home

35234.getfl.net

N.A.

Domain Information

The domain 35234.getfl.net registered by N.A. was initially registered in May of 2014 through PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Hollywood, Florida within the United States which resides on the Prolexic Technologies, Inc. network.
Registrar:
PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

Server location:
Florida, United States (US)

Create date:
Monday, May 26, 2014

Expires date:
Thursday, May 26, 2016

Updated date:
Tuesday, August 11, 2015

ASN:
AS32787 PROLEXIC-TECHNOLOGIES-DDOS-MITIGATION-NETWORK - Prolexic Technologies, Inc.,US

Root domain:
getfl.net

Whois:
2 getfl.net records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.FileMonarch.N, PUP.Installer.TEHSNABSTROY.c, PUP.Amonetize.TEHSNABSTROY.Bundler (M), PUP.TIMP (M)
100.00%

AhnLab V3 Security
PUP/Win32.IBryte, PUP/Win32.Amonetize
40.00%

MicroWorld eScan
Trojan.GenericKD.1618449, Gen:Variant.Application.Bundler.Amonetize.12
40.00%

McAfee
Artemis!0FF2B0F7AD04, Artemis!88041561D00D
40.00%

Malwarebytes
PUP.Optional.GigaClicks.A, PUP.Optional.Amonetize
40.00%

Trend Micro House Call
TROJ_CLIKUG.A, Suspicious_GEN.F47V0816
40.00%

Kaspersky
Trojan-Clicker.Win32.Agent, not-a-virus:AdWare.Win32.Amonetize
40.00%

Bitdefender
Trojan.GenericKD.1618449, Gen:Variant.Application.Bundler.Amonetize.12
40.00%

Lavasoft Ad-Aware
Trojan.GenericKD.1618449, Gen:Variant.Application.Bundler.Amonetize.12
40.00%

F-Secure
Trojan.GenericKD.1618449, Gen:Variant.Application.Bundler
40.00%

Dr.Web
Trojan.Click3.5306, Adware.Downware.8012
40.00%

G Data
Trojan.GenericKD.1618449, Gen:Variant.Application.Bundler.Amonetize.12
40.00%

Baidu Antivirus
Trojan.Win32.Clikug, Adware.Win32.Amonetize
40.00%

AVG
Clicker, Generic
40.00%

Qihoo 360 Security
Win32/Trojan.Dropper.c9f, Win32/Application.c7d
40.00%

The domain 35234.getfl.net has been seen to resolve to the following 3 IP addresses.

158.69.145.50
September 17, 2016

72.52.4.120
unknown.prolexic.com
April 14, 2016

78.140.137.163
August 17, 2014

File downloads found at URLs served by 35234.getfl.net.

1 / 68      (Adware)
http://35234.getfl.net/?id=t1f3&nor=1&sub=&name=Download.zip&url=  (download.zip_80ul6.exe)

1 / 68      (Adware)
http://35234.getfl.net/?id=t1f3&nor=1&sub=&name=Download.zip&url=  (download.zip_47oh1.exe)

1 / 68      (Adware)
http://35234.getfl.net/?id=t1f3&nor=1&sub=&name=Download.zip&url=  (download.zip_00uzt.exe)

19 / 68    (Adware)
http://35234.getfl.net/?id=t1f3&nor=1&sub=&name=Download.zip&url=  (file.download__2299_i1181768534_il3.exe)

40 / 68    (Adware)
http://35234.getfl.net/?id=t1f3&nor=1&sub=&name=Download.zip&url=  (downloadsetup.exe)

The following 75 files have been seen to comunicate with 35234.getfl.net in live environments.

TCP » 72.52.4.120:80
kb799693963.exe

TCP » 72.52.4.120:80
whAgent.exe (webHancer Customer Companion by webHancer)

TCP » 72.52.4.120:80
monhost.exe (monhost.exe by Vested Development, Inc)

TCP » 72.52.4.120:80
online-guardian-v2.0.9.exe

TCP » 72.52.4.120:80
winalert.exe

TCP » 72.52.4.120:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 72.52.4.120:80
guacuilanmog.exe

TCP » 72.52.4.120:80
cssrs.exe

TCP » 72.52.4.120:80
Alternative Flash Player Auto-Updater.exe (Flash Player Auto-Updater by Wecode.biz)

TCP » 72.52.4.120:80
adobe online.com

TCP » 72.52.4.120:80
hbpzabffmyx.exe

TCP » 72.52.4.120:80
onlineguardian-v2.exe

TCP » 72.52.4.120:80
apptrailers.exe

TCP » 72.52.4.120:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 72.52.4.120:80
ContentFinder.exe (ContentFinder by ContentFinder Company)

TCP » 72.52.4.120:80
updates.exe

TCP » 72.52.4.120:80
mirc.exe (mIRC by mIRC Co)

TCP » 72.52.4.120:80
csrss.exe

TCP » 72.52.4.120:80
photo.exe

TCP » 72.52.4.120:80
adobe online.com

 
Latest 20 of 82 files

URL:
http://35234.getfl.net/

Title:
“getfl.net -&nbspThis website is for sale! -&nbspgetfl Resources and Information.”

Description:
“This website is for sale! getfl.net is your first and best source for information about getfl. Here you will also find topics relating to issues of general interest. We hope you find what you are looking for!”

Web server:
Apache/2.2.22 (Debian)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.