home

www.newheadchuckle.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
newheadchuckle.com

Scanner detections:
Detections  (92% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.installCore.MICROMAX.Installer (M)
91.67%

Microsoft Security Essentials
Worm:Win32/NeksMiner.A
8.33%

F-Secure
Application:W32/Generic.70053c248f!Online
8.33%

The domain www.newheadchuckle.com has been seen to resolve to the following 6 IP addresses.

54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
May 22, 2016

54.69.11.66
ec2-54-69-11-66.us-west-2.compute.amazonaws.com
May 22, 2016

52.88.159.85
ec2-52-88-159-85.us-west-2.compute.amazonaws.com
May 22, 2016

52.25.41.73
ec2-52-25-41-73.us-west-2.compute.amazonaws.com
May 22, 2016

52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
May 22, 2016

54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
May 22, 2016

File downloads found at URLs served by www.newheadchuckle.com.

1 / 68      (PUP)
http://www.newheadchuckle.com/c?x=2YVlhvMm8Sql7/sF786jeoImvr79RjMyK k/X8VGxTQ=&c=BboqnJqLZ7Gl ur8DxVMFFmIAJgX0f9fZGfumgkXOIvKLvEh3JE2Llhx2ISyGLAab/LAUgHejZ mCu0hTxQbaGug11nmQMsfSBvhv7TpulfSfbP/iAdoy UBixIq1b7aVHPi5aQsV1 iHtXyoL U4Dxkcbb5SynytjjfPh1/j3Y=&e=1&fallback_url=http://res.kchuss.com/.../wlsetup-custom-fr.exe  (7cfeed0a5cc6ea165bfb63f4129e8853)

1 / 68      (PUP)
http://www.newheadchuckle.com/c?x=qjAkh4C6aKjzdq2oM6E3oX4jQkg2VVbs4HYoodbJxo0=&c=0J8hHX mNHhY4EBcRllg3NIqueD6SASTH9hIDibqJba2g7uXhaN4TtcL6prA9YRVc0U4WUiL7zeC3jcp3hGj7uA3GmlLdDsjS3S0hwbYqbp/ffP0/qVHKck6VIAKjztH&fallback_url=http://res.telecharger-ici.com/.../Firefox_Setup_21.0_fr.exe  (3ff8d6b5e8fa739b093fa6adec0d2a6a)

1 / 68      (PUP)
http://www.newheadchuckle.com/c?x=dK5nON3g69uEai6N1Yca75jr33bni3Mes3Q0XRRoS80=&c=iI h6hQasGLzr1adRIHVISzSsg8m3NU dZQ37IhmNhpUS7NMDayYaURdHguwR YXe99emv3ElfW2AoHbEElQRO6RWgoS AfYiz5Bn8bRTcawzDYKxa6CwI/uBfHWopJT&fallback_url=http://res.hufftos.com/.../audacity-win-2.0.2.exe  (d94f497692ea9b41563a76074c401aaf)

1 / 68      (PUP)
http://www.newheadchuckle.com/c?x=uuQwVP r2qiBiPj0n4purhurUyeK4fvER v0oXms4xU=&c=qYlOcFlEmVTcSGTrh mQNZG/ mmqG3ig5BF9Atcv6GD0msnM wnR BSrKSLiCptDJ9ly1mujbBoQYwWOKRnGeh8a uxVg26HAe1GgIxV69z37Bn1ZKOzvVd79rMHDzKvKyGZBLtVeE3GfBt53lKTznudycShOn1Hw26HYaSNN8uRQfAPBAxavIwo20sAKysc&e=1&downloadAs=skype.exe&fallback_url=http://res.kchuss.com/.../SkypeSetupFull.msi  (icreinstall_skype.exe)

2 / 68      (false positives)
http://www.newheadchuckle.com/c?x=gPmRYhGwJGP rEt8ZsbeBzNACJ0I7bVODp/OWsLUrqs=&c= T0gecFSBnqb6V6RfdlsunXKJ3MYhB3gA0QHQY4WHpqJY urglEcnVZzFkfHmC1rzMymoRlWsm5Gx/abjVxeh2Bl4QL2z4mqIOrWToC4BD7ssQ523un2ugAEHLfTovhv&fallback_url=http://res.hufftos.com/.../Firefox_Setup_21.0_fr.exe  (wrar420.exe)

1 / 68      (PUP)
http://www.newheadchuckle.com/c?x=PUOBxRL5yuagS8ZzCAOcmUc/kSPcgUisCodtoIb cNc=&c=x0Y F DsTAErkTEssMV6LPdTZM/VxiEPE15Cqv9RmKCJz5oE2W1AohTKzgHIXJZOxEYabMpUI45G0zs/f9eKbBW5mZLK0 tyfivD/bihwCrCNznfj/vEKpa/LLNBBx3vtLJqmbQbkXxtDcVrCNi i0ef0gloLuHl7UMtA1xu8eo=&e=1&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe  (f2c0907fda37bf63d3d94edf3152b57e)

1 / 68      (PUP)
http://www.newheadchuckle.com/c?x=1isyvCR7ArGO7sfjp n0GJFjbMT vCnzxp75e9MC27o=&c=wix4dFRTSmeydbYAaWQPFSkd0P4R88rNmvfJJo1e8XTaTs39yXwuofSbd/lIwfPpI2wfjLFbcRjMFWmVz71eFJ8ck5Bb22ii2Qh yVp59EoghU5Ni7/wi8ZvFxs5yQOj&fallback_url=http://res.wosoth.com/cache/upch/.../UpdateChecker.exe  (0226dc51ec4eccf6f658a6aa0b7ffcfc)

1 / 68      (PUP)
http://www.newheadchuckle.com/c?x=hNINb6NMNCBlVouKC3/GD5tdw47KMb669wq/cLDGIcs=&c=szMKoUK8Ov8wkNr5RRpWRdqmTSmYvp5WqW3gARyo47ey7Qyfv9ayfIm05bzRTiABtfJBnmoZL8UgffWj6SrN0TwMSPIj/2aUF4iWliPSzj7sfOC7SEFXFntwKcmOqwPS3IkMFJu7h2Sfgg6b9Dr3d cDKxNzaT3HkwjQgefApYxpOGoX1jwMqJVPWe6bT4gJ&e=1&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe  (10cdbc08ce066b6811e3fe826a4795c0)

1 / 68      (PUP)
http://www.newheadchuckle.com/c?x=pW42utpxcppLWks8zf6timcjNMuRe0Dhh4586WHn7qg=&c=uzLc/Ru/P4SeK0s7lRtkbJPKSSBNFbc0OI0AO0t6jZnTwJIyfyF02aVT1j3WaEG13S9GU4wThavwCQd1BrEXBpPBkErQ2bP4zCNjHgMHeseDvw grs4BORCBn8OQ5F8SCi93xWA/oLaycYyYFAuw Cago8vKPrNMGaNsFoDxsY4EVduqrlE3k pEQFke0D9G&e=1&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe  (f2c0907fda37bf63d3d94edf3152b57e)

1 / 68      (PUP)
http://www.newheadchuckle.com/c?x=poWl0xFubvH5uOY2/NEaXJGuviTXaMjfqBLwZNgBzeY=&c=87X7Qqr6YgdtEl6dtouvGqZwMVPTzsi2x4SXOrFFFGTyPJONmTpqEiiq4Yk2Cf9NBx83XIvpvSXZZFa3eNmGVbUa8MNmK/X9nWe2AYNMIAvOHwiRRJuzJ7sf0KE2yJt6llwLxNWET boD2ztKkXGY rNW/LdqR/wSkSyI4lA1W8=&e=1&fallback_url=http://res.setauls.com/.../Apache_OpenOffice_incubating_3.4.1_Win_x86_install_fr.exe  (ecf8c38ae9af07984ff6435ac2028d07)

1 / 68      (PUP)
http://www.newheadchuckle.com/c?x=wj7ST2H2IjXfIBulQpI1XQp7wMmmvhcTKFCg6W9VUyU=&c=0tGFjSrF Cx4MSghzQgWahkp6iBsdPZmdMAZZSzwRIumPLD5gv5pc/gH3lYJ2Xa9jRM5sXvrJVfWDPdX4/x70MRqqG0XW7IMO/FtB2Nc5nSyNcg6evxGpLKEt0xnZAeX&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe  (a95280707654bc8745cfd9560570d80a)

1 / 68      (PUP)
http://www.newheadchuckle.com/c?x=SHNYhFFxqZCV3G1arpNygmH 4IOC/CE9LNStS9jB7qM=&c=zgsVtAdHdzrMycoSg7bwY2jBBE/EkFA3WeWPI3bVds9KHlwQg7Z5WiJUjMcZwIZhD8dR9mGvJVdzuExrUZE3dPBodpTIAP9W0Xev/UkJ8vebkMGaXFLsxC7BHxlWAQz6YXwfyzqD45orR7C2HjrJ9QsQwW1TbFREOXFIDYZ585/p8q315a9GBK2QRC9Al7e &e=1&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe  (10cdbc08ce066b6811e3fe826a4795c0)

1 / 68      (PUP)
http://www.newheadchuckle.com/c?x=OMSaVOv X949xVBzdiQpybX/WaTfMTUQARqw9g2jMUo=&c=ThpILwd4UfVDU0j68bkl0BS9pEy0kTCgn6MBdu1rRS26alGJXMeaZ6QyWMBcVvyt6qNbBMORpnKJK/jK9cbdCMw2HuUCpVoBJc3SlX8P bZuaCBiaad4Xk9wAVoOszTS&fallback_url=http://res.hufftos.com/.../ProgramSpotify.exe  (abda1b2e84c25f9b42512c767451e712)

1 / 68      (PUP)
http://www.newheadchuckle.com/c?x=vJZSl zJSRrbUISVtp TOj/6Ffw5f9EIcwMbQpic/Qw=&c=AaLeeXGyB9xGWFEVKbHYAHFUPIYCfmyEP5QQZQYO1ao3qwtRhbTwjbephH9mOpKjSVS6KBAapT4eCVhT4mPux15Sni7wOeNtPeJq7TG9xhluMTtv7rYz2GCdKF5CGhr4LLkfDoatbf2pEXcKaFhahajsSInJ uWq5gRrp0SSRy IEoo0fHdQN9Bf3hpNbiv0&e=1&fallback_url=http://files.gooofull.com/resources/.../  (epson_stylus_t24.exe)

The following 6 files have been seen to comunicate with www.newheadchuckle.com in live environments.

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.