» dl.safemonitorapp.com
Overview
Analysis
IPs Addresses (186)
Downloads (50)
Network (168)
Website Detail
Related Domains (4)

dl.safemonitorapp.com

WebAppTech Coding LLC (via a Proxy Registrant)

Domain Information

The domain dl.safemonitorapp.com is registered by proxy through GODADDY.COM, LLC and was originally registered in January of 2013. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Dulles, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below). The domain is associated with the publisher WebAppTech Coding LLC who is located in Grandville, Michigan in the United States.

Registrant:

Domains By Proxy, LLC on behalf of WebAppTech Coding LLC

Registrar:

GODADDY.COM, LLC

Server location:

Virginia, United States (US)

Create date:

Saturday, January 19, 2013

Expires date:

Thursday, January 19, 2017

Updated date:

Wednesday, January 20, 2016

ASN:

AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:

safemonitorapp.com

Whois:

3 safemonitorapp.com records

Scanner detections:

Detections (96% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.Installer.WesternWebApplications.F, PUP.Installer.WebAppTechCoding.F, PUP.LionSea.LionSeaS.Installer (M), PUP.Installer.WebAppTechCoding.I, DownloadManager.AirSoftware.F, PUP.Installer.Injekt, PUP.Injekt.WesternWebApplications.Installer (M), PUP.Injekt.WesternW.Installer (M), PUP.Softpulse (M)

97.92%

Dr.Web

Adware.Plugin.36, riskware program Program.Unwanted.79, is riskware program Program.Unwanted.79, Trojan.SMSSend.4766, infected with Trojan.Yontoo.2143

72.92%

VIPRE Antivirus

SearchDonkey, Injekt, Iminent, Threat.4784449

70.83%

ESET NOD32

Win32/ExFriendAlert (variant), MSIL/Adware.PullUpdate

56.25%

Trend Micro House Call

TROJ_GEN.F47V0601, TROJ_FAKEAV.BMC, TROJ_GE.269D89E4, TROJ_GE.7B758086, TROJ_GEN.F47V0324, TROJ_GE.0C72B010, TROJ_GEN.F47V1115, TROJ_GEN.F47V0603, TROJ_GE.CFFE2CD1, TROJ_GEN.F47V0623

43.75%

Malwarebytes

Trojan.Agent.HE, Adware.SaMon, PUP.Optional.Conduit.A, PUP.Optional.AirInstaller, PUP.Optional.SafeMonitor.A

41.67%

McAfee

Artemis!746F02AD95F1, Artemis!C2B4BC7A8347, Artemis!913B2DA85CD4, Artemis!B7689FE1B383, Artemis!5A7E0A5F30C1, Artemis!8E01FFB62C72, Artemis!BD101DACC599, Artemis!5DF05C1AE745, Artemis!B76C76ABE40E, Artemis!72CB9F4C5846, Artemis!311C6C38DBF2

31.25%

Comodo Security

Heur.Suspicious, ApplicUnwnt, Application.Win32.AirAdInstaller.A

31.25%

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h, TScope.Trojan.MSIL, AdWare.SaMon, AdWare.AirAdInstaller.ajov

29.17%

Agnitum Outpost

Riskware.Agent, PUA.PullUpdate, PUA.AirAd

29.17%

avast!

Win32:BHO-AMO [PUP], JS:BHO-O [PUP], JS:BHO-N [PUP], Adware-gen [Adw]

27.08%

IKARUS anti.virus

AdWare.Win32.ExFriendAlert, not-a-virus:AdWare.Win32.SaMon, AdWare.Agent, Win32.AdWare, PUA.ExFriendAlert, AdWare.MSIL.PullUpdate

25.00%

Kaspersky

not-a-virus:AdWare.Win32.SaMon, not-a-virus:AdWare.Win32.AirAdInstaller

12.50%

Sophos

Generic PUA BJ, Generic PUA KJ, Generic PUA HC, AirInstaller, PUA 'OpenCandy'

12.50%

K7 AntiVirus

Unwanted-Program , Trojan

12.50%

The domain dl.safemonitorapp.com has been seen to resolve to the following 186 IP addresses.

52.84.125.252

server-52-84-125-252.iad16.r.cloudfront.net

September 3, 2016

52.84.125.230

server-52-84-125-230.iad16.r.cloudfront.net

September 3, 2016

52.84.125.214

server-52-84-125-214.iad16.r.cloudfront.net

September 3, 2016

52.84.125.110

server-52-84-125-110.iad16.r.cloudfront.net

September 3, 2016

52.84.125.102

server-52-84-125-102.iad16.r.cloudfront.net

September 3, 2016

52.84.125.56

server-52-84-125-56.iad16.r.cloudfront.net

September 3, 2016

52.84.125.27

server-52-84-125-27.iad16.r.cloudfront.net

September 3, 2016

52.84.125.16

server-52-84-125-16.iad16.r.cloudfront.net

September 3, 2016

52.85.131.76

server-52-85-131-76.iad53.r.cloudfront.net

July 19, 2016

52.85.131.62

server-52-85-131-62.iad53.r.cloudfront.net

July 19, 2016

52.85.131.29

server-52-85-131-29.iad53.r.cloudfront.net

July 19, 2016

52.85.131.243

server-52-85-131-243.iad53.r.cloudfront.net

July 19, 2016

52.85.131.242

server-52-85-131-242.iad53.r.cloudfront.net

July 19, 2016

52.85.131.206

server-52-85-131-206.iad53.r.cloudfront.net

July 19, 2016

52.85.131.185

server-52-85-131-185.iad53.r.cloudfront.net

July 19, 2016

52.85.131.142

server-52-85-131-142.iad53.r.cloudfront.net

July 19, 2016

52.85.142.249

server-52-85-142-249.iad12.r.cloudfront.net

May 28, 2016

52.85.142.108

server-52-85-142-108.iad12.r.cloudfront.net

May 24, 2016

52.85.142.64

server-52-85-142-64.iad12.r.cloudfront.net

May 24, 2016

52.85.142.50

server-52-85-142-50.iad12.r.cloudfront.net

May 24, 2016

52.85.142.254

server-52-85-142-254.iad12.r.cloudfront.net

May 24, 2016

52.85.142.244

server-52-85-142-244.iad12.r.cloudfront.net

May 24, 2016

52.85.142.128

server-52-85-142-128.iad12.r.cloudfront.net

May 24, 2016

52.85.142.122

server-52-85-142-122.iad12.r.cloudfront.net

May 24, 2016

52.85.142.89

server-52-85-142-89.iad12.r.cloudfront.net

April 21, 2016

52.85.142.81

server-52-85-142-81.iad12.r.cloudfront.net

April 21, 2016

52.85.142.47

server-52-85-142-47.iad12.r.cloudfront.net

April 21, 2016

52.85.142.43

server-52-85-142-43.iad12.r.cloudfront.net

April 21, 2016

52.85.142.14

server-52-85-142-14.iad12.r.cloudfront.net

April 21, 2016

52.85.142.201

server-52-85-142-201.iad12.r.cloudfront.net

April 21, 2016

Showing 30 of 186 IP Addresses

File downloads found at URLs served by dl.safemonitorapp.com.

1 / 68 (Adware)

http://dl.safemonitorapp.com/SafeMonitor/50000001/.../Setup.exe (0ce925eac360e3cf3b266d51c80e93b0)

15 / 68 (Adware)

http://dl.safemonitorapp.com/SafeMonitor/590/.../Setup.exe (86f372127f7dab8895859f2e203bb5c4)

1 / 68 (Adware)

http://dl.safemonitorapp.com/SafeMonitor/590/.../Setup.exe (8c6bdb141776d75fcea187f150a4a238)

1 / 68 (Adware)

http://dl.safemonitorapp.com/SafeMonitor/53901/.../Setup.exe (fa64edf2dfc4d638ce9e1215c5625d4a)

1 / 68 (Adware)

http://dl.safemonitorapp.com/SafeMonitor/53401/.../Setup.exe (21c0c2d18b891fd0edea85ccf71d15dc)

4 / 68 (Adware)

http://dl.safemonitorapp.com/SafeMonitor/590/.../Setup.exe (9d00d278f2587b318815ebdc121bb5f2)

8 / 68 (Adware)

http://dl.safemonitorapp.com/SafeMonitor/591/.../Setup.exe (8c55bed0656f8b9f2fb0254c01b57de1)

1 / 68 (Adware)

http://dl.safemonitorapp.com/SafeMonitor/591/.../Setup.exe (6dd4457a48de5b12eec6d685cf1b8d5f)

8 / 68 (Adware)

http://dl.safemonitorapp.com/SafeMonitor/566/.../Setup.exe (311c6c38dbf2c027aee70722f4f0f7a1)

5 / 68 (Adware)

http://dl.safemonitorapp.com/SafeMonitor/568/.../Setup.exe (ad52322f8f2a05b5b47b23543f6f7bf1)

1 / 68 (Adware)

http://dl.safemonitorapp.com/SafeMonitor/19701/.../Setup.exe (70f4df4c40167a8db182a7e8fa1eedaf)

4 / 68 (Adware)

http://dl.safemonitorapp.com/SafeMonitor/478/.../Setup.exe (ce4533e230ee96e57183a598518d9be0)

0 / 68

http://dl.safemonitorapp.com/SafeMonitor/595/.../Setup.exe (58b1e8d01eae801fd4a2f1f72b43e4ed)

1 / 68 (Adware)

http://dl.safemonitorapp.com/SafeMonitor/597/.../Setup.exe (55c533b90dc04afb236b416dfc8b2a60)

3 / 68 (Adware)

http://dl.safemonitorapp.com/SafeMonitor/54401/.../Setup.exe (0044989919507010c2c8ff728910e98c)

1 / 68 (Adware)

http://dl.safemonitorapp.com/SafeMonitor/1314/.../Setup.exe (ba1d5b143b30fcc1325490482f76b6f7)

1 / 68 (Adware)

http://dl.safemonitorapp.com/SafeMonitor/920/.../Setup.exe (ff633c32a9d751a86f14957328c80de4)

10 / 68 (PUP)

http://dl.safemonitorapp.com/SafeMonitor/54301/.../Setup.exe (cfc999d04b54d5f13254fd49684e3118)

1 / 68 (Adware)

http://dl.safemonitorapp.com/SafeMonitor/566/.../Setup.exe (d449f6103f1b6f26874b21d519d32c8c)

8 / 68 (Adware)

http://dl.safemonitorapp.com/SafeMonitor/50000000/.../Setup.exe (b76c76abe40ef08c13544d759331d93c)

2 / 68 (PUP)

http://dl.safemonitorapp.com/SafeMonitor/54501/.../Setup.exe (5a9ce4b834f114069fda6ba086324970)

8 / 68 (Adware)

http://dl.safemonitorapp.com/SafeMonitor/596/.../Setup.exe (5df05c1ae745d10082c75ca06c227dfa)

17 / 68 (Adware)

http://dl.safemonitorapp.com/SafeMonitor/21202/.../Setup.exe (4c7340ce763603ae10c10c28c7e62b82)

19 / 68 (Adware)

http://dl.safemonitorapp.com/SafeMonitor/20101/.../Setup.exe (cf83e95296eec00ec962b130046eb1c5)

8 / 68 (Adware)

http://dl.safemonitorapp.com/SafeMonitor/1319/.../Setup.exe (6c42b2d1910f83da2cf7a4d994dc3744)

8 / 68 (Adware)

http://dl.safemonitorapp.com/SafeMonitor/1315/.../Setup.exe (bcff266c0903c8361acb85e0b9a57dcd)

11 / 68 (Adware)

http://dl.safemonitorapp.com/SafeMonitor/1312/.../Setup.exe (74bc6bde3c095e2621dc46e07e1ae01b)

14 / 68 (Adware)

http://dl.safemonitorapp.com/SafeMonitor/54701/.../Setup.exe (cea5f1663468db64ac5b9cd082dcc799)

13 / 68 (Adware)

http://dl.safemonitorapp.com/SafeMonitor/53801/.../Setup.exe (a52407612c125cba37208a668e315265)

8 / 68 (Adware)

http://dl.safemonitorapp.com/SafeMonitor/53501/.../Setup.exe (dc1ce1aee8733bc215fb33681d004225)

Latest 30 of 50 download URLs

The following 168 files have been seen to comunicate with dl.safemonitorapp.com in live environments.

TCP » 54.192.192.116:443

UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.55.201:80

uvconverter.exe (TODO: <Product name> by TODO: <Company name>)

TCP » 54.192.195.11:443

onlineguardian-v2.exe

TCP » 52.85.142.108:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.55.28:80

yacqq.exe (TODO: <Product name> by TODO: <Company name>)

TCP » 52.85.142.14:443

browser.exe (Browser)

TCP » 52.84.125.110:443

client.exe (ClientWrapper)

TCP » 54.230.51.211:443

1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

TCP » 52.85.142.14:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.50:443

browserairexec.exe (BrowserAir by Goobzo)

TCP » 54.192.55.28:80

saber.exe

TCP » 52.85.142.201:443

browser.exe (Browser)

TCP » 52.85.142.108:443

UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.192.110:443

UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.230.51.211:443

new_chrome.exe (1stBrowser by The 1stBrowser Authors)

TCP » 52.85.142.161:80

new_chrome.exe (1stBrowser by The 1stBrowser Authors)

TCP » 54.192.55.28:80

saber.exe

TCP » 52.84.125.252:80

Mobogenie.exe (Mobogenie by Mobogenie.com)

TCP » 52.85.131.106:443

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.85.142.201:443

apptrailers.exe

Latest 20 of 285 files

URL:

http://dl.safemonitorapp.com/

Title:

“SafeMonitor Site”

Network:

Amazon Cloudfront

Web server:

AmazonS3

Related Domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.