bamba.theplaora.com

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain bamba.theplaora.com is registered by proxy through ENOM, INC. and was originally registered in November of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Sherman Oaks, California within the United States which resides on the Unitas Global LLC network.
Registrar:
ENOM, INC.

Server location:
California, United States (US)

Create date:
Thursday, November 20, 2014

Expires date:
Sunday, November 20, 2016

Updated date:
Wednesday, November 18, 2015

ASN:
AS4436 AS-GTT-4436 - nLayer Communications, Inc.,US

Root domain:

Scanner detections:
Detections  (56% detected)

Scan engine
Details
Detections

Baidu Antivirus
Adware.Win32.PicColor, PUA.Win32.Generik, Adware.Win32.CouponMarvel, Adware.Win32.Conduit
43.59%

Trend Micro House Call
TROJ_GEN.R0EAH09BD15, TROJ_GEN.R08NH09C815, Suspicious_GEN.F47V0405, Suspicious_GEN.F47V0222, Suspicious_GEN.F47V0526, Suspicious_GEN.F47V0527
38.46%

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.171744, Gen:Variant.Jaik.6148, Gen:Variant.Graftor.177544, Gen:Variant.Graftor.178044, Trojan.GenericKD.2177847, Application.Agent.JN, Application.Generic.1543530, Application.Generic.1559169
35.90%

ESET NOD32
Win32/Adware.PicColor.L application, Win32/Adware.PicColor.Q application, multiple threats, Win32/Adware.CouponMarvel.E application, Win32/Adware.PicColor.Z application
33.33%

ESET NOD32
Win32/Adware.PicColor (variant), Generik.CSUXREI potentially unwanted (variant), Win32/Adware.CouponMarvel, Win32/Adware.CouponMarvel (variant)
33.33%

VIPRE Antivirus
Threat.4150696, Threat.5217618, Trojan.Win32.Generic, Conduit
30.77%

IKARUS anti.virus
Trojan.SuspectCRC, PUA.CouponMarvel, PUA.ClientConnect
30.77%

Fortinet FortiGate
Riskware/PicColor, Riskware/CouponMarvel, Riskware/Conduit_SearchProtect
25.64%

Microsoft Security Essentials
Threat.Undefined
25.64%

MicroWorld eScan
Gen:Variant.Adware.Graftor.171744, Gen:Variant.Jaik.6148, Gen:Variant.Graftor.177544, Gen:Variant.Graftor.178044, Trojan.GenericKD.2177847, Gen:Variant.Adware.Graftor.189558
23.08%

G Data
Gen:Variant.Adware.Graftor.171744, Gen:Variant.Jaik.6148, Gen:Variant.Graftor.177544, Gen:Variant.Graftor.178044, Trojan.GenericKD.2177847
23.08%

Bitdefender
Gen:Variant.Adware.Graftor.171744, Gen:Variant.Jaik.6148, Gen:Variant.Graftor.177544, Gen:Variant.Graftor.178044, Trojan.GenericKD.2177847
20.51%

F-Secure
Gen:Variant.Adware.Graftor.171744, Gen:Variant.Jaik.6148, Gen:Variant.Graftor.177544, Trojan.GenericKD.2177847, Gen:Variant.Application.Kazy
17.95%

Reason Heuristics
Threat.Win.Reputation.IMP, PUP.OutBrowse (M), PUP.Conduit.Installer
17.95%

avast!
Win32:Adware-gen [Adw], Dropper-gen [Drp], Win32:Conduit-B [PUP], Win32:Malware-gen
17.95%

The domain bamba.theplaora.com has been seen to resolve to the following IP address.

192-124-232-198.static.unitasglobal.net
February 6, 2016

File downloads found at URLs served by bamba.theplaora.com.

0 / 68
http://bamba.theplaora.com/LolliScan/.../Setup.exe  (6273075785810ea4c7f3107bc810fafa)

7 / 68      (Malware)

0 / 68
http://bamba.theplaora.com/SecurityUtility/.../Setup.exe  (fe77fce25d216a282414522812fc1c43)

5 / 68      (PUP)

5 / 68      (Malware)
http://bamba.theplaora.com/FlashBeat/.../Setup.exe  (9bd3415e696b7889e27e5944b175542c)

3 / 68      (PUP)

0 / 68
http://bamba.theplaora.com/FlashBeat/.../Setup.exe  (4726c7f24b91847c7df89983c4849e0b)

5 / 68      (PUP)
http://bamba.theplaora.com/SecurityUtility/.../Setup.exe  (ae7942ea477532aaf2e3e01a3e446e31)

8 / 68      (PUP)

7 / 68      (PUP)

0 / 68
http://bamba.theplaora.com/LolliScan/.../Setup.exe  (3f3009ec7249e7b8bb025bd1c56e7e64)

0 / 68
http://bamba.theplaora.com/FlashBeat/.../Setup.exe  (6e89b4d81ac9bbeb90454e43bb25209f)

6 / 68      (PUP)
http://bamba.theplaora.com/Kikblaster/.../Setup.exe  (59ac0ae678a5fafa7d00c6047071cbc8)

The following 41 files have been seen to comunicate with bamba.theplaora.com in live environments.

 
Latest 20 of 50 files

URL:
http://bamba.theplaora.com/

Web server:
NetDNA-cache/2.2

30 of 39 related domains