.pdfcore.com.

0 / 68
http://www.pdfcore.com/AdvancedPDFUtilitiesFree.exe  (ccsetup509.exe)

13 / 68    (PUP)
http://www.pdfcore.com/AdvancedPDFUtilitiesFree.exe  (c1c27b93cdd3b7babffd2c31d9ab12ab)

3 / 68      (PUP)
http://www.pdfcore.com/AdvancedJPGtoPDFFree.exe  (0caad05ad1bff7f2b8ff0ba11b2c5050)

2 / 68      (PUP)
http://www.pdfcore.com/AdvancedOCRFree.exe  (22cf60b518df87e51f641ed38c5f9fc3)

3 / 68      (PUP)
http://www.pdfcore.com/AdvancedPDFUtilitiesFree.exe  (fc081b1e1998f9e9921b7e048ce09118)

2 / 68      (PUP)
http://www.pdfcore.com/AdvancedOCRFree.exe  (8f5f9e197fb66246ef221a6e2a1c0f04)

The following 8 files have been seen to comunicate with www.pdfcore.com in live environments.

TCP » 184.173.227.114:80
goup.exe

TCP » 184.173.227.114:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 184.173.227.114:80
goup.exe

TCP » 184.173.227.114:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 184.173.227.114:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 184.173.227.114:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 184.173.227.114:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 184.173.227.114:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

URL:
http://www.pdfcore.com/

Google Analytics:
UA-32392349

Title:
“PDFCore - Advanced PDF Utilities Free - Free PDF Document & Image Software”

Description:
“Advanced PDF Utilities Free helps deal with PDF files such as to merge or split pages, convert PDF to text & convert image to PDF or vice versa.”

Web server:
Apache/2.4.7 (PHP/5.5.9-1ubuntu4.14)

Facebook:
Likes:  7
Shares:  47
Comments:  2

Statistics are for the previous month.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.