home

gihcn892.pn-installer9.com

Adknowledge  (via a Proxy Registrant)

Domain Information

This is a distribution host for a number of Adknowledge installers including (Fusion Installer, Wrap Installer, Premium Instal, Optimum Installer and many others). The installers are bundled download managers that include adware/ad-supported offers. The domain gihcn892.pn-installer9.com is registered by proxy through TUCOWS DOMAINS INC. and was originally registered in August of 2013. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Belfast, Northern Ireland within United Kingdom which resides on the RIPE Network Coordination Centre network. The domain is associated with the publisher Adknowledge.
Registrar:
TUCOWS DOMAINS INC.

Server location:
Northern Ireland, United Kingdom (GB)

Create date:
Monday, August 12, 2013

Expires date:
Wednesday, August 12, 2015

Updated date:
Monday, August 11, 2014

Root domain:
pn-installer9.com

Whois:
1 pn-installer9.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.Fileadventure.F
100.00%

VIPRE Antivirus
Threat.4798837
100.00%

Clam AntiVirus
Win.Trojan.Agent-763594
100.00%

Avira AntiVirus
Adware/iBryte.zline
100.00%

AVG
Found Win32/DH{gRKBEyAlflCBB3lUTxVRgQkcU04}
100.00%

ESET NOD32
Win32/Adware.iBryte.BS application
100.00%

K7 AntiVirus
Unwanted-Program
100.00%

F-Prot
W32/A-a1a6e5b1
100.00%

Comodo Security
Application.Win32.Ibryte.NW
100.00%

McAfee
Program.IBryte-FSW
100.00%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
100.00%

Malwarebytes
PUP.Optional.Ibryte
100.00%

Kaspersky
not-a-virus:AdWare.Win32.iBryte
100.00%

G Data
Win32.Adware.IBryte
100.00%

Panda Antivirus
Trj/Genetic.gen
100.00%

The domain gihcn892.pn-installer9.com has been seen to resolve to the following IP address.

92.242.140.21
unallocated.barefruit.co.uk
May 3, 2015

File downloads found at URLs served by gihcn892.pn-installer9.com.

40 / 68    (Adware)
http://gihcn892.pn-installer9.com/o/.../setup.exe  (5c4b266d4120fa43c58fb5c7f53b7cf8)

The following 230 files have been seen to comunicate with gihcn892.pn-installer9.com in live environments.

TCP » 92.242.140.21:80
smelled.exe (Smelled)

TCP » 92.242.140.21:443
dca-monitoring.exe (Compete DCA Monitoring Tool by Compete)

TCP » 92.242.140.21:80
marini.exe (Marini)

TCP » 92.242.140.21:443
client.exe (ClientWrapper)

TCP » 92.242.140.21:80
thebrowser.exe (TheBrowser by Goobzo)

TCP » 92.242.140.21:443
dca-monitoring.exe (Compete DCA Monitoring Tool by Compete)

TCP » 92.242.140.21:443
WindowService.exe (WindowService)

TCP » 92.242.140.21:443
ciuninstall.exe

TCP » 92.242.140.21:1866
jutched.exe

TCP » 92.242.140.21:443
dca-monitoring.exe (Compete DCA Monitoring Tool by Compete)

TCP » 92.242.140.21:80
masterupdater.exe

TCP » 92.242.140.21:80
pricemeterexpress.crx

TCP » 92.242.140.21:80
chrome.crx

TCP » 92.242.140.21:80
app-center.crx

TCP » 92.242.140.21:80
ntp.crx

TCP » 92.242.140.21:80
3dayinvite.crx

TCP » 92.242.140.21:80
twitter.crx

TCP » 92.242.140.21:80
viewlater.crx

TCP » 92.242.140.21:80
rss.crx

TCP » 92.242.140.21:80
datapump.crx

 
Latest 20 of 230 files

URL:
http://gihcn892.pn-installer9.com/

Web server:
nginx/1.0.15

adknowledge.com

yourinstaller.com

wisedownloads.com

1-pn-installer.com

2-pn-installer.com

3-pn-installer.com

4-pn-installer.com

5-pn-installer.com

6-pn-installer.com

7-pn-installer.com

8-pn-installer.com

9-pn-installer.com

10-pn-installer.com

11-pn-installer.com

12-pn-installer.com

13-pn-installer.com

pn-installer.com

pn-installer1.com

pn-installer2.com

pn-installer3.com

pn-installer4.com

pn-installer5.com

pn-installer6.com

pn-installer7.com

pn-installer8.com

pn-installer10.com

oinstaller.com

oinstaller1.com

oinstaller2.com

oinstaller3.com

30 of 33 related domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.