home

healthcaregovtool.com

Moniker Online Services LLC (Domain Holding)

Domain Information

The domain healthcaregovtool.com registered by Moniker Online Services LLC (Domain Holding) was initially registered in January of 2014 through Moniker Online Services. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Nuremberg, Bayern within Germany which resides on the RIPE Network Coordination Centre network.
Registrar:
Moniker Online Services

Server location:
Bayern, Germany (DE)

Create date:
Monday, January 6, 2014

Expires date:
Friday, January 6, 2017

Updated date:
Thursday, March 3, 2016

ASN:
AS24940 HETZNER-AS Hetzner Online GmbH,DE

Whois:
3 healthcaregovtool.com records

Google Safe Browsing:
unwanted

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Dr.Web
Adware.Superfish.160, Adware.Superfish.217, Adware.Superfish.227, Adware.Superfish.241, Threat.Undefined
66.67%

Reason Heuristics
PUP.P4hostcom.Installer (M), PUP.APPsoluteTechnology.Installer (M), PUP.Superfish.Essync.Installer.Meta (M)
66.67%

Bkav FE
W32.HfsAdware
44.44%

avast!
Win32:Evo-gen [Susp], Win32:Adware-gen [Adw]
44.44%

Avira AntiVirus
ADWARE/Graftor.405000, TR/Dropper.A.12793, ADWARE/Adware.Gen, TR/Dropper.A.15172
44.44%

IKARUS anti.virus
Win32.SuspectCrc, Trojan.Dropper, PUA.Komodia
44.44%

Malwarebytes
Rootkit.WeWatcher.PUP, PUP.Optional.BundleInstaller, PUP.Optional.Komodia
44.44%

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen, HEUR/QVM30.1.Malware.Gen
33.33%

AVG
Generic
33.33%

Kaspersky
HEUR:Trojan-Downloader.Win32.Generic
22.22%

VIPRE Antivirus
APPsoluteTechnology, Threat.4150696
22.22%

McAfee
Artemis!9E53194158B5, Trojan.Artemis!3569C8A59F82
22.22%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
22.22%

Rising Antivirus
PE:Malware.RDM.24!5.1E[F1], PE:Malware.Generic/QRS!1.9E2D [F]
22.22%

MicroWorld eScan
Gen:Variant.Adware.Graftor.186320
11.11%

The domain healthcaregovtool.com has been seen to resolve to the following 3 IP addresses.

144.76.1.130
static.130.1.76.144.clients.your-server.de
April 15, 2016

144.76.0.242
static.242.0.76.144.clients.your-server.de
April 15, 2016

64.74.172.125
January 4, 2016

File downloads found at URLs served by healthcaregovtool.com.

1 / 68      (PUP)
http://healthcaregovtool.com/hci/.../SysFiles.exe  (baa7e4c762fd9e88bb37440250ab8f50)

12 / 68    (PUP)
http://healthcaregovtool.com/hci/.../SmartUploader.exe  (sysfiles.exe)

1 / 68      (PUP)
http://healthcaregovtool.com/hci/.../SmartUploader.exe  (sysfiles.exe)

1 / 68      (PUP)
http://healthcaregovtool.com/hci/.../SmartUploader.exe  (vaub1a0.tmp.exe)

16 / 68    (PUP)
http://healthcaregovtool.com/hci/.../WinWiki.exe  (nsdc564.tmp)

6 / 68      (Adware)
http://healthcaregovtool.com/hci/.../SysFiles.exe  (4bd3e5bce67c84a10d8f3b0871c63056)

8 / 68      (PUP)
http://healthcaregovtool.com/hci/.../WinWiki.exe  (2ef9a7977defc92755e1da30f6655e3e)

5 / 68      (PUP)
http://healthcaregovtool.com/hci/.../SmartUploader.exe  (sysfiles.exe)

11 / 68    (Adware)
http://healthcaregovtool.com/installs/.../SysFiles.exe  (2bf7e3399bc1eefb67570a3da4b97aff)

The following 18 files have been seen to comunicate with healthcaregovtool.com in live environments.

TCP » 144.76.0.242:80
jingling.exe

TCP » 144.76.0.242:80
Trezaa.Service.exe (Trezaa.Service by Microsoft)

TCP » 144.76.0.242:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 144.76.0.242:80
setupv.exe (project1 by Microsoft)

TCP » 144.76.1.130:443
apptrailers.exe

TCP » 144.76.0.242:443
online-guardian-v2.0.9.exe

TCP » 144.76.0.242:80
AdxEngine.exe (MPC AdCleaner by DotC United Inc)

TCP » 144.76.0.242:80
microsoft toolkit 2.6.6__9465_il667.exe

TCP » 144.76.1.130:80
microsoft toolkit 2.6.6__9465_il667.exe

TCP » 144.76.0.242:80
kmspico10.2.1__8174_il55.exe

TCP » 144.76.0.242:25
init.exe

TCP » 144.76.0.242:80
UCBrowser.exe (by UCWeb)

TCP » 144.76.1.130:80
kdlink32.exe (KDLink by QuestPRO Software)

TCP » 144.76.0.242:80
setup__2140_il20839.exe (arsenal by Emirates)

TCP » 144.76.0.242:80
kmspico10.2.1__11516_il55.exe

TCP » 144.76.0.242:80
windowsupdatekb12695__7428_il1.exe

TCP » 144.76.0.242:80
setup__15200_i1936892346_il29444.exe

TCP » 144.76.1.130:80
setup__2140_il20839.exe (arsenal by Emirates)

TCP » 144.76.1.130:80
kmspico10.2.1__11516_il55.exe

TCP » 144.76.1.130:80
windowsupdatekb12695__7428_il1.exe

 
Latest 20 of 24 files

URL:
http://healthcaregovtool.com/

Google Analytics:
UA-43967021

Title:
“healthcaregovtool.com”

Web server:
nginx (PHP/5.3.10-1ubuntu3.21)

205descargas.com

aihahconsumerproductexposed.net

apparil.com

appatan.com

appcoun.com

appoder.com

clever-those.ru

describesnort.ru

dfg-downloads.com

downloadmoviesfree.net

evidence-cleaner.net

ftuszhv1sb.ru

getdownload.net

gimp28.com

humipapp.com

ividi.org

juksr.com

noisewitness.ru

of1dkj3867.ru

pat-clutch-ignore.ru

peemoteenfidelity.net

perhaps481.ru

pro-sea-portal.ru

probaystroy.ru

prospeedstore.ru

shoogpowersellingonline.org

softologicsd.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.