home

freempr9.softsofast.com

Only contact by email, all postal mail will be rejected  (Proxy Registrant)

Domain Information

The domain freempr9.softsofast.com is registered by proxy through SOLUCIONES CORPORATIVAS IP,SLU and was originally registered in September of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Madrid, Madrid within Spain which resides on the RIPE Network Coordination Centre network.
Registrar:
SOLUCIONES CORPORATIVAS IP,SLU

Server location:
Madrid, Spain (ES)

Create date:
Thursday, September 11, 2014

Expires date:
Friday, September 11, 2015

Updated date:
Thursday, September 11, 2014

Root domain:
softsofast.com

Whois:
1 softsofast.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.VittaliaInternetSL.CC, PUP.Zoobam.CC, PUP.Zoobam.e, PUP.Tightrope.Bundler, PUP.AstroDeliveryFriedCookie.CC, PUP.Installer.DownloadAssistant.e, PUP.Installer.Air Software, PUP.Bundler.Vittalia, PUP.Vittalia.VittaliaInternetSL.Bundler (M), PUP.InstallCore.Installer (M), PUP.Air Software.DownloadAssistant.Bundler (M), PUP.Tightrope.Statscom.Bundler (M), PUP.Air Software.Download.Bundler (M), PUP.Vittalia.Bundler (M), PUP.InstallCore.FC (M), PUP.Tightrope.Sanflex.Bundler (M), PUP.Tightrope.Zoobam.Bundler (M), PUP.Tightrope (M)
96.30%

VIPRE Antivirus
Adware.InstallCore, DownloadAdmin, Threat.4783369, Trojan.Win32.Generic, Threat.4782985, Threat.5063361
51.85%

Malwarebytes
PUP.Optional.Vittalia, PUP.Optional.DownloadAdmin, PUP.Optional.FriedCookie, PUP.Optional.DownloadAssistant, PUP.Optional.InstallCore
48.15%

AVG
Generic
48.15%

Sophos
Generic PUA CH, Generic PUA MP, DownloadAdmin, AirInstaller, Generic PUA NI, PUA 'AirInstaller', PUA 'Install Core Click run software'
44.44%

K7 AntiVirus
Unwanted-Program , Trojan
40.74%

Dr.Web
Trojan.Packed.28459, Adware.Downware.2220, Trojan.InstallCore.15, Adware.Conduit.170, Trojan.Vittalia.2
40.74%

Avira AntiVirus
ADWARE/InstallCore.Gen9, ADWARE/Adware.Gen, Adware/InstallCore.rfpa, APPL/Downloader.Gen
40.74%

ESET NOD32
Win32/InstallCore.QH (variant), Win32/DownloadAdmin (variant), Win32/InstallCore.QW (variant), Win32/InstallCore.QF (variant)
33.33%

Agnitum Outpost
Riskware.Agent, PUA.InstallCore
29.63%

G Data
Application.Bundler.GA, Win32.Application.DownloadAdmin, Application.Bundler.FX, Win32.Application.InstallCore.CM, Application.Bundler.KJ
29.63%

Fortinet FortiGate
Riskware/InstallCore, Riskware/DownloadAdmin
25.93%

Baidu Antivirus
Adware.Win32.Bbylon, Adware.Win32.DownloadAdmin, Adware.Win32.InstallCore, Trojan.Win32.Addrop
25.93%

NANO AntiVirus
Riskware.Win32.Conduit.dhhkky, Riskware.Win32.InstallCore.dimyzq, Riskware.Win32.Downware.djahkt, Trojan.Nsis.Downloader.dqlxfr
25.93%

F-Prot
W32/InstallCore.AC.gen, W32/A-9949dfbf, W32/A-cd1300c2, W32/InstallCore.AG.gen, W32/S-92ce39bf
22.22%

The domain freempr9.softsofast.com has been seen to resolve to the following 2 IP addresses.

93.189.35.250
October 24, 2014

93.189.35.249
October 24, 2014

File downloads found at URLs served by freempr9.softsofast.com.

1 / 68      (Adware)
http://freempr9.softsofast.com/.../download?p=REVENUE&trckid=008009923014667697879  (installer_adobe_flash_player_english.exe)

11 / 68    (Adware)
http://freempr9.softsofast.com/.../download?p=ADCASH&trckid=7045133851416005862  (Setup.exe)

1 / 68      (Adware)
http://freempr9.softsofast.com/.../download?p=VELISMEDIA&trckid=ams1CM2-kZLZs-71GhACGP6fsajm75PNJiIMMzEuNDcuMTM1LjU0KAEwnMHtogU.  (installer_adobe_flash_player_rusian.exe)

1 / 68      (Adware)
http://freempr9.softsofast.com/.../download?p=VELISMEDIA&trckid=ams1CM2-kZLZs-71GhACGP6fsajm75PNJiIMMzEuNDcuMTM1LjU0KAEwnMHtogU.  (installer_adobe_flash_player_rusian.exe)

1 / 68      (Adware)
http://freempr9.softsofast.com/.../download?p=VELISMEDIA&trckid=lax1CN2rnLD8oN-VFhACGJKTlZWMweH4LyIMOTguMTk3LjU3LjI3KAEw0vKYogU.  (installer_adobe_flash_player_english.exe)

1 / 68      (Adware)
http://freempr9.softsofast.com/.../download?p=REVENUE&trckid=008343667014469634384  (installer_adobe_flash_player_french.exe)

12 / 68    (Adware)
http://freempr9.softsofast.com/.../download?p=REVENUE&trckid=003748464014578700633  (installer_adobe_flash_player_english.exe)

12 / 68    (Adware)
http://freempr9.softsofast.com/.../download?p=REVENUE&trckid=008973640014581677677  (installer_adobe_flash_player_english.exe)

14 / 68    (Adware)
http://freempr9.softsofast.com/.../download?p=ADCASH&trckid=31951317241413827967  (Setup.exe)

1 / 68      (Adware)
http://freempr9.softsofast.com/.../download?p=VELISMEDIA&trckid=nym1CJKJjY3Szd-AdxACGO3_56m4vIymZSINMjQuMTkxLjI2LjIwMigBMJ34kKIF  (installer_adobe_flash_player_english.exe)

1 / 68      (Adware)
http://freempr9.softsofast.com/.../download?p=VELISMEDIA&trckid=nym1CJKJjY3Szd-AdxACGO3_56m4vIymZSINMjQuMTkxLjI2LjIwMigBMJ34kKIF  (installer_adobe_flash_player_english.exe)

16 / 68    (Adware)
http://freempr9.softsofast.com/.../download?p=REVENUE&trckid=007450526014508588355  (icreinstall_installer_adobe_flash_player_english.exe)

27 / 68    (Adware)
http://freempr9.softsofast.com/.../download?p=REVENUE&trckid=007450526014508588355  (installer_adobe_flash_player_arabe.exe)

1 / 68      (Adware)
http://freempr9.softsofast.com/.../download?p=REVENUE&trckid=003839562014508630604  (installer_adobe_flash_player_english.exe)

1 / 68      (Adware)
http://freempr9.softsofast.com/.../download?p=REVENUE&trckid=004593244014526001560  (installer_adobe_flash_player_polish.exe)

13 / 68    (Adware)
http://freempr9.softsofast.com/.../download?p=REVENUE&trckid=008785017014732391704  (installer_adobe_flash_player_english.exe)

1 / 68      (Adware)
http://freempr9.softsofast.com/.../download?p=REVENUE&trckid=005481228014469904062  (installer_adobe_flash_player_rumano.exe)

1 / 68      (Adware)
http://freempr9.softsofast.com/.../download?p=REVENUE&trckid=008561731015617040250  (installer_adobe_flash_player_tailand--s.exe)

24 / 68    (Adware)
http://freempr9.softsofast.com/.../download?p=REVENUE&trckid=008541227014468770444  (installer_adobe_flash_player_english.exe)

1 / 68      (Adware)
http://freempr9.softsofast.com/.../download?p=REVENUE&trckid=004809879014569433988  (installer_adobe_flash_player_german.exe)

1 / 68      (Adware)
http://freempr9.softsofast.com/.../download?p=REVENUE&trckid=008612858014477193517  (installer_adobe_flash_player_english.exe)

17 / 68    (PUP)
http://freempr9.softsofast.com/.../download?p=ADCASH&trckid=4117970251414189368  (installer_adobe_flash_player_english.exe)

18 / 68    (Adware)
http://freempr9.softsofast.com/.../download?p=ADCASH&trckid=u6981ae3454491bcc80c99cc80  (installer_adobe_flash_player_arabe.exe)

23 / 68    (Adware)
http://freempr9.softsofast.com/.../download?p=VELISMEDIA&trckid=nym1CMm24raD7M7BbRACGLrProLo-czDFSIMNjguNDMuMjQ1LjY1KAEw3ciHogU.  (installer_adobe_flash_player_english.exe)

13 / 68    (Adware)
http://freempr9.softsofast.com/.../download?p=REVENUE&trckid=009215519015627432463  (installer_adobe_flash_player_arabe.exe)

21 / 68    (Adware)
http://freempr9.softsofast.com/.../download?p=VELISMEDIA&trckid=lax1CO7n2Y7S1aWzGxACGNun1qu4qfOUICIOMjE2LjE5Ny4xODEuMjYoATDGjoeiBQ..  (installer_adobe_flash_player_english.exe)

15 / 68    (Adware)
http://freempr9.softsofast.com/.../download?p=VELISMEDIA&trckid=nym1CNPWrYih6bWeQxACGJzfxtbDga3zCiIMNjQuMTM0LjY5Ljk4KAEwntSPogU.  (installer_adobe_flash_player_english.exe)

14 / 68    (Adware)
http://freempr9.softsofast.com/.../download?p=ADCASH&trckid=15120193681413861666  (Setup.exe)

The following file have been seen to comunicate with freempr9.softsofast.com in live environments.

TCP » 93.189.35.249:80
banaduy.exe (Maskaseft Visual Studio 2010 by Maskaseft)

URL:
http://freempr9.softsofast.com/

Web server:
nginx/1.1.19 (PHP/5.3.10-1ubuntu3.9)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.