home

admin.0k8wezr.com

Whois Privacy Protection Service, Inc.  (Proxy Registrant)

Domain Information

The domain admin.0k8wezr.com is registered by proxy through NAME.COM, INC. and was originally registered in March of 2015. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Kirkland, Washington within the United States which resides on the eNom, Incorporated network.
Registrar:
NAME.COM, INC.

Server location:
Washington, United States (US)

Create date:
Tuesday, March 24, 2015

Expires date:
Friday, March 24, 2017

Updated date:
Friday, March 25, 2016

ASN:
AS21740 ENOMAS1 - eNom, Incorporated,US

Root domain:
0k8wezr.com

Whois:
1 0k8wezr.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Bundler.Softpulse, PUP.Softpulse.DigitalPlugin.Bundler (M), PUP.Softpulse.DigitalP.Bundler (M)
100.00%

Dr.Web
Trojan.Domaiq.175
20.00%

Emsisoft Anti-Malware
Application.Bundler.SoftPulse.AE
20.00%

VIPRE Antivirus
Threat.4783235
20.00%

Lavasoft Ad-Aware
Application.Bundler.SoftPulse.P
20.00%

F-Secure
Riskware.Application.Bundler.SoftPulse
20.00%

Bkav FE
W32.HfsAdware
20.00%

MicroWorld eScan
Application.Bundler.SoftPulse.AE
20.00%

Malwarebytes
PUP.Optional.DigitalPlugin.C
20.00%

K7 AntiVirus
Adware
20.00%

Bitdefender
Application.Bundler.SoftPulse.P
20.00%

Avira AntiVirus
PUA/SoftPulse.J.1
20.00%

G Data
Application.Bundler.SoftPulse
20.00%

AhnLab V3 Security
Win-PUP/SoftPulse
20.00%

AVG
Generic
20.00%

The domain admin.0k8wezr.com has been seen to resolve to the following 2 IP addresses.

69.64.147.242
rc2.sjl01.dmtracker.com
April 4, 2016

5.135.246.48
April 17, 2015

File downloads found at URLs served by admin.0k8wezr.com.

1 / 68      (Adware)
http://admin.0k8wezr.com/_DgmjGSOFZdFdblwmHN-yE5acfTWFeJzGotUpZI--o_v6qH1M5Nh8P2tk8AsHF0ZoUwE-A0TB80EPE9ntrUIFfY3kP9dV9nmkAnrcKFVWKh5mQxuOL6pMpcKbSKhmO3hDflLT1IEe2i1j65YVycoRu2Ggzwuzj8ZA3y9AKqqY94yj3E4c5OLfFdzjWATCFdb  (google chrome.exe)

1 / 68      (Adware)
http://admin.0k8wezr.com/xzL0CXLrFr83CYn2sIu7v0ec50cmyOGvNP-PFVh-5UPXZlSBufuAnmQjSLi025mZIbC68abUUNKNsamjYhkuTYC9b4EoSdjgc8Y2vRuyHF2LPXr2oMOtzr7wjMvPDIFsZudmMF4gaNuXg4NqDT_HK4vDoK2KERKZsUAVgfAsdgsPkvQOEu0fMXnKjEtl7Gsn  (google chrome.exe)

1 / 68      (Adware)
http://admin.0k8wezr.com/iR1dTOimBf16Gc_XfELc4HMRrC366yE3SFl6B_a3pwlas03ev37d7nNPVFxyFKremrUlFk-zZrKboUqy3rJBogTRy_daTKpCsQd2Ov3G0YjkxCK6Xw_YJv-rcUqaUnerOn1Ke0cnPDHyTrUdNIsXwDtqT5eDBO0DeY0U45IxzYTI8uezpSKrc6h82SSxgQ-0  (google chrome.exe)

1 / 68      (Adware)
http://admin.0k8wezr.com/Xta7Lig-50oUsXY5CY9eOaEsEq_IN97cuf0gYkpjr56H-cAt8bEcnVTKtpi_dUCb4uuCT44C-eKMi9qd5s52pzlL12c6HXa-DwqD4ETWrbZeI48ESoBv3L3VmL4gKYzOR7rZFCmtGMd4XZNbRJuWU_4cMtUiYZKKji2tiMdZGgv3cc_HW0lqQfgNQd9yQurs  (google chrome.exe)

20 / 68    (Adware)
http://admin.0k8wezr.com/FrlEeW_AJfCDZwYYw9LVwZonGkF3w-vpVODSfkxhK8u13fRHCV--lye8nju0mAATSpMmPT4payW2tKwLDR2yaBYVzlQ2gTpap_t9gzfN77yOKOG5IgmnDpOzCF_hyXLg52YbxR01DIhHCKkuYMkiUnft6AsBKNeU0RCgNhVxe5EWRwNeNGMV3bNY3zZfJAHO  (google chrome.exe)

The following 35 files have been seen to comunicate with admin.0k8wezr.com in live environments.

TCP » 69.64.147.242:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 69.64.147.242:80
pricemeter.exe (PriceMeter)

TCP » 69.64.147.242:80
ContentFinder.exe (ContentFinder by ContentFinder Software)

TCP » 69.64.147.242:80
pricemeter.exe (PriceMeter)

TCP » 69.64.147.242:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 69.64.147.242:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 69.64.147.242:80
ContentFinder.exe (ContentFinder by ContentFinder Company)

TCP » 69.64.147.242:80
pricemeter.exe (PriceMeter)

TCP » 69.64.147.242:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 69.64.147.242:80
PopiTV.exe (PopiTV)

TCP » 69.64.147.242:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 69.64.147.242:80
ContentSinder.exe (ContentSinder by ContentSinder Company)

TCP » 69.64.147.242:80
pricemeter.exe (PriceMeter)

TCP » 69.64.147.242:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 69.64.147.242:80
tmp197b.tmp.exe (HLClientUpdater by ECON)

TCP » 69.64.147.242:80
GenieCleanService.exe (Genie Cleaner by Oppoos.com)

TCP » 69.64.147.242:80
pricemeter.exe (PriceMeter)

TCP » 69.64.147.242:80
ContentFinder.exe (ContentFinder by DigitalSoftware Group)

TCP » 69.64.147.242:80
pricemeter.exe (PriceMeter)

TCP » 69.64.147.242:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

 
Latest 20 of 47 files

URL:
http://admin.0k8wezr.com/

Google Analytics:
UA-2249740

Title:
“0K8wezr.com”

Description:
“Find Cash Advance, Debt Consolidation and more at 0K8wezr.com. Get the best of Insurance or Free Credit Report, browse our section on Cell Phones or learn about Life Insurance. 0K8wezr.com is the site for Cash Advance.”

Web server:
Microsoft-IIS/8.5 (ASP.NET) (Version: 4.0.30319)

07zbu0gt6.com

08i8b4384.com

0g32br5rsg.com

0hnuuf2.com

0j2fxpvon.com

0nosjf31uh.com

0o99hbzi.com

0p78qfr8q7.com

0softwaredreams.com

0uezhjx.com

0vin60f6.com

0x1m8x59b.com

1-vinstaller.com

1000descargas.com

123-telecharger.com

18v3y9y0ob.com

1btvoy0pn.com

1mmkkv2sfi.com

1r2qzosuf.com

1sfrtvms6.com

1tvonline.net

2-vinstaller.com

225bkry1.com

22aaf3.com

27call.com

27q2gqueo.com

29u3wfmjg.com

2k18x8b34s.com

2m891odz.com

2rwofu74.com

30 of 685 related domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.