home

feidowns.com

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain feidowns.com is registered by proxy through ENOM, INC. and was originally registered in April of 2014. Currently this domain has been known to host various forms of malware. The hosted servers are located in Phoenix, Arizona within the United States which resides on the CloudFlare, Inc. network. The domain uses the CloudFlare CDN, a distributed domain name server service which utilizes a number of reverse proxy IP Addresses (see below).
Registrar:
ENOM, INC.

Server location:
Arizona, United States (US)

Create date:
Sunday, April 27, 2014

Expires date:
Wednesday, April 27, 2016

Updated date:
Thursday, July 16, 2015

ASN:
AS13335 CLOUDFLARENET - CloudFlare, Inc.,US

Whois:
1 feidowns.com record

Google Safe Browsing:
unwanted

Scanner detections:
Malware distribution  (93% detected)

Scan engine
Details
Detections

avast!
Win64:Malware-gen, Win32:Agent-AWTD [Trj], Win32:Malware-gen, GenMaliciousA-ATC [Trj], Win32:Vitro
100.00%

McAfee
Artemis!04A62FC93A99, Artemis!45FA642AFF7C, RDN/Generic PUP.z!ei, RDN/Generic PWS.y!bdk, Artemis!2A4694C343E4, Artemis!CE947D4F5FA7
85.71%

Emsisoft Anti-Malware
Adware.Generic.1007001, Trojan.Generic.12254270, Gen:Variant.Kazy.540877, Gen:Variant.Kazy.541895, Trojan-Dropper.Win32.Dapato, Win32.Virtob.Gen.12
78.57%

MicroWorld eScan
Adware.Generic.1007001, Trojan.Generic.12240864, Trojan.Generic.12254270, Gen:Variant.Kazy.540877, Gen:Variant.Kazy.541895, Trojan.GenericKD.2101646, Gen:Variant.Zusy.95379, Gen:Trojan.Heur2.JP.IuZ@auFl78k
71.43%

Trend Micro House Call
TROJ_SPNR.11IN14, Suspicious_GEN.F47V1201, TROJ_GEN.R021C0EA115, TROJ_SPNR.3ABF15, TROJ_SPNR.11AP15, TROJ_GEN.R02KH05E715
71.43%

Kaspersky
HackTool.Win64.BitCoinMiner, Trojan-PSW.Win32.Agent, Trojan-Downloader.MSIL.Agent, Backdoor.Win32.Agent, Trojan.Win32.Dynamer
71.43%

Bitdefender
Adware.Generic.1007001, Trojan.Generic.12240864, Trojan.Generic.12254270, Gen:Variant.Kazy.540877, Gen:Variant.Kazy.541895
71.43%

Agnitum Outpost
Riskware.Agent, Riskware.HackTool, Trojan.PWS.Agent, Backdoor.Agent, Trojan.DownLoader, Trojan.DL.Agent
71.43%

Lavasoft Ad-Aware
Adware.Generic.1007001, Trojan.Generic.12240864, Trojan.Generic.12254270, Gen:Variant.Kazy.540877, Gen:Variant.Kazy.541895
71.43%

F-Secure
Adware.Generic.1007001, Trojan.Generic.12240864, Trojan.Generic.12254270, Gen:Variant.Kazy.540877, Gen:Variant.Kazy.541895
71.43%

G Data
Adware.Generic.1007001, Trojan.Generic.12240864, Trojan.Generic.12254270, Gen:Variant.Kazy.540877, Gen:Variant.Kazy.541895
71.43%

Panda Antivirus
Trj/CI.A, Generic Suspicious, Trj/Chgt.O
71.43%

VIPRE Antivirus
Trojan.Win32.Generic, Trojan.Win32.Generic!SB.0
64.29%

ESET NOD32
Win64/BitCoinMiner (variant), MSIL/ExtenBro.AK (variant), MSIL/TrojanDropper.Agent.BKZ, Win32/Regiskazi (variant), MSIL/TrojanClicker.Agent.NLU
64.29%

IKARUS anti.virus
HackTool.Win64.BitCoinMiner, Trojan.MSIL.ExtenBro, Trojan.Win32.Regiskazi, Trojan-Downloader, Win32.SuspectCrc
64.29%

The domain feidowns.com has been seen to resolve to the following 3 IP addresses.

8.5.1.35
May 16, 2016

104.31.88.134
February 10, 2016

104.31.89.134
February 10, 2016

File downloads found at URLs served by feidowns.com.

8 / 68      (Infected)
http://feidowns.com/winsnr.exe  (655351bc4ebf632a17aaa16c1f6dd0c4)

30 / 68    (Malware)
http://feidowns.com/FlashPlayerUpdater.exe  (ce947d4f5fa7d68bd67716ee1853c91d)

29 / 68    (Malware)
http://feidowns.com/eklenti.exe  (winseptr.exe)

0 / 68
http://feidowns.com/fei.exe  (winregissss.exe)

10 / 68    (Malware)
http://feidowns.com/allah.exe  (windowsstsart.exe)

10 / 68    (Malware)
http://feidowns.com/god.exe  (fei.exe)

17 / 68    (Malware)
http://feidowns.com/canabi.exe  (winregistorss.exe)

13 / 68    (Malware)
http://feidowns.com/feiallahliks.exe  (criticalsupdates.exe)

13 / 68    (Malware)
http://feidowns.com/qqweqw.exe  (criticalsupdates.exe)

24 / 68    (Malware)
http://feidowns.com/update.exe  (winconf.exe)

33 / 68    (Malware)
http://feidowns.com/winfpe.exe  (4a910aee3dcfea1b6c9b6f2df5e987de)

4 / 68      (Malware)
http://feidowns.com/eklenti.exe  (winseptr.exe)

13 / 68    (Malware)
http://feidowns.com/winsnrs.exe  (criticalsupdates.exe)

22 / 68    (PUP)
http://feidowns.com/64.exe  (winupt.exe)

23 / 68    (PUP)
http://feidowns.com/641.exe  (winsetupt.exe)

23 / 68    (PUP)
http://feidowns.com/642.exe  (winsetupt.exe)

20 / 68    (Malware)
http://feidowns.com/instaall_flashhplayers86x64_msssd_aa_aih.exe  (2a4694c343e4873ac83e26099fe2174b)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.