home

1269316056.rsc.cdn77.org

DataCamp Limited

Domain Information

This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in United, Pennsylvania within the United States which resides on the RIPE Network Coordination Centre network.
Registrar:
Gransy s.r.o. d/b/a subreg.cz

Server location:
Pennsylvania, United States (US)

ASN:
AS60068 CDN77 Datacamp Limited,GB

Root domain:
cdn77.org

Whois:
1 cdn77.org record

Scanner detections:
Detections  (67% detected)

Scan engine
Details
Detections

ESET NOD32
Win32/DownWare.AR potentially unwanted application
80.00%

Reason Heuristics
Adware.Downloader (M), PUP.Bundler (M)
40.00%

avast!
Win32:Evo-gen [Susp]
40.00%

Microsoft Security Essentials
Worm:Win32/NeksMiner.A
20.00%

F-Secure
Application:W32/Generic.70053c248f!Online
20.00%

AVG
Could be an adware MultiBundle
20.00%

The domain 1269316056.rsc.cdn77.org has been seen to resolve to the following 4 IP addresses.

185.59.223.24
new-york-2.cdn77.com
June 27, 2016

185.93.0.16
atlanta-3.cdn77.com
June 7, 2016

185.93.0.27
atlanta-4.cdn77.com
June 7, 2016

185.59.223.28
new-york-20.cdn77.com
June 6, 2016

File downloads found at URLs served by 1269316056.rsc.cdn77.org.

0 / 68
http://1269316056.rsc.cdn77.org/PowerISOdownload.exe  (95e0437aabc9848bb651505f032c4da6)

2 / 68      (PUP)
http://1269316056.rsc.cdn77.org/ooVoodownload.exe  (3d12a3ed4cfd2b7d6f13d8a78c7be6ad)

3 / 68      (PUP)
http://1269316056.rsc.cdn77.org/IMVU_download.exe  (c229e3e9507ad44659668bcab659b873)

2 / 68      (PUP)
http://1269316056.rsc.cdn77.org/IMVU_download.exe  (266b3fe4d13fc901ce3c477d4f898d6b)

2 / 68      (PUP)
http://1269316056.rsc.cdn77.org/FL Studio_download.exe  (afb31f772b303f44094095b9452c91ed)

2 / 68      (false positives)
http://1269316056.rsc.cdn77.org/FL Studio_download.exe  (wrar420.exe)

2 / 68      (false positives)
http://1269316056.rsc.cdn77.org/IMVU_download.exe  (wrar420.exe)

The following 8 files have been seen to comunicate with 1269316056.rsc.cdn77.org in live environments.

TCP » 185.59.223.24:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 185.59.223.28:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 185.59.223.24:443
beaglebrowser.exe (BeagleBrowser by The BeagleBrowser Authors)

TCP » 185.59.223.24:443
mustang.exe (Mustang Browser by Rafotech)

TCP » 185.59.223.24:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 185.59.223.24:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 185.59.223.24:443
online-guardian-v2.0.9.exe

TCP » 185.59.223.24:80
browser.exe (Browser)

TCP » 185.59.223.24:443
online-guardian-v2.0.9.exe

URL:
http://1269316056.rsc.cdn77.org/

SSL certificate subject:
CN=rsc.cdn77.org, O=DataCamp Limited, L=London, S=England, C=GB

SSL certificate issuer:
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US

Web server:
CDN77-Turbo

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.