The domain ad.propellerads.com is registered by proxy through GODADDY.COM, LLC and was originally registered in May of 2011. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Utrecht, Utrecht within Netherlands which resides on the RIPE Network Coordination Centre network.
Registrant:
Domains By Proxy, LLC
Registrar:
GODADDY.COM, LLC
Server location:
Utrecht, Netherlands (NL)
Create date:
Wednesday, May 25, 2011
Expires date:
Friday, May 25, 2018
Updated date:
Friday, August 21, 2015
ASN:
AS35415 WEBAZILLA Webazilla B.V.
Scanner detections:
Detections (100% detected)
Scan engine
Details
Detections
Reason Heuristics
PUP.Installer.Amonetizeltd.a, PUP.Installer.Amonetizeltd.EE, PUP.Installer.Amonetizeltd.e, PUP.Wilmaonline.q, PUP.Installer.ShetefSolutionsConsulting1998.d, PUP.ExtendedSetup.c, PUP.PCFaster (L), Adware.Amonetize.Bundler (M), Threat.Win.Reputation.IMP, PUP.Amonetize.Bundler (M), PUP.installCore.WorldSet (M), PUP.Tuguu.Bundler (M), PUP.Adknowledge.FUSIONIN.Bundler (M), PUP.Amonetize.TEHSNABS.Bundler (M), PUP.Tuguu.Awimba.Bundler (M), PUP.installCore.Extended (M), PUP.TIMP.OOOTIMP1.Bundler (M), PUP.Tuguu.Cloverme.Bundler (M), PUP.Tuguu.LunacomI.Bundler (M), Adware.Amonetize.Installer.Installer.Meta (M)
97.73%
Malwarebytes
PUP.Optional.InstallMonetizer, PUP.Optional.Amonetize.A, PUP.Optional.InstallCore
50.00%
ESET NOD32
Win32/Amonetize (variant), Win32/Amonetize.AI (variant), Win32/Amonetize.AG (variant), Win32/Amonetize.AJ (variant), Win32/InstallCore.IS (variant)
47.73%
Avira AntiVirus
Adware/Amonetize.E.1, APPL/Amonetize.A, ADWARE/Adware.Gen2, ADWARE/InstallCore.Gen7
45.45%
Trend Micro House Call
TROJ_GEN.F47V1118, TROJ_GEN.F47V1108, TROJ_GEN.F47V1114, TROJ_GEN.F47V0918, TROJ_GEN.F47V1029, TROJ_GEN.F47V0313, TROJ_GEN.F47V0304
43.18%
VIPRE Antivirus
Amonetize, Trojan.Win32.Generic, InstallCore
43.18%
Sophos
Amonetize, Install Core Click run software
40.91%
McAfee
Artemis!D9450DCB35E7, Artemis!0809F462F8DF, Artemis!61694A9BADE3, Artemis!EED95BD36931, Artemis!81BA3E147029, Artemis!37D9CDC1A4B3, Artemis!AC04B4FDAB43, PUP-FBM!EC904BB78BBD, PUP-FBM!8888DD336443, Artemis!B260F8AA3973, Artemis!373DB4089762
38.64%
Dr.Web
Adware.Downware.1729, Adware.Downware.1643, Adware.Downware.1339, Adware.Downware.1528, Adware.Downware.1575, Adware.Downware.2467
38.64%
AhnLab V3 Security
PUP/Win32.Amonetiz
36.36%
AVG
Skodna.Generic_c, MalSign.Generic, MalSign.Wilmo, Generic_r, MalSign.InstallC
31.82%
avast!
Win32:Amonetize-N [PUP], Win32:Amonetize-M [PUP], Win32:Amonetize-AK [PUP], Win32:Amonetize-AM [PUP], Win32:Amonetize-Y [PUP]
29.55%
Baidu Antivirus
Adware.Win32.Amonetize, PUA.Win32.Amonetize
27.27%
Fortinet FortiGate
Riskware/Amonetize, Adware/Amonetize, Riskware/InstallCore, MSIL/Kryptik.NM!tr
25.00%
Qihoo 360 Security
Win32/Virus.Adware.932, HEUR/Malware.QVM20.Gen
25.00%
The domain ad.propellerads.com has been seen to resolve to the following 9 IP addresses.
v-2-do15-d1260-205.webazilla.com
June 21, 2014
v-2-eu22-d951-46.webazilla.com
December 22, 2013
v-2-do13-d1175-109.webazilla.com
December 22, 2013
File downloads found at URLs served by ad.propellerads.com.
Latest 30 of 100 download URLs
The following 7 files have been seen to comunicate with ad.propellerads.com in live environments.
URL:
http://ad.propellerads.com/
Description:
“Search the world's information, including webpages, images, videos and more. Google has many special features to help you find exactly what you're looking for.”
SSL certificate subject:
CN=*.propellerads.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)15, OU=GT65295266
SSL certificate issuer:
CN=RapidSSL SHA256 CA - G3, O=GeoTrust Inc., C=US
Facebook:
Likes: 9,224,062
Shares: 10,272,140
Comments: 2,319,501
Statistics are for the previous month.