home

onlinestudy.pk

Domain Information

Server location:
Nordrhein-Westfalen, Germany (DE)

ASN:
AS8972 PLUSSERVER-AS PlusServer AG,DE

Scanner detections:
Malware distribution  (73% detected)

Scan engine
Details
Detections

Emsisoft Anti-Malware
Gen:Heur.SMHeist, Trojan.Generic.15321397, Win32.Parite, Win32.Sality
77.78%

Dr.Web
Adware.AdClick.2, Threat.Undefined, Win32.Parite.2, Win32.Sector.30
55.56%

McAfee
Artemis!C800A563539F, Artemis!4D8F7F3F92E3, Virus.W32/Pate.b, Trojan.Artemis!C800A563539F
55.56%

AVG
Win32/DH{Bw?}, Win32/Parite, Win32/Sality
55.56%

Norman
Gen:Heur.SMHeist.3, Win32.Parite.B, Win32.Sality.3
55.56%

ESET NOD32
Detection.Undefined, Win32/Parite.B virus, Win32/Sality.NBA virus
55.56%

Kaspersky
Trojan.Win32.Qhost, Virus.Win32.Parite, Virus.Win32.Sality
44.44%

avast!
Win32:Evo-gen [Susp], Win32:Parite, Win32:SaliCode
44.44%

MicroWorld eScan
Gen:Heur.SMHeist.3, Trojan.Generic.15321397
33.33%

K7 AntiVirus
Riskware
33.33%

G Data
Gen:Heur.SMHeist, Trojan.Generic.15321397
33.33%

Bitdefender
Gen:Heur.SMHeist.3, Trojan.Generic.15321397
33.33%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4721115
33.33%

Arcabit
Trojan.SMHeist.3, Trojan.Generic.DE9C935
33.33%

Fortinet FortiGate
Riskware/Sim
33.33%

The domain onlinestudy.pk has been seen to resolve to the following 2 IP addresses.

188.138.71.72
static-ip-188-138-71-72.inaddr.ip-pool.com
February 24, 2016

85.25.74.89
loft10279.serverprofi24.com
December 1, 2015

File downloads found at URLs served by onlinestudy.pk.

0 / 68
http://onlinestudy.pk/.../click.php?id=3  (pakistani-girls-mobile-data.exe)

10 / 68    (Infected)
http://onlinestudy.pk/.../click.php?id=3  (pakistani-girls-mobile-data.exe)

11 / 68    (Infected)
http://onlinestudy.pk/.../click.php?id=3  (pakistani-girls-mobile-data.exe)

2 / 68      (Malware)
http://onlinestudy.pk/.../click.php?id=3  (pakistani-girls-mobile-data.exe)

11 / 68    (Infected)
http://onlinestudy.pk/.../click.php?id=3  (pakistani-girls-mobile-data.exe)

14 / 68    (Malware)
http://onlinestudy.pk/.../click.php?id=3  (pakistani-girls-mobile-data.exe)

0 / 68
http://onlinestudy.pk/.../click.php?id=3  (pakistani-girls-mobile-data.exe)

5 / 68      (Malware)
http://onlinestudy.pk/.../click.php?id=3  (girls-mobile-data.exe)

15 / 68    (PUP)
http://onlinestudy.pk/.../click.php?id=3  (pakistani-girls-mobile-data.com)

1 / 68      (inconclusive)
http://onlinestudy.pk/.../click.php?id=3  (pakistani-girls-mobile-data.exe)

14 / 68    (Malware)
http://onlinestudy.pk/.../click.php?id=3  (pakistani-girls-mobile-data.exe)

The following 2 files have been seen to comunicate with onlinestudy.pk in live environments.

TCP » 188.138.71.72:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 188.138.71.72:80
UCBrowser.exe (UC Browser by UCWeb)

April 13, 2016
www.onlinestudy.pk

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.