Another Site distributing Fake codec
Site Name: iwannaseeyounude.com
IP Address: 195.5.117.234
Registrar: ESTDOMAINS, INC.
Name Servers:
ns1.iwannaseeyounude.com [195.5.117.234]
ns2.iwannaseeyounude.com [195.5.117.234]
The installer from the site was scanned and here are the results:
Virustotal Scan Result: 11/32 (34.38%)
AntiVir 7.6.0.48 2008.01.18 HEUR/Malware
BitDefender 7.2 2008.01.18 Trojan.Downloader.Codec.C
eSafe 7.0.15.0 2008.01.16 Suspicious File
eTrust-Vet 31.3.5468 2008.01.18 Win32/Burgspill!generic
Fortinet 3.14.0.0 2008.01.18 W32/Zlob.EJC!tr.dldr
F-Secure 6.70.13260.0 2008.01.18 Suspicious:W32/Malware!Gemini
Microsoft 1.3109 2008.01.18 Trojan:Win32/Delflob.I
Panda 9.0.0.4 2008.01.18 Suspicious file
Sophos 4.24.0 2008.01.18 Mal/DelpDldr-E
VBA32 3.12.2.5 2008.01.15 suspected of Win32.Trojan.Downloader
Webwasher-Gateway 6.6.2 2008.01.18 Heuristic.Malware
There are two more sites sharing the same IP address:
Site Name: Mymysticporn.com
Name Servers:
ns1.mymysticporn.com [195.5.117.234]
ns2.mymysticporn.com [195.5.117.234]
Site Name: Somenudefuck.com
Name Servers:
ns1.somenudefuck.com [195.5.117.234]
ns2.somenudefuck.com [195.5.117.234]
Sites Registrar is ESTDOMAINS, INC. well-known for their association with Scam and malicious sites. Well the registrant for these sites is hidden behind PrivacyProtect.org.
Stay away from the above mentioed sites.
Bharath M N
