home

b4-31d2.kxcdn.com

proinity GmbH

Domain Information

The domain b4-31d2.kxcdn.com registered by proinity GmbH was initially registered in January of 2013 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Providence, Utah within the United States which resides on the Hosting Services, Inc. network.
Registrar:
GODADDY.COM, LLC

Server location:
Utah, United States (US)

Create date:
Wednesday, January 30, 2013

Expires date:
Monday, January 30, 2017

Updated date:
Wednesday, November 19, 2014

ASN:
AS32780 HOSTINGSERVICES-INC - Hosting Services, Inc., US

Root domain:
kxcdn.com

Whois:
1 kxcdn.com record

Scanner detections:
Detections  (78% detected)

Scan engine
Details
Detections

Reason Heuristics
Adware.Amonetize.OpenSour.Installer.Meta (M), Threat.Win.Reputation.IMP, Adware.Amonetize (M)
57.14%

ESET NOD32
Win32/BitCoinMiner.BY potentially unsafe application
42.86%

McAfee
Program.Artemis!F2660856ABE2, Trojan.Artemis!0C64EE5ADAB2, Trojan.Artemis!7405414AEFC7
42.86%

Dr.Web
Detection.Undefined
42.86%

Norman
Gen:Variant.Application.BitcoinMiner.16, Zum.BitCoinMiner.1
28.57%

Emsisoft Anti-Malware
Gen:Variant.Application.BitcoinMiner.16
14.29%

Kaspersky
not-a-virus:RiskTool.Win32.BitCoinMiner
14.29%

The domain b4-31d2.kxcdn.com has been seen to resolve to the following 2 IP addresses.

207.244.77.134
hosted-by.Eqserver.com
July 3, 2016

107.182.231.101
usny01.proinity.net
June 4, 2016

File downloads found at URLs served by b4-31d2.kxcdn.com.

1 / 68      (PUP)
http://b4-31d2.kxcdn.com/B4.exe  (6160eefdfc1cd14e1234e88887791c6a)

0 / 68
http://b4-31d2.kxcdn.com/B4.exe  (ic-0.88c69e2cc78e7.exe)

3 / 68      (Malware)
http://b4-31d2.kxcdn.com/B4.exe  (38d.tmp)

4 / 68      (Malware)
http://b4-31d2.kxcdn.com/B4.exe  (vnl1.exe)

1 / 68      (Malware)
http://b4-31d2.kxcdn.com/B4.exe  (0d8b59278a517f2698e3e13f64a5e5d2)

0 / 68
http://b4-31d2.kxcdn.com/B4.exe  (8bfe5c3331510989280796490806c70b)

6 / 68      (PUP)
http://b4-31d2.kxcdn.com/B4.exe  (ic-0.e877a613d48d.exe)

1 / 68      (PUP)
http://b4-31d2.kxcdn.com/B4.exe  (ic-0.60852a874cf8cc.exe)

1 / 68      (PUP)
http://b4-31d2.kxcdn.com/B4.exe  (cpuminer.exe)

The following 9 files have been seen to comunicate with b4-31d2.kxcdn.com in live environments.

TCP » 107.182.231.101:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 107.182.231.101:443
crossbrowse.exe (Crossbrowse)

TCP » 207.244.77.134:80
apptrailers.exe

TCP » 207.244.77.134:443
browser.exe (speed browser by Fast Applications)

TCP » 107.182.231.101:443
online-guardian-v2.exe

TCP » 107.182.231.101:80
online-guardian-v2.0.9.exe

TCP » 207.244.77.134:443
apptrailers.exe

TCP » 107.182.231.101:443
installer.exe (15R8T by 15R8TC@PQ)

TCP » 107.182.231.101:80
dbupdater.exe

TCP » 207.244.77.134:443
genieutils.exe

URL:
http://b4-31d2.kxcdn.com/

SSL certificate subject:
CN=*.kxcdn.com, OU=PositiveSSL Wildcard, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
keycdn-engine

4kdownload.com

adtoox.com

blackchippoker.eu

blumentals.net

celestialuna.com

cofeshow.com

downloadpangu.org

ej-technologies.com

f-static.com

izabelcoin.com

melodics.com

phbot.org

propersoft.net

spacecad.com

stary3d.com

tabulatouch.com

virtualplaytable.com

abtemplates.com

acraffiliates.com

advanceduninstaller.com

bunk1.com

comicartfans.com

fonearena.com

gdgsoft.com

icons8.com

linkscountryclub.com

tinyumbrella.org

wikidsystems.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.