www.vanbasco.com

Daniel Pustka

Domain Information

The domain www.vanbasco.com registered by Daniel Pustka was initially registered in June of 1997 through CPS-DATENSYSTEME GMBH. Currently this domain has been known to host various forms of malware. The hosted servers are located in Nuremberg, Bayern within Germany which resides on the RIPE Network Coordination Centre network.
Registrar:
CPS-DATENSYSTEME GMBH

Server location:
Bayern, Germany (DE)

Create date:
Wednesday, June 11, 1997

Expires date:
Friday, June 10, 2016

Updated date:
Tuesday, May 26, 2015

ASN:
AS24940 HETZNER-AS Hetzner Online AG,DE

Root domain:

Scanner detections:
Malware distribution  (78% detected)

Scan engine
Details
Detections

McAfee
GenericATG-FIE!3859932FCA64, GenericATG-FIE!031EC5E15C97, GenericATG-FIE!6869093BF58E, Virus.W32/Chir.b@MM, Virus.W32/Sality.gen.z
71.43%

AVG
Generic35, Win32/Chir.B@mm, Win32/Sality
71.43%

Jiangmin
Trojan/Yakes.she, Trojan/SmartFortress2012.nnc, Trojan/SmartFortress2012.fmz
57.14%

Dr.Web
Trojan.Winlock.9260, Win32.Runonce.6652, Win32.Sector.30
42.86%

McAfee Web Gateway
BehavesLike.Win32.BadFile.cm, Artemis, BehavesLike.Win32.PWSOnlineGames.ct
42.86%

Antiy Labs AVL
Trojan[FakeAV]/Win32.SmartFortress2012
42.86%

Reason Heuristics
Trojan.Downloader.Meta (M), Trojan.Downloader (M)
28.57%

SUPERAntiSpyware
Trojan.Agent/Gen-FakeAV
28.57%

Microsoft Security Essentials
Threat.Undefined
28.57%

ESET NOD32
Win32/Chir.B virus, Win32/Sality.NBA virus
28.57%

Kaspersky
Email-Worm.Win32.Runouce, Virus.Win32.Sality
28.57%

F-Prot
W32/Thecid.B@mm, W32/Sality.gen2
28.57%

avast!
Win32:Oncer, Win32:SaliCode
28.57%

AegisLab AV Signature
Troj.W32.Gen
14.29%

Zillya! Antivirus
Adware.Agent.Win32.81399
14.29%

The domain www.vanbasco.com has been seen to resolve to the following IP address.

vanbasco.com
April 20, 2014

File downloads found at URLs served by www.vanbasco.com.

1 / 68      (Malware)
http://www.vanbasco.com/.../vkaraoke.exe  (eca590a1a8416c57257ee351bc3e4727)

0 / 68
http://www.vanbasco.com/.../vkaraoke.exe  (9b3c0ab489068a71c4af04d4c459f834)

10 / 68    (Infected)
http://www.vanbasco.com/.../vkaraoke.exe  (ab6b8ee1a81650aac41f093a27514c3e)

6 / 68      (Malware)
http://www.vanbasco.com/.../vanbasco_polish.exe  (6869093bf58ebe72253e776c4870a669)

0 / 68
http://www.vanbasco.com/.../vbsaver.exe  (2e7316f235f6a26bd0ea76fe9cd7d165)

10 / 68    (Malware)
http://www.vanbasco.com/.../vkaraoke.exe  (fd2c3d1b55911cd016cddc707be0960c)

7 / 68      (PUP)
http://www.vanbasco.com/.../vanbasco_russian.exe  (031ec5e15c9791d3212774dc10079795)

3 / 68      (Malware)
http://www.vanbasco.com/.../vkaraoke.exe  (0cc496a096d15026963530815f5e3978)

6 / 68      (Malware)
http://www.vanbasco.com/.../vanbasco_french.exe  (3859932fca6446a5e42983c016655d44)

3 / 68      (Malware)
http://www.vanbasco.com/.../vkaraoke.exe  (0cc496a096d15026963530815f5e3978)

The following file have been seen to comunicate with www.vanbasco.com in live environments.

URL:
http://www.vanbasco.com/

Title:
“vanBasco Software: MIDI and Karaoke Software for Windows”

Description:
“vanBasco Software provides MIDI and Karaoke Software for Windows”

Web server:
Apache/2.0.49 (Linux/SuSE)

Facebook:
Likes:  82
Shares:  586
Comments:  183

Statistics are for the previous month.