home

galaxy3d.com

none

Domain Information

The domain galaxy3d.com registered by none was initially registered in October of 2009 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Berlin, Berlin within Germany which resides on the RIPE Network Coordination Centre network.
Registrar:
GODADDY.COM, LLC

Server location:
Berlin, Germany (DE)

Create date:
Sunday, October 11, 2009

Expires date:
Tuesday, October 11, 2016

Updated date:
Wednesday, September 16, 2015

ASN:
AS24940 HETZNER-AS , DE

Whois:
2 galaxy3d.com records

Scanner detections:
Detections  (68% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Bundler.YoutubeDownloaderHD.Installer.Meta (M), PUP.Bundler.YoutubeD.Installer.Meta (M), PUP.Bundler (M)
97.14%

Microsoft Security Essentials
Worm:Win32/NeksMiner.A
2.86%

F-Secure
Application:W32/Generic.70053c248f!Online
2.86%

The domain galaxy3d.com has been seen to resolve to the following 2 IP addresses.

138.201.200.72
hz4.fdrlab.com
September 3, 2016

5.9.139.238
hz2.fdrlab.com
November 1, 2014

File downloads found at URLs served by galaxy3d.com.

0 / 68
http://galaxy3d.com/.../youtube_downloader_hd_setup.exe  (95b21abeb7b1c7b191204624a0db5a69)

1 / 68      (PUP)
http://galaxy3d.com/.../youtube_downloader.exe  (b4246cd4b7c56d97b8fb734ddbde25e9)

The following 6 files have been seen to comunicate with galaxy3d.com in live environments.

TCP » 138.201.200.72:80
undelete-360.exe (Undelete 360 by File Recovery)

TCP » 138.201.200.72:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 138.201.200.72:80
restaurer des fichiers supprimés.exe (Undelete 360 by File Recovery)

TCP » 138.201.200.72:80
undelete_360_2.14_mars_2012.exe (Undelete 360 by File Recovery)

TCP » 138.201.200.72:80
UCBrowser.exe (by UCWeb)

TCP » 138.201.200.72:80
undelete-360.exe (Undelete 360 by File Recovery)

March 4, 2016
www.galaxy3d.com

URL:
http://galaxy3d.com/

Title:
“Download”

Web server:
Apache/2.2.23 (FreeBSD) PHP/5.5.30 mod_ssl/2.2.23 OpenSSL/0.9.8y DAV/2 (PHP/5.5.30)

anytvonline.com

anytvplayer.com

avi-previewer.com

duplicate-finder.com

fdrlab.com

filerepair1.com

mmtoolz.com

screenomania.com

ss-tools.com

undelete360.com

undeleteunerase.com

windows-password-cracker.com

zip-password-cracker.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.