home

www.rocketbackups.com

MP3 Rocket Inc

Domain Information

The domain www.rocketbackups.com registered by MP3 Rocket Inc was initially registered in May of 2013 through REGIONAL NETWORK INFORMATION CENTER, JSC DBA RU-CENTER. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Montreal, Quebec within Canada which resides on the iWeb Technologies Inc. network.
Registrar:
REGIONAL NETWORK INFORMATION CENTER, JSC DBA RU-CENTER

Server location:
Quebec, Canada (CA)

Create date:
Friday, May 3, 2013

Expires date:
Wednesday, May 3, 2023

Updated date:
Monday, May 13, 2013

ASN:
AS32613 IWEB-AS - iWeb Technologies Inc.,CA

Root domain:
rocketbackups.com

Whois:
2 rocketbackups.com records

Scanner detections:
Detections  (96% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.MP3Support.J, PUP.MP3Support.N, PUP.Optional.Installer.SCCE, PUP.Installer.MP3Support, Threat.Installer.SCCE, PUP.installCore.Installer, PUP.installCore.MP3TechSupport.Installer (M), Win32.Generic.SCCE.Installer.Meta, PUP.OpenCandy.SCCE.Installer.Meta (M), PUP.installCore.MP3TechS.Installer (M)
83.67%

Dr.Web
Adware.Downware.1417, Adware.OpenCandy.139, Adware.OpenCandy.163, Adware.OpenCandy.171, Win32.Parite.1
63.27%

VIPRE Antivirus
Trojan.Win32.Generic, Opencandy, Threat.46248
63.27%

AVG
Generic, Win32/Parite
63.27%

ESET NOD32
Win32/Bundled.Toolbar.Ask (variant), Win32/InstallCore.PY (variant), Win32/OpenCandy (variant), Win32/Injected (variant), Win32/OpenCandy.E potentially unsafe (variant)
61.22%

Baidu Antivirus
Adware.Win32.OpenCandy, Adware.Win32.InstallCore
59.18%

McAfee
Artemis!DD4D58D80482, Artemis!A1462ABB9F46, Artemis!9B554F1BB383, Artemis!0AC6AAF817DB, Artemis!2A6A8EA83A8E, Artemis!EF317EE22806, Artemis!9834C63403AD, Artemis!881710870ED5, Artemis!03401FFC6A8D
53.06%

Fortinet FortiGate
Riskware/InstallCore, Riskware/OpenCandy
51.02%

K7 AntiVirus
Unwanted-Program
51.02%

Zillya! Antivirus
Downloader.Agent.Win32.248040, Downloader.Agent.Win32.260269, Trojan.Kryptik.Win32.805012
46.94%

Trend Micro House Call
TROJ_GEN.F47V1119, Suspicious_GEN.F47V0911, TROJ_GEN.F47V0203, Suspicious_GEN.F47V0204, Suspicious_GEN.F47V0129, Suspicious_GEN.F47V0226, Suspicious_GEN.F47V0418
44.90%

Kaspersky
not-a-virus:Downloader.Win32.Agent, Virus.Win32.Parite
42.86%

avast!
Win32:Malware-gen, Win32:Parite
42.86%

Sophos
Generic PUA NF, Generic PUA BF, Generic PUA OB, Generic PUA JB, Virus 'W32/Parite-A'
38.78%

SUPERAntiSpyware
PUP.MP3Rocket/Variant
36.73%

The domain www.rocketbackups.com has been seen to resolve to the following 2 IP addresses.

174.142.161.29
August 27, 2015

209.44.121.78
April 26, 2014

File downloads found at URLs served by www.rocketbackups.com.

9 / 68      (PUP)
http://www.rocketbackups.com/.../mp3rocket.exe  (ef317ee2280617803d15c2043bd0c734)

2 / 68      (PUP)
http://www.rocketbackups.com/downloads/.../mp3rocket-pro.exe  (dd497a78ca3d5f194985b5396cff01da)

URL:
http://www.rocketbackups.com/

Web server:
Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.