home

clipgrab.de

Domain Information

Server location:
Berlin, Germany (DE)

ASN:
AS34011 DOMAINFACTORY domainfactory GmbH

Scanner detections:
Detections  (68% detected)

Scan engine
Details
Detections

ESET NOD32
Win32/OpenCandy, Win32/OpenCandy (variant), Win32/OpenCandy.C potentially unsafe (variant), Win32/OpenCandy.A potentially unsafe (variant)
93.75%

Dr.Web
Adware.OpenCandy.39, Adware.OpenCandy.115, Threat.Undefined, Adware.OpenCandy.182
62.50%

Reason Heuristics
PUP.OpenCandy.Installer (L)
56.25%

AVG
Generic, AdLoad.OpenCandy
56.25%

Trend Micro House Call
Suspicious_GEN.F47V0723, Suspicious_GEN.F47V0730, Suspicious_GEN.F47V0826, Suspicious_GEN.F47V1115, Suspicious_GEN.F47V0128
37.50%

G Data
Win32.Application.OpenCandy
37.50%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4150696
31.25%

McAfee
Artemis!67567471B8C9, Artemis!F82F230F8BB1, Artemis!BF53303433F0, Artemis!956FCC816641, Trojan.Artemis!6DA9DDBF1AA7
31.25%

Fortinet FortiGate
Riskware/OpenCandy
31.25%

NANO AntiVirus
Riskware.Win32.OpenCandy.dqxwfl, Riskware.Win32.OpenCandy.dyofpx, Riskware.Win32.OpenCandy.dzackp
25.00%

Avira AntiVirus
PUA/OpenCandy.Gen
25.00%

F-Prot
W32/OpenCandy.A2.gen, W32/OpenCandy.A.gen
18.75%

Agnitum Outpost
PUA.OpenCandy
12.50%

AhnLab V3 Security
PUP/Win32.OpenCandy
6.25%

Sophos
OpenCandy (PUA)
6.25%

The domain clipgrab.de has been seen to resolve to the following IP address.

109.239.49.192
vanbittern.com
February 2, 2014

File downloads found at URLs served by clipgrab.de.

0 / 68
http://clipgrab.de/.../clipgrab-3.5.6.exe  (d9118e009de3a5bf788b11161324b11d)

0 / 68
http://clipgrab.de/.../clipgrab-3.3.0.4.exe  (90e6b240835f5bae0d9961043914da6c)

12 / 68    (PUP)
http://clipgrab.de/.../clipgrab-3.5.6.exe  (clipgrab-3.5.5.exe)

0 / 68
http://clipgrab.de/.../clipgrab-3.4.7.exe  (62ff840849acbfd275d047624a660a83)

0 / 68
http://clipgrab.de/.../clipgrab-3.5.6.exe  (a11af8b8384093b0f83f5283cdd2068e)

8 / 68      (PUP)
http://clipgrab.de/.../clipgrab-3.5.5.exe  (be904b646761cc89c43fb5fdf7ca9c24)

9 / 68      (PUP)
http://clipgrab.de/.../clipgrab-3.5.2.exe  (260d050189dc276e6bc46142ae3e8417)

0 / 68
http://clipgrab.de/.../clipgrab-3.5.1.exe  (0ecffd582b42f6e52fdf473a6582534e)

9 / 68      (PUP)
http://clipgrab.de/.../clipgrab-3.4.11.exe  (956fcc81664158944e2705638e560dc0)

4 / 68      (PUP)
http://clipgrab.de/.../clipgrab-3.5.0.exe  (7dd024baddf37d4eeefc22982b52ca8f)

12 / 68    (PUP)
http://clipgrab.de/.../clipgrab-3.5.5.exe  (6da9ddbf1aa76cd950574e2b8e7a4303)

0 / 68
http://clipgrab.de/.../clipgrab-3.5.6.exe  (d11bcbb7978f8aa0bb9c2b4a2753dfb6)

8 / 68      (PUP)
http://clipgrab.de/.../clipgrab-3.5.6.exe  (ad6e5106a6489c1c07ec87a6c0985ee4)

4 / 68      (PUP)
http://clipgrab.de/.../clipgrab-3.5.1.exe  (0400c6ad1c93d19b2f3e177e409e5677)

6 / 68      (PUP)
http://clipgrab.de/.../clipgrab-3.4.9.exe  (bf53303433f0e97c45d1d2b202044529)

7 / 68      (PUP)
http://clipgrab.de/.../clipgrab-3.4.8.exe  (f82f230f8bb1d0e3c33993ee0d95e720)

7 / 68      (PUP)
http://clipgrab.de/.../clipgrab-3.2.0.10.exe  (clipgrab-3.4.8.exe)

5 / 68      (PUP)
http://clipgrab.de/.../clipgrab-3.4.7.exe  (67567471b8c9e6e9b0b326bb66c1ac99)

2 / 68      (PUP)
http://clipgrab.de/.../clipgrab-3.3.0.2.exe  (6cd78a64c53bbabb38b2f0679e01b516)

2 / 68      (PUP)
http://clipgrab.de/.../clipgrab-3.4.4.exe  (405a0a3c03865afed77a5505a91793c9)

4 / 68      (inconclusive)
http://clipgrab.de/.../clipgrab-3.4.4.exe  (3f3f629a8ee5d130704fb7f16e489512)

4 / 68      (PUP)
http://clipgrab.de/.../clipgrab-3.4.4.exe  (8e3d19f907dfb31cb27f0e4b465e383e)

2 / 68      (PUP)
http://clipgrab.de/.../clipgrab-3.4.3.exe  (02e093cbee639f6addf94a947afa844e)

2 / 68      (PUP)
http://clipgrab.de/.../clipgrab-3.3.0.4.exe  (c409f92f9258974dbe4430f9c741e5ae)

The following file have been seen to comunicate with clipgrab.de in live environments.

TCP » 109.239.49.192:80
clipgrab.exe

February 2, 2014
download.clipgrab.de

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.