home

home-roll.info

Nick Perardi

Domain Information

This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Scottsdale, Arizona within the United States which resides on the GoDaddy.com, LLC network.
Registrar:
GoDaddy.com, LLC (R171-LRMS)

Server location:
Arizona, United States (US)

ASN:
AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC,US

Whois:
2 home-roll.info records

Scanner detections:
Detections  (61% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Win.Reputation, PUP.Appknowledge.K, PUP.Appknowledge.Installer (M), PUP.Appknowl.Installer (M), PUP (M)
51.61%

Dr.Web
Trojan.DownLoader11.29667
41.94%

Kaspersky
not-a-virus:Downloader.NSIS.Agent
32.26%

VIPRE Antivirus
Threat.4150696
19.35%

Avira AntiVirus
TR/Dropper.Gen
9.68%

SUPERAntiSpyware
Trojan.Agent/Gen-Downloader
6.45%

AVG
Generic
6.45%

Clam AntiVirus
Win.Trojan.Outbrowse-259, Win.Adware.Agent-59030
6.45%

Microsoft Security Essentials
Worm:Win32/NeksMiner.A
3.23%

F-Secure
Application:W32/Generic.70053c248f!Online
3.23%

avast!
Malware-gen
3.23%

AegisLab AV Signature
Troj.BAT.BitCoinMiner
3.23%

NANO AntiVirus
Trojan.Nsis.Downloader.dsmwqn
3.23%

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
3.23%

The domain home-roll.info has been seen to resolve to the following 2 IP addresses.

50.63.202.54
ip-50-63-202-54.ip.secureserver.net
November 30, 2014

107.190.136.236
107-190-136-236.static.dimenoc.com
September 1, 2014

File downloads found at URLs served by home-roll.info.

0 / 68
http://home-roll.info/wrp/download.php?name=candycrush&durl=http://open-install.com/ttrp.php?transaction_id=102eda0aadd70106f11977b7bbedd9&affiliate_id=1050&offer_id=2541&name=CandyCrush&exe=http://c572af6f.com/.../CandyCrush.exe  (7a2caf6fdb28b3d6742a380e0ab2fdeb)

0 / 68
http://home-roll.info/wrp/download.php?name=plantsvszombies&durl=http://freeinstall.org/ttrp.php?transaction_id=102e1a554d1e0913922498833cb434&affiliate_id=1214&offer_id=2503&name=PlantsVsZombies&exe=http://c572af6f.com/.../PlantsVsZombies.exe  (afb65c6ff85a74ba7ca9657a56e013e0)

1 / 68      (PUP)
http://home-roll.info/prwrp/.../GG8ICxpWXmI7XBxeBEomADMEPS4DHmACUhJbLUw7AXZcORV1HGxMBkoCC3kQWwxWPVMjFSI ci9GSm9fEUBEbhkfVhtzeBoKSGtdWkoJWCJ0WRVaTREBBCUvIzhOCmBxDFpVbhgYOUhDPH08Tz8eDQUKFiF4AQ==&t=WGRZWBFNX3RoDE5WDEYhFWA9NSxdSmYHAFJVfBltQktWbBF8CWU=  (javaupdate.exe)

3 / 68      (PUP)
http://home-roll.info/wrp/download.php?name=candycrush&durl=http://freeinstall.org/ttrp.php?transaction_id=1024e791a7a25797efd21257acf76c&affiliate_id=1050&offer_id=2549&name=CandyCrush&exe=http://c572af6f.com/.../CandyCrush.exe  (f4087eb7bee4558349c86a9ebb296a95)

2 / 68      (inconclusive)
http://home-roll.info/wrp/download.php?name=youtubedownloader&durl=http://freeinstall.org/ttrp.php?transaction_id=1024e791a7a25797efd21257acf76c&affiliate_id=1050&offer_id=188&name=YoutubeDownloader&exe=http://c572af6f.com/.../YoutubeDownloader.exe  (c4c67a8666eb03b9204eb6a8dbe4187e)

2 / 68      (inconclusive)
http://home-roll.info/wrp/download.php?name=chrome&durl=http://freeinstall.org/ttrp.php?transaction_id=1024e791a7a25797efd21257acf76c&affiliate_id=1138&offer_id=196&name=Chrome&exe=http://c572af6f.com/.../Chrome.exe  (addc59e4bb17b842de038d1707a29806)

2 / 68      (inconclusive)
http://home-roll.info/wrp/download.php?name=candycrush&durl=http://open-install.com/ttrp.php?transaction_id=1029b53b08516279ce5e7e6258f757&affiliate_id=1050&offer_id=2535&name=CandyCrush&exe=http://c572af6f.com/.../CandyCrush.exe  (14a90c13f09ce173f6d1e28670a075ce)

1 / 68      (PUP)
http://home-roll.info/.../download.php?n=WGRbWBFNBCUsWw9HDEIzEXRg&i=WGRbUBpVTCwuTgoNRwwjGHsuJiYQTD1aSkBAOVpwA0FFYlw SjAZCUgbBys0ZRNTVRJ3RmRsbC4KS2UAAFdVKks4FhBTOBh9SG9TCU4LDGI7XBxeBEomADMEPS4DHmACUhJbLUw7AXZcORV1HGxMBkoCC3kQWwxWPVMjFSI ci9GSm9fEUBEbhkfVhtzeBoKSGtdWkoJWCJ0WRVaTREBBCUvIzhOCmBxDFpVbhgYOUhDPH08Tz8eDQUKFiF4AQ==&t=WGRZWBFNX3RoCE0PDBcjQ2E NytfTjRSXFJRexs9QhBUOEwuCWU=  (javaupdate.exe)

2 / 68      (inconclusive)
http://home-roll.info/wrp/download.php?name=candycrush&durl=http://open-install.com/ttrp.php?transaction_id=1028251619f4312a556fd11b206615&affiliate_id=1050&offer_id=2549&name=CandyCrush&exe=http://c572af6f.com/.../CandyCrush.exe  (ff35ca29aa9f81f76db2b65f5005a458)

2 / 68      (inconclusive)
http://home-roll.info/wrp/download.php?name=candycrush&durl=http://open-install.com/ttrp.php?transaction_id=1027a2ab1955e16f654e59014fe4c3&affiliate_id=1050&offer_id=2543&name=CandyCrush&exe=http://c572af6f.com/.../CandyCrush.exe  (0963907717e89967d99d6d2c1e265d03)

1 / 68      (PUP)
http://home-roll.info/prwrp/download.php?n=WGRbWBFNBCUsWw9HDEIzEXRg&i=WGRbUBpVTCwuTgoNRwwjGHsuJiYQTD1aSkBAOVpwA0FFYlw SjAZCUgbBys0ZRNTVRJ3RmRiMXldF2tSAVIAL05qQBlQZUt4TWcPWhNaXmI7XBxeBEomADMEPS4DHmACUhJbLUw7AXZcORV1HGxMBkoCC3kQWwxWPVMjFSI ci9GSm9fEUBEbhkfVhtzeBoKSGtdWkoJWCJ0WRVaTREBBCUvIzhOCmBxDFpVbhgYOUhDPH08Tz8eDQUKFiF4AQ==&t=WGRZWBFNX3RoCENSW0B/.../Mn5aS2YEVVEMKB44SkwHZR18CWU=  (javaupdate.exe)

1 / 68      (PUP)
http://home-roll.info/prwrp/download.php?n=WGRSUgkJByg/TRJeEgF8&i=WGRYWxlVTCwuTgoNRwwzADR1MD1QTT1PFltSPwQ9HEQaOUc7RTIFCU9AHCErTx9EHAxyQGdjYH0KHmdRVFcFLk5rQB0FbRh8GzhFDUpcGgY CzcIK08uFz0SEHcPH2APUQwGLxhvREhWa0x/GjoMCR1aDCE/AxwAWhBhJCM5HQ4DHmAGURJbLUw3FxQGbRx5DT0LGF8GASpnfBNbDXQvHSx9MiNSShxWCFEJDUMyFn5dNFJqXiwGVUMbGjR/CTsSWmViRhA4YX0MTjQBAxpXJEd7QW9FLlw7WS5PWm0GACt/.../CWU=  (filewhiz.exe)

2 / 68      (inconclusive)
http://home-roll.info/wrp/download.php?name=instaburner&durl=http://freeinstall.org/ttrp.php?transaction_id=102a497d8c18c83fc6e18f73be8c5b&affiliate_id=1214&offer_id=3051&name=InstaBurner&exe=http://c572af6f.com/.../InstaBurner.exe  (fc0ce93675792429c4986c36a45a8bc8)

2 / 68      (false positives)
http://home-roll.info/wrp/download.php?name=instagram&durl=http://freeinstall.org/ttrp.php?transaction_id=102f62ed848af11b00b384fa3f4d81&affiliate_id=1184&offer_id=1146&name=Instagram&exe=http://c572af6f.com/.../Instagram.exe  (wrar420.exe)

1 / 68      (PUP)
http://home-roll.info/.../download.php?n=WGRbWBFNBCUsWw9HDEIzEXRg&i=WGRbUBpVTCwuTgoNRwwjGHsuJiYQTD1aSkBAOVpwA0FFYlw SjAZCUgbBys0ZRNTVRJ3RmA9NnsIGWMHUQwEKUltQUwMbx4uSGkPWR9aW2I7XBxeBEomADMEPS4DHmACUhJbLUw7AXZcORV1HGxMBkoCC3kQWwxWPVMjFSI ci9GSm9fEUBEbhkfVhtzeBoKSGtdWkoJWCJ0WRVaTREBBCUvIzhOCmBxDFpVbhgYOUhDPH08Tz8eDQUKFiF4AQ==&t=WGRZWBFNX3RoDBxVWRVxRWZvbHpcTGEFAA0GfUg9REwEaR15CWU=  (javaupdate.exe)

1 / 68      (PUP)
http://home-roll.info/prwrp/.../FU1QP0t8CWU=  (javaupdate.exe)

1 / 68      (PUP)
http://home-roll.info/.../download.php?n=WGRbWBFNBCUsWw9HDEIzEXRg&i=WGRbUBpVTCwuTgoNRwwjGHsuJiYQTD1aSkBAOVpwA0FFYlw SjAZCUgbBys0ZRNTVRJ3Rmc9bChdHzcAVAdSchJvRRAFPBAvTW5cWhoMWmI7XBxeBEomADMEPS4DHmACUhJbLUw7AXZcORV1HGxMBkoCC3kQWwxWPVMjFSI ci9GSm9fEUBEbhkfVhtzeBoKSGtdWkoJWCJ0WRVaTREBBCUvIzhOCmBxDFpVbhgYOUhDPH08Tz8eDQUKFiF4AQ==&t=WGRZWBFNX3RoCxwPCkB3EWFqZywHF2MBXARVc0k4Qx8HbEt4CWU=  (javaupdate.exe)

4 / 68      (PUP)
http://home-roll.info/wrp/download.php?name=candycrush&durl=http://open-install.com/ttrp.php?transaction_id=102181282a6f173bb3d741abf06674&affiliate_id=1050&offer_id=2543&name=CandyCrush&exe=http://c572af6f.com/.../CandyCrush.exe  (0bce4821361c7aa6e4250e9738df0df8)

1 / 68      (inconclusive)
http://home-roll.info/wrp/download.php?name=candycrush&durl=http://open-install.com/ttrp.php?transaction_id=102af53c5c0be43c4e089eab9dfb58&affiliate_id=1050&offer_id=2543&name=CandyCrush&exe=http://c572af6f.com/.../CandyCrush.exe  (c4f5e1422b8b54d601eaeb0be8320500)

2 / 68      (inconclusive)
http://home-roll.info/wrp/download.php?name=candycrush&durl=http://open-install.com/ttrp.php?transaction_id=102c35b06212e886f9128cf5f4f758&affiliate_id=1050&offer_id=2511&name=CandyCrush&exe=http://c572af6f.com/.../CandyCrush.exe  (f1c98f8f0b0e18baedf8ca6f0e2c5e0c)

1 / 68      (PUP)
http://home-roll.info/.../download.php?n=WGRbWBFNDyA1WB9RBEI0HHRg&i=WGRbUB1VTCwuTgoNRwwhBjM PSRNWzNbCRpbOU1xEkBHc1gkW2EeGkoBHSU5ThNYBnwuEGtqZHgHHWZUVgRWLxo7EhBRbRt8TjwIWx4OX3RsW0wRCUUhHToyNT5bcDtTWAUFcx54HE9TOFoTQjpXWhpaXWI0WxdSVWIjGzQ EiZfXDoRAExRdkIqB1kQbmlpGRhPWm0MW3NoWxwBDg0kGzt ZgxOXCZAF0QReWw3HUgQb24NTzEIDW0DDzcyFB9PDQF8  (adobeflash.exe)

4 / 68      (PUP)
http://home-roll.info/wrp/download.php?name=candycrush&durl=http://open-install.com/ttrp.php?transaction_id=102cc8603be3b63cb198913ccc6191&affiliate_id=1050&offer_id=2513&name=CandyCrush&exe=http://c572af6f.com/.../CandyCrush.exe  (247508e1259f6737366d9296034b53f7)

6 / 68      (PUP)
http://home-roll.info/wrp/download.php?name=farmville2&durl=http://freeinstall.org/ttrp.php?transaction_id=102ef18b11a79241b5a789e2004976&affiliate_id=1184&offer_id=1106&name=FarmVille2&exe=http://c572af6f.com/pstwrp/.../FarmVille2.exe  (71945847c9bde3a58c099e281e9837b7)

1 / 68      (false positive)
http://home-roll.info/.../download.php?n=WGRbWBFNBCUsWw9HDEIzEXRg&i=WGRbUBpVTCwuTgoNRwwjGHsuJiYQTD1aSkBAOVpwA0FFYlw SjAZCUgbBys0ZRNTVRJ3Rm9oZXsKTGcAUA0FeRNpQxsCaEp8GmZfCx9fXGI7XBxeBEomADMEPS4DHmACUhJbLUw7AXZcORV1HGxMBkoCC3kQWwxWPVMjFSI ci9GSm9fEUBEbhkfVhtzeBoKSGtdWkoJWCJ0WRVaTREBBCUvIzhOCmBxDFpVbhgYOUhDPH08Tz8eDQUKFiF4AQ==&t=WGRZWBFNX3RoA0kGWRckQWFubXsMFmUHVwMBKRpvSxxWaRh CWU=  (shsetup.exe)

2 / 68      (PUP)
http://home-roll.info/prwrp/download.php?n=WGRbWBFNBCUsWw9HDEIzEXRg&i=WGRbUBpVTCwuTgoNRwwjGHsuJiYQTD1aSkBAOVpwA0FFYlw SjAZCUgbBys0ZRNTVRJ3RmJsYXlfG2tVVABQexM/.../RRoNPBgqCWU=  (javaupdate.exe)

2 / 68      (PUP)
http://home-roll.info/.../download.php?n=WGRbWBFNBCUsWw9HDEIzEXRg&i=WGRbUBpVTCwuTgoNRwwjGHsuJiYQTD1aSkBAOVpwA0FFYlw SjAZCUgbBys0ZRNTVRJ3RmFoMSkIHTZVXVVWL09vEhlWbR10Gz1dWE8OWWI7XBxeBEomADMEPS4DHmACUhJbLUw7AXZcORV1HGxMBkoCC3kQWwxWPVMjFSI ci9GSm9fEUBEbhkfVhtzeBoKSGtdWkoJWCJ0WRVaTREBBCUvIzhOCmBxDFpVbhgYOUhDPH08Tz8eDQUKFiF4AQ==&t=WGRZWBFNX3RoDUlSCxV1EDRjNShaSmNWVVcEfhJuEB4FOUl7CWU=  (javaupdate.exe)

7 / 68      (PUP)
http://home-roll.info/wrp/download.php?name=twitter&durl=http://freeinstall.org/ttrp.php?transaction_id=102ddf11d5258801d79ed760c62b37&affiliate_id=1184&offer_id=1346&name=Twitter&exe=http://c572af6f.com/.../Twitter.exe  (62b9908403d972003de0ce9242b37b1e)

1 / 68      (inconclusive)
http://home-roll.info/wrp/download.php?name=avg&durl=http://open-install.com/ttrp.php?transaction_id=1021baf805606315e1c4f90811d535&affiliate_id=1184&offer_id=2735&name=AVG&exe=http://c572af6f.com/.../AVG.exe  (6666f9838a3c6c993a8c753cfa7ab41c)

The following 218 files have been seen to comunicate with home-roll.info in live environments.

TCP » 50.63.202.54:80
media+playervided2.5-codedownloader.exe (Media+PlayerVidEd2.5 by Enter)

TCP » 50.63.202.54:80
discount_frenzy-codedownloader.exe (Discount_Frenzy by DiscountFrenzy)

TCP » 50.63.202.54:80
3479c191-5ec6-40ac-acb3-48bf04c4eb73-10.exe (Media+PlayerVidEd2.5 by Enter)

TCP » 50.63.202.54:80
googleupdate.exe13d7b73 (globalUpdate Update by globalUpdate)

TCP » 50.63.202.54:80
cinplus-2.4cv03.01-codedownloader.exe (CinPlus-2.4cV03.01 by CinPlusV03.01)

TCP » 50.63.202.54:80
da561e24-9a35-4b6e-b6f6-2ab85c64e8f7-11.exe (I - Cinema by DiscountFrenzy)

TCP » 50.63.202.54:80
sense-codedownloader.exe (Sense by Object Browser)

TCP » 50.63.202.54:80
1bfece60-b696-439b-ba0a-b7d28f77d3c4-6.exe (Sense by Sense+)

TCP » 50.63.202.54:80
ge-force-codedownloader.exe (Ge-Force by iWebar)

TCP » 50.63.202.54:80
8dc4883b-66ed-4722-868a-56aa10e22976-5.exe (Sense by Object Browser)

TCP » 50.63.202.54:80
discount_frenzy-codedownloader.exe (Discount_Frenzy by DiscountFrenzy)

TCP » 50.63.202.54:80
i - cinema-codedownloader.exe (I - Cinema by DiscountFrenzy)

TCP » 50.63.202.54:80
ee591b0c-a8e5-4acc-bb03-c8b97e762e46-10.exe (Media+PlayerVidEd2.5 by Enter)

TCP » 50.63.202.54:80
wifi protector bi-nova.exe (Wifi Protector BI by WFprotect)

TCP » 50.63.202.54:80
e5abfa2a-8157-44a5-a580-f7c79bd8595b-7.exe (Ge-Force by iWebar)

TCP » 50.63.202.54:80
e5abfa2a-8157-44a5-a580-f7c79bd8595b-11.exe (Ge-Force by iWebar)

TCP » 50.63.202.54:80
hdq-1.2cv01.01-codedownloader.exe (HDQ-1.2cV01.01)

TCP » 50.63.202.54:80
08811b32-6c35-4bfc-8b0b-a028aff7e8bf-7.exe (Sense by Object Browser)

TCP » 50.63.202.54:80
1998bdff-9ea7-42ff-8e0d-c327d3883d3a-6.exe (Cinem Plus 2.4cV21.07 by Cinema Plus ProV21.07)

TCP » 50.63.202.54:80
3cd2f285-f6b7-45b8-94c6-b0f0888b836c-6.exe (SensePlus by Object Browser)

 
Latest 20 of 218 files

URL:
http://home-roll.info/

Title:
“home-roll.info”

Web server:
Microsoft-IIS/7.5 (ASP.NET) (Version: 4.0.30319)

0136h.info

absencegotoprod.com

absoluteclient.info

automationencode.info

backbestfiles.com

courtgoing.com

daniarelay.com

dcgate.net

down1211.info

downloaddeep.com

downloadnet.org

downserver1.com

edwardjmiller.com

elementnet.info

exfriendalert.com

frogdownload.com

gainpage1000.info

grindbestfiles.com

hansaexecute.info

inbox2me.com

kinkcard.com

maticnetworks.info

mediaconverterprogram.com

messengerdata.info

queenswaysoftware.info

simple-get.net

spartafile.info

wegotmedia.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.