home

safeserver-1.com

Corp New Ventures Services

Domain Information

The domain safeserver-1.com registered by Corp New Ventures Services was initially registered in December of 2015 through ENOM, INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in West Chester, Ohio within the United States which resides on the Level 3 Communications, Inc. network.
Registrar:
SLOW PUTT DOMAINS LLC

Server location:
Ohio, United States (US)

Create date:
Sunday, December 27, 2015

Expires date:
Tuesday, December 27, 2016

Updated date:
Sunday, January 3, 2016

ASN:
AS30152 BEYOND-HOSTING - Beyond Hosting, LLC,US

Whois:
6 safeserver-1.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.FileVerified.O, PUP.VerifiedSetup.O, PUP.Installer.FileVerified.U, PUP.FileVerified.O, PUP.InstallMetrix.FileVerified (M), PUP.InstallMetrix.FileVerified.Installer (M), PUP.InstallMetrix.VerifiedSetup (M), PUP.InstallMetrix.FileVeri (M), PUP.InstallMetrix.Verified (M), PUP.InstallMetrix.Verified.Installer (M), PUP.InstallMetrix.FileVeri.Installer (M)
100.00%

avast!
Win32:Adware-gen [Adw], Win32:Rootkit-gen [Rtk], Win32:Malware-gen
66.67%

Kaspersky
not-a-virus:AdWare.Win32.InstallMonster, not-a-virus:AdWare.Win32.InstallMetrix
66.67%

NANO AntiVirus
Riskware.Win32.InstallMonster.dgppyq, Riskware.Win32.InstallMonster.dhazif, Trojan.Win32.Domaiq.dmxcza
66.67%

VIPRE Antivirus
Threat.5063683, InstallMetrix, Threat.4150696
66.67%

F-Prot
W32/A-5b646058, W32/A-215008ab, W32/S-a86f5fbc
66.67%

Agnitum Outpost
PUA.InstallMetrix
66.67%

Avira AntiVirus
Adware/AgentCV.2066560.13, Adware/InstallMonster.deih.4, Adware/InstallMonster.deih.27, Adware/InstallMonster.deih.13, Adware/InstallMonster.deih.20
66.67%

AVG
Generic, Generic5.CHSX.dropper, Adware Generic5.CHSX.dropper, Generic6
66.67%

Zillya! Antivirus
Adware.InstallMonster.Win32.32, Adware.InstallMonster.Win32.42, Adware.InstallMetrix.Win32.7
63.89%

Vba32 AntiVirus
AdWare.InstallMonster
61.11%

IKARUS anti.virus
PUA.InstallMetrix
61.11%

K7 AntiVirus
Adware , Riskware
61.11%

Clam AntiVirus
Win.Adware.Installmonster-8, Win.Adware.Installmonster-9, Win.Adware.Installmetrix-4, Win.Adware.Installmonster-15
61.11%

Dr.Web
Trojan.Domaiq.7, Trojan.Amonetize.7, Trojan.Domaiq.16, Trojan.Domaiq.110
61.11%

The domain safeserver-1.com has been seen to resolve to the following 3 IP addresses.

204.11.56.48
January 3, 2016

8.5.1.38
October 20, 2015

8.36.40.211
8-36-40-211.bhsrv.net
October 20, 2014

File downloads found at URLs served by safeserver-1.com.

1 / 68      (Adware)
http://safeserver-1.com/download_final.php?cid=1305&file=FlashPlayerPro_Setup.exe&subid1=50flo&subid2=flashpro&subid3=advcm_flvw3&subid4=flashpro7&subid5=66830-026  (2a40b2b2408836efe7c743c48e9506bc)

31 / 68    (Adware)
http://safeserver-1.com/download_gate.php?cid=1463&file=Chrome_Updater.exe&subid1=50flo&subid2=soup&subid3=adctr_rtm_highvol&subid4=ebay&subid5=ublp3b__  (cf9fe41bcde24ce5a74fff99292c069a)

1 / 68      (Adware)
http://safeserver-1.com/download_gate.php?cid=1305&file=FlashPlayerPro_Setup.exe&subid1=50flo&subid2=flashpro&subid3=advcm_flvw3&subid4=flashpro3&subid5=66830-026  (07b99eea039569958506ad3ee39a51ae)

1 / 68      (Adware)
http://safeserver-1.com/download_gate.php?cid=1463&file=Chrome_Updater.exe&subid1=50flo&subid2=soup&subid3=adctr_rtm_highvol&subid4=netflix&subid5=ublp3b__  (8ed05fd123e4affc41db7a3e871934d4)

1 / 68      (Adware)
http://safeserver-1.com/download_gate.php?cid=1305&file=FlashPlayerPro_Setup.exe&subid1=50flo&subid2=flashpro&subid3=advcm_flashwhite&subid4=flashpro4_fpu&subid5=64485-026  (45c2b87b64a52402d4a7aecf65c7a448)

1 / 68      (Adware)
http://safeserver-1.com/download_gate.php?cid=1463&file=Chrome_Updater.exe&subid1=50flo&subid2=newbrowser_ch&subid3=li_jojo_moviestvstreaming1&subid4=ublp1ok&subid5=directv.c  (ae35ead45e81576de7fb030792ad0019)

1 / 68      (Adware)
http://safeserver-1.com/download_gate.php?cid=1305&file=FlashPlayerPro_Setup.exe&subid1=50flo&subid2=flashpro&subid3=advcm_flashwhite&subid4=flashpro4_fpo&subid5=64485-026  (a55e12df7704fb820c3bc6ea3867634b)

1 / 68      (Adware)
http://safeserver-1.com/download_gate.php?cid=1363&file=Chrome_Updater.exe&subid1=50flo&subid2=soup&subid3=adctr_rtm&subid4=fb&subid5=ublp3_NoAdIds_NoKWs  (eddac2650ac5266e8da1bb5c2d00e0a3)

1 / 68      (Adware)
http://safeserver-1.com/download_final.php?cid=1461&file=InternetExplorer_Updater.exe&subid1=50flo&subid2=soup&subid3=adctr_rtm_highvol&subid4=netflix&subid5=ublp3b__  (7e8c89dbc0dc82bb334016fa150cbfa1)

1 / 68      (Adware)
http://safeserver-1.com/download_gate.php?cid=1363&file=Chrome_Updater.exe&subid1=50flo&subid2=newbrowser_ch&subid3=advcm_browwhite&subid4=ublp2uns_obw&subid5=66385-9700_1050_us  (1208b2b9c6f988e79a2c6c50084b07e4)

1 / 68      (Adware)
http://safeserver-1.com/download_gate.php?cid=1247&file=Windows_7_Update.exe&subid1=50flo&subid2=winupdate&subid3=advcm_winupwhite&subid4=winup6&subid5=64485-025  (31c0490abeee77719a7c403701db01ce)

32 / 68    (Adware)
http://safeserver-1.com/download_gate.php?cid=1305&file=FlashPlayerPro_Setup.exe&subid1=50flo&subid2=flashpro&subid3=advcm_flvw3&subid4=flashpro6&subid5=61404-99bf3106-c83d-40ba-8f09-34f68d7dce83  (39d8e49386a229c29ec4f17f76977cd2)

31 / 68    (Adware)
http://safeserver-1.com/download_gate.php?cid=1463&file=Chrome_Updater.exe&subid1=50flo&subid2=RRJ14_newbrowser_ch&subid3=adctr_rtm_social&subid4=us_fb&subid5=ubaddch  (e9eb8d4ff04fdef0c1361c820beaf32a)

31 / 68    (Adware)
http://safeserver-1.com/download_gate.php?cid=1463&file=Chrome_Updater.exe&subid1=50flo&subid2=newbrowser_ch&subid3=adctr_rtm_social_intl&subid4=ca_fb&subid5=uboldins  (dfd75e464c60628dc3c22fbd286e69c6)

31 / 68    (Adware)
http://safeserver-1.com/download_gate.php?cid=1363&file=Chrome_Updater.exe&subid1=50flo&subid2=soup&subid3=adctr_rtm_highvol&subid4=ebay&subid5=ublp3__  (3b1411390c32a12085995f30dd86a315)

31 / 68    (Adware)
http://safeserver-1.com/download_gate.php?cid=1463&file=Chrome_Updater.exe&subid1=50flo&subid2=RRJ14_newbrowser_ch&subid3=adctr_rtm_highvol&subid4=ebay&subid5=ubaddch  (916edb411364df2ebfea64986fdafe2b)

31 / 68    (Adware)
http://safeserver-1.com/download_gate.php?cid=1463&file=Chrome_Updater.exe&subid1=50flo&subid2=soup&subid3=adctr_rtm_highvol&subid4=netflix&subid5=ubaddchins  (ba33ccb97b00c4e47af2775155305d78)

31 / 68    (Adware)
http://safeserver-1.com/download_gate.php?cid=1463&file=Chrome_Updater.exe&subid1=50flo&subid2=soup&subid3=adctr_rtm_highvol&subid4=ebay&subid5=ubaddchins_nov6test  (368cc778de0b46d043480497dd735547)

31 / 68    (Adware)
http://safeserver-1.com/download_gate.php?cid=1563&file=Chrome_Updater.exe&subid1=50flo&subid2=soup&subid3=adctr_rtm_highvol&subid4=ebay&subid5=ubcornins_nov6test  (a97097c204f00fdf291d37958ee67724)

28 / 68    (Adware)
http://safeserver-1.com/download_gate.php?cid=1363&file=Chrome_Updater.exe&subid1=50flo&subid2=soup&subid3=actr_jcl&subid4=horoscope&subid5=ublp6_Google Chrome_NoAdIds_NoKWs  (d3b04cc5c247e0e9bb0a80a55557fc77)

31 / 68    (Adware)
http://safeserver-1.com/download_gate.php?cid=1463&file=Chrome_Updater.exe&subid1=50flo&subid2=soup&subid3=adctr_rtm_social&subid4=us_pin&subid5=ubaddchstay  (d17ab6be1c29e674a844357cb12df2f9)

1 / 68      (Adware)
http://safeserver-1.com/download_gate.php?cid=1219&file=WindowsMediaPlayer_Setup.exe&subid1=50flo&subid2=softwaredownloads&subid3=adctr_anba&subid4=windowsmediaplayer&subid5=lp5_NoAdIds_NoKWs  (bde29db9558e30a984ccfaf27a6af42a)

26 / 68    (Adware)
http://safeserver-1.com/download_gate.php?cid=1463&file=Chrome_Updater.exe&subid1=50flo&subid2=soup&subid3=adctr_rtm_social&subid4=us_fb&subid5=ublp3cplstay_ace_facebook log  (6d86201b8d6ba88450ca90832a209b7a)

18 / 68    (Adware)
http://safeserver-1.com/download_gate.php?cid=1463&file=Chrome_Updater.exe&subid1=50flo&subid2=soup&subid3=adctr_rtm_social&subid4=us_twi&subid5=ublp3_sign_twitter logos  (fbdd117f59631426072193cf793cbdb3)

12 / 68    (Adware)
http://safeserver-1.com/download_gate.php?cid=1305&file=FlashPlayerPro_Setup.exe&subid1=50flo&subid2=flashpro&subid3=advcm_flashwhite2&subid4=flashpro3_fpu&subid5=61404-99fdcabe-306f-4ecc-9ff4-eca451a9e0fb  (303748aff843c995afea37588e721831)

15 / 68    (Adware)
http://safeserver-1.com/download_gate.php?cid=1363&file=Chrome_Updater.exe&subid1=50flo&subid2=soup&subid3=adctr_rtm_highvol&subid4=ebay&subid5=ublp3_NoAdIds_NoKWs  (1a972bce4ae5a1cb2503bed543489533)

13 / 68    (Adware)
http://safeserver-1.com/download_gate.php?cid=1232&file=uTorrent_Setup.exe&subid1=50flo&subid2=softwaredownloads&subid3=adctr_anba&subid4=utorrent&subid5=23413_lp3&&=hzy5r=&=u4yjvirso05zukc3c3omcnjcmtdv4b1srtc99v0bq3i6zgvck0fgc2cprq66xjwdtd19fp4om4w47usauvj0260kzschfo6efw1i5ezy1p0a1tpb9r6v3g8ft10zxvc8de2rpeu3ctc106sdrceaywcm95qfjj7kb6seurzeyh8nna6aqe7wgas904ntrymbgt8fma7zq81kq18if0nvj382dksymf96gy72harq1ko3lw3532mh7hx0ijeg8ynytnfzdw1wjwn47unxymqmefa7ntm0gzlx8bd51or9hkqww78u0nhbtjlkfas66b8b6y7r8vn5zdhp4f7i6fwjl2ws9uyne3psvwug085ejti6312nitgav10eee5rcw5wgpg5tsbrq0bycbocmwxzrl3wor6kz3gpvt376knwi8zxp9wgvc911xw0fkszlo635yul5bkcelyw2apvm0diw8avy6pfa607yyncrkdsqp9hzlf8i4qj  (cbc23f14a9d53ad6020a38d2dcfd4958)

The following 2 files have been seen to comunicate with safeserver-1.com in live environments.

TCP » 204.11.56.48:80
chrome.crx

TCP » 204.11.56.48:80
chrome.crx

URL:
http://safeserver-1.com/

Web server:
Apache

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.