home

safedownloadsrus131.com

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain safedownloadsrus131.com is registered by proxy through ENOM, INC. and was originally registered in May of 2015. Currently this domain has been known to host various forms of malware. The hosted servers are located in Phoenix, Arizona within the United States which resides on the CloudFlare, Inc. network. The domain uses the CloudFlare CDN, a distributed domain name server service which utilizes a number of reverse proxy IP Addresses (see below).
Registrar:
ENOM, INC.

Server location:
Arizona, United States (US)

Create date:
Friday, May 15, 2015

Expires date:
Sunday, May 15, 2016

Updated date:
Friday, May 15, 2015

ASN:
AS13335 CLOUDFLARENET - CloudFlare, Inc.,US

Whois:
1 safedownloadsrus131.com record

Google Safe Browsing:
phishing

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Win.Reputation.IMP, PUP.AdGazelle.Verified.Installer (M), PUP.AdGazelle (M)
100.00%

ESET NOD32
Win32/AdGazelle.I potentially unwanted application
8.70%

avast!
Win32:Malware-gen
8.70%

NANO AntiVirus
Riskware.Win32.Downware.drcrbc
8.70%

IKARUS anti.virus
AdWare.AdGazelle
8.70%

Dr.Web
Adware.Downware.11074
8.70%

VIPRE Antivirus
Threat.5063330
8.70%

Avira AntiVirus
W32/Neshta.a
8.70%

Malwarebytes
PUP.Optional.Downware
8.70%

Emsisoft Anti-Malware
Gen:Variant.Adware.Strictor.86912
8.70%

F-Secure
Gen:Variant.Graftor.189304
8.70%

F-Prot
W32/S-6897f6c9
8.70%

Norman
Gen:Variant.Graftor.189304
8.70%

The domain safedownloadsrus131.com has been seen to resolve to the following 7 IP addresses.

8.5.1.45
May 19, 2016

104.28.18.31
April 19, 2016

104.28.19.31
April 19, 2016

104.18.49.220
February 10, 2016

104.18.48.220
February 10, 2016

108.162.200.193
July 1, 2015

141.101.127.192
July 1, 2015

File downloads found at URLs served by safedownloadsrus131.com.

1 / 68      (Adware)
http://safedownloadsrus131.com/download/.../1472?lpm_id=41  (setup.exe)

1 / 68      (Malware)
http://safedownloadsrus131.com/download/.../1775?lpm_id=125  (setup.exe)

1 / 68      (Malware)
http://safedownloadsrus131.com/download/.../1619?lpm_id=125  (setup.exe)

1 / 68      (Adware)
http://safedownloadsrus131.com/.../xl?enc=ODQ4NmFjMGE2ZDU2NDdjMmJhYTRjMmVmYWIzYmVjODBDFl8UW0EGU1BTUwAEUVMFAFhVBgYKBANZB1IGAVZaAVpSCwRYUBJNFBJSFA4VUQVUUgIFUQpXVAcAB1tUBloGClEOAgQABVkFAgYHAlFBHkAIERZZEF1fT1YBTFRTAR4KAA4UTUFYEkJGDxRHVgVXBg4WWg9dBAISEEYRVFAJHltbVQxZUxJNFAFNRhYNVQFXV1kEWwFcUVhbBVZUVgoDFBZcVAZBCg9DCFkaFlwGS0BbQwxUC1FXVlcGVVwCDAQODVoOWFIDUg4BUVNRUwEFBlZWFk8QCRYCQAlAVFENEhQWW0ZDWRJBFEgXQ0ZbQQhACRVAEwhKSQIGXUwHAVtUVgUWVQ4OHyVEDUNTRnEKXAYEE2swVxETEUxJCxVBFBJLRlsUW0FSA2kFVhQYFQdfDENbFhBTAwMFDUQMCQxZVEtGTUVQUAFPVQtYFBgVE1sXQ1sWQR5HCAxACUBHTxpTVUQaDENBHENbAFgUDhURXQxDTRYXVxcLQ1gRQElBWVNMFgIUVVAFVANRFxoWWwFeQFtDFk8QBg5DWBFASUFIUhoOGgdVWgVYA1YNDgIGVwFQVVgEVAVTRE1AVQxHWRpDXUBNRk8GSAQUSBdVWVMQEFhDQxhBUQZEW0BhLUdPGkNXFgJQAA9DBBpGVlVDQ0EIU01DRhMQX0RSUwdVVwEAA1oACQZVBlFTDlIDVwNUWwNWWQRRUQMEUkNOEQMWB1MSAlpNWg0e  (setup.exe)

1 / 68      (Malware)
http://safedownloadsrus131.com/download/.../1501?lpm_id=125  (setup.exe)

1 / 68      (Malware)
http://safedownloadsrus131.com/download/.../1775?lpm_id=125  (setup.exe)

1 / 68      (Malware)
http://safedownloadsrus131.com/download/.../1645?lpm_id=127  (setup.exe)

1 / 68      (Malware)
http://safedownloadsrus131.com/download/.../1610?lpm_id=125  (setup.exe)

1 / 68      (Malware)
http://safedownloadsrus131.com/download/.../1657?lpm_id=124  (setup.exe)

1 / 68      (Adware)
http://safedownloadsrus131.com/.../xl?enc=OTY0MThhNDRmNDYyNDA2OWI3NWY1NjNhOTFiNGY2MzhCFFMTAkMGAlcHUgoMCQ4MVQUBUQIDClkOB1YMUlBSXQ8DUAgOAxYYREJREA4SBglRDwdRVwYDAwECVgRQDlFbC1QEBQBQDAJSDQVTUQEUFUBeRUQPFAJYCR9TAV8YBw4XDgITFENcRxIWDBBHUVBcBlhCCFlZUgVKQxdHVwUCFlpZWQsAURYYRFFOQhYKAApXAQJeAQEBUQ8AUg1WBgUPFRRQU19DDloTWFoeFltTQEANF14CDwdQDgRXA19XBwwPD1YJAVAHB15RUldRVFQOBgACRBkUXxFaE1gWVwQGGhUUV0EaWxYURBgUR0ZcFANAX0ESRQwcTlpVDBoEVFBcVwcaUlcMG3AUXUBXRnZfVwZSRzlmU0cUSR8YXRYUHxpKRFcTAkNWVjlVVRAYElJUDBUPREZXVQRdXhVaCllSXEpEQUIJUgUaBVtbEBgSRlAXFQ9EFxoRD1QTWBZEGhFbVEYWCxpDGBYLUFsQDhJEVgwVGURBU0EMGwtAFkoUUltNFA4TC1ENAFQCFB4WXFRVQA0XRBkUUAkbC0AWShRDWhsMFgIJWAwFVgcHAAIBAgpQBQBSBQYCQxUTBFpEDBFLXEJBQRYETFFEGBRRWVRFG1gVF0oXVVBDAxMhe0QaEUtWFA5XWQ1HUUoWVVFDRBQDUxsXFEUUCUNaU1MMVA8KCg4AAlcMVwQABFcDUQRRUglVAwAHVA4HUhsdQFUVUlgaA1hBXVQc  (setup.exe)

1 / 68      (Malware)
http://safedownloadsrus131.com/download/.../1596?lpm_id=125  (setup.exe)

1 / 68      (Malware)
http://safedownloadsrus131.com/download/.../1602?lpm_id=125  (setup.exe)

1 / 68      (Malware)
http://safedownloadsrus131.com/download/.../1587?lpm_id=125  (setup.exe)

1 / 68      (Adware)
http://safedownloadsrus131.com/download/.../271?lpm_id=124  (setup.exe)

1 / 68      (Malware)
http://safedownloadsrus131.com/download/.../1775?lpm_id=124  (setup.exe)

1 / 68      (Adware)
http://safedownloadsrus131.com/.../xl?enc=ZDMzZjdiNjE0ZGJiNDNmOGI3ODEwZTIwZDRlZTJkOTUfEVREDUAPAwdXUFYCAAQAUwAMCAVcClRRV1YAVAcKBVQAAgMOVBQdFhIFQA4RUAxQVgkBBwRUAFQNUVBRUAFXVQcFUAdaAQJSV1oEAQFEFEBeSBMKRwMeVwZLUgNKCAxcER9EXxFCEw5GEQNSVgJXFVlUXlEBQUIRR1RWA0paWgkJC1YVThRUTBRAWAIAUw5aBQ0CBlALA1QAVlYBUBUXAFFURA0MQ11YSEAJUUpEAkAPDwgEVAUFUQNcBAZQDwwGCwpXBFEOVFABBwZWBAIPVRUUE1wVURJeFlRXB0YVFwdDEVwVQhQdFhEQDhYJRFAWQ0gLH0pRVAoaBwdRAFcESlBcCxgmRFhCARAkXV0CXRBoa1REEEIeHl0VRx5GSkcHEQlEVQBpUFdGTkBQXggaWBVLUFYAVl8TWgkKUwBKRxFAAlUGTFVeWUZOQERaExpYFRodEgtfEl4WR0kQB1RFRgkRRBtAW1VZRlhARlwIGk4VTFRCCBAKRhZJR1MHTRdeEQVUAVQFExhGDgBYEVwaQBsaUlhHCBJGGEcVUEYDF1ULC18FVQIDBVBRUAIFVgtVDhodEgNcEl4WFgBGEUkbAUtWRBtAVVxQF0BYFhFKGgFUGgsSKGsSSBYWChBeX1QIQFZKFQFVRkBGWFMYERRIQA0aCAYDAAVVAFJcVAIJAVICUF8ABwMDBgdbBFdQBAlWBggTHEdTQwBfR19cEVVZGQ  (setup.exe)

1 / 68      (Malware)
http://safedownloadsrus131.com/download/.../1781?lpm_id=122  (setup.exe)

1 / 68      (Malware)
http://safedownloadsrus131.com/download/.../1574?lpm_id=125  (setup.exe)

1 / 68      (Adware)
http://safedownloadsrus131.com/.../xl?enc=ZGM5NDE0Mzk2Njc2NDBhZTgxYzE1NjczOWM1MzYzZDIfQV4WCxZXW1cGAlRVUVIHCldXAwYDVgEOU1EFVQMCVgZWCQVUBREVFEBQFA4SBQRcUgcIVlMOA10GAQJQBwUAUVVaAAcFVl8DAw8CUgJDSRpYExMPFAUCDk0MBRgBVxxWQRUWWUdHGwwURFdSVQUKT18PXlRSREFMEAQABx0HXQlZAQQTGBFcTkYVDAIDVFMAAVQDAAUBAwFQAAIDBEgQAAFeFgtaRlVaGhVdUUlDXxoJVAgBBwAGDFQMUgIHUgsGWwAFAgcLXFJTUlJWBwVSDxNPE1lGVBEDQQQBAxFIEAcTGw4TFBEVFENFWhYKQw1MRRMLGhlUV1dNV1FVVwoDSgBWWR5wQVBAU0VwXV4FAEpuMFRBQ0cdQwpFERoRF0AHQQMWU1ZsWFUUGxRQXQ9HAhMQUFNTU1xODVlcV1cXQBEQCAcAGlBWWxQbFERZFEcCE0EdF1haEQNBFx8UUAlCRlkbFh0WXl1bFA0URl8PRxQTF1RHWxUJG0EZEVdQEBBeQQoDBw0EDBQaFVpWXENfGhNPE1ZeFQkbQRkRRlFGCEZQDwAHDQYKBAcPBwADU1EPCFADBBQbEV8NFwkUQAFGERMXUUlRERUUVVpSRxJbRxodQVJWFA0RaS8XHxRACxBeBVhYQlEfG1VVQEIWClBJGkMTEw8UAgYBWwdQBlVQVwFbDQwIUAoOBVQPBFZWVQZeUlICVAYVHxsCRlddEV5cEQ9VSQ  (setup.exe)

1 / 68      (Malware)
http://safedownloadsrus131.com/download/.../1608?lpm_id=125  (setup.exe)

1 / 68      (Malware)
http://safedownloadsrus131.com/download/.../1614?lpm_id=125  (setup.exe)

13 / 68    (PUP)
http://safedownloadsrus131.com/download/.../1771?lpm_id=127  (setup.exe)

13 / 68    (PUP)
http://safedownloadsrus131.com/download/.../1771?lpm_id=127  (setup.exe)

URL:
http://safedownloadsrus131.com/

Title:
“Download useful programs”

Description:
“All drivers useable for download have been scanned by antivirus program. Please take the relevant adaptation according to your computers operating system .”

SSL certificate subject:
CN=ssl93532.cloudflare.com, O="CloudFlare, Inc.", L=San Francisco, S=California, C=US

SSL certificate issuer:
CN=GlobalSign Organization Validation CA - G2, O=GlobalSign nv-sa, C=BE

Web server:
cloudflare-nginx

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.