home

bf.softobase.com

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain bf.softobase.com is registered by proxy through ENOM, INC. and was originally registered in April of 2012. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Gunzenhausen, Bayern within Germany which resides on the RIPE Network Coordination Centre network.
Registrar:
ENOM, INC.

Server location:
Bayern, Germany (DE)

Create date:
Wednesday, April 18, 2012

Expires date:
Sunday, April 18, 2021

Updated date:
Friday, March 25, 2016

ASN:
AS24940 HETZNER-AS Hetzner Online AG,DE

Root domain:
softobase.com

Whois:
2 softobase.com records

Scanner detections:
Detections  (74% detected)

Scan engine
Details
Detections

Reason Heuristics
Adware.OpenCandy (M), Adware.InstallAssistant, Threat.Win.Reputation.IMP, PUP.InstallCore.RuslanBo (M), Win32.Generic
43.75%

ESET NOD32
Win32/OpenCandy.C potentially unsafe (variant), Win32/Softobase.D potentially unwanted
37.50%

Kaspersky
not-a-virus:HEUR:Downloader.NSIS.SoftBase
31.25%

Baidu Antivirus
PUA.Win32.Softobase
25.00%

AhnLab V3 Security
PUP/Win32.Softobase
18.75%

Panda Antivirus
Generic Suspicious, Trj/CI.A
18.75%

K7 AntiVirus
Unwanted-Program , Adware
18.75%

NANO AntiVirus
Riskware.Nsis.Downware.dvdoyv, Riskware.Nsis.Downware.dtcclx
18.75%

Clam AntiVirus
Win.Trojan.Agent-906217
18.75%

VIPRE Antivirus
Trojan.Win32.Generic
18.75%

McAfee
RDN/Generic PUP.z!gu, Artemis!6EFCCE5A9089
18.75%

Rising Antivirus
PE:Trojan.Win32.FakeAV.bsj!1075358218, NS:PUF.SilenceInstaller!1.9DDF
12.50%

Dr.Web
Adware.OpenCandy.147, Detection.Undefined
12.50%

Trend Micro House Call
TROJ_GEN.R00UH07FE15, Suspicious_GEN.F47V0517
12.50%

Qihoo 360 Security
HEUR/QVM20.1.Malware.Gen, Win32/Virus.Downloader.d3a
12.50%

The domain bf.softobase.com has been seen to resolve to the following 3 IP addresses.

178.63.40.158
static.158.40.63.178.clients.your-server.de
July 12, 2015

85.10.200.21
85-10-200-21.clients.your-server.de
July 12, 2015

85.10.196.94
static.85-10-196-94.clients.your-server.de
July 12, 2015

File downloads found at URLs served by bf.softobase.com.

2 / 68      (PUP)
http://bf.softobase.com/.../sTabLauncher_downloader.exe  (05395cb9dd64f3c3ade66961d621795f)

5 / 68      (PUP)
http://bf.softobase.com/.../MuseScore_downloader.exe  (6efcce5a90897b864f12157761b7a569)

1 / 68      (PUP)
http://bf.softobase.com/.../GameMaker_downloader.exe  (162469abea4147d7a4b205a1e955832b)

2 / 68      (PUP)
http://bf.softobase.com/.../DVDStyler_downloader.exe  (5e6422f3cac24078bbe5eaaf8435323d)

13 / 68    (PUP)
http://bf.softobase.com/.../Widcomm_downloader.exe  (813271917f12e0fe47f9eec2f2baa114)

1 / 68      (PUP)
http://bf.softobase.com/.../CStudio_downloader.exe  (a0017a6456074b226c2512342e5f3753)

0 / 68
http://bf.softobase.com/RealPlayer.exe  (realplayercloud.exe)

0 / 68
http://bf.softobase.com/ChistaCalculator-portable.exe  (calculator.exe)

1 / 68      (Malware)
http://bf.softobase.com/.../VSDCFreeVideoEditor_downloader.exe  (0a9988431399f282d0b52df944afeb46)

1 / 68      (PUP)
http://bf.softobase.com/.../DlinnyeNardy_downloader.exe  (20598976beef8ae67a766bb620e47b0d)

0 / 68
http://bf.softobase.com/A9CAD.exe  (a9cad_2.2.1(dobreprogramy.pl).exe)

2 / 68      (PUP)
http://bf.softobase.com/DlinnyeNardy.exe  (028218f0928eb7b08848442f98531e6a)

1 / 68      (Malware)
http://bf.softobase.com/Artweaver.exe  (nso496d.tmp.exe)

14 / 68    (PUP)
http://bf.softobase.com/.../Recuva_downloader.exe  (d8b1a8b67bf08fc1565032b7ab82d080)

1 / 68
http://bf.softobase.com/Sdbf.exe  (2133b45b714cb9123d842940cd98afc9)

1 / 68
http://bf.softobase.com/UnrealCommander.exe  (uncomsetup.exe)

3 / 68      (PUP)
http://bf.softobase.com/DriverMax.exe  (drivermax_7_61_cnet.exe)

9 / 68      (PUP)
http://bf.softobase.com/.../NWorx-x64_downloader.exe  (97175dbb6fc14a6579149935df84e08d)

7 / 68      (PUP)
http://bf.softobase.com/.../OpenFreely_downloader.exe  (f7e06596e24fc555ac43a8a1985d65f4)

The following 7 files have been seen to comunicate with bf.softobase.com in live environments.

TCP » 85.10.196.94:80
SoftobaseUpdater_2.0.exe (Softobase Updater)

TCP » 178.63.40.158:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 85.10.196.94:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 85.10.196.94:80
installpack.exe

TCP » 85.10.200.21:80
directx_9.10.11.exe

TCP » 85.10.200.21:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 178.63.40.158:80
installpack.exe

TCP » 178.63.40.158:80
installpack.exe

TCP » 85.10.196.94:80
installpack.exe

TCP » 85.10.196.94:80
installpack.exe

TCP » 85.10.200.21:80
SoftobaseClient.exe (SoftobaseClient by Microsoft)

URL:
http://bf.softobase.com/

Web server:
nginx/1.8.0

besplatnyeprogrammy.ru

dl-softobase.com

freeversion.ru

freeversions.ru

installpack.net

installpack.ru

moiprogrammy.net

moywot.ru

sftcdn.ru

sftpps.ru

sftsrv.ru

sftwr.ru

soft-apps.ru

softcdn.ru

softfiles.ru

softhome.ru

softmen.ru

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.