home

wiseconvert.com

Name Management Group

Domain Information

The domain wiseconvert.com registered by Name Management Group was initially registered in January of 2012 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Chicago, Illinois within the United States which resides on the GigeNET network.
Registrar:
GODADDY.COM, LLC

Server location:
Illinois, United States (US)

Create date:
Saturday, January 28, 2012

Expires date:
Saturday, January 28, 2017

Updated date:
Wednesday, March 30, 2016

Whois:
3 wiseconvert.com records

Scanner detections:
Detections  (96% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Conduit.O, PUP.Installer.ClientConnect.F, PUP.4327.Conduit.O, PUP.4605.Conduit.O, PUP.Conduit.Installer, PUP.Conduit.49019.Bundler, PUP.Conduit.Bundler (M), PUP.Perion.Bundler.Conduit.Installer (M), PUP.Perion.Bundler.Conduit (M), Win32.Generic, PUP.Perion.Bundler (M)
100.00%

Dr.Web
Adware.Conduit.3, Adware.Conduit.87, Adware.BGuard.15, Threat.Undefined, Adware.Conduit.6, Adware.InstallCore.101, Adware.InstallCore.122
20.83%

VIPRE Antivirus
Threat.4786236, Conduit
18.75%

Malwarebytes
PUP.Optional.Conduit.A, PUP.Optional.ClientConnect
14.58%

Trend Micro House Call
TROJ_GEN.F47V0522, TROJ_GEN.F47V0529, Suspicious_GEN.F47V0624, Suspicious_GEN.F47V0722, TROJ_GEN.F47V1103, TROJ_GEN.F47V0910
12.50%

avast!
Win32:Adware-BRM [PUP], Win32:Adware-gen [Adw], Win32:Installer-I [PUP]
12.50%

AVG
Generic, Potentially harmful program Toolbar.Conduit
12.50%

McAfee
Artemis!1BC6B9E64145, Artemis!63AD372E1DDC, Artemis!C5BB48AE8A2E, Artemis!D2E5A7B3F531, Artemis!03AB4BA7799B
10.42%

Baidu Antivirus
Adware.Win32.Conduit, Trojan.Win32.ClientConnect
10.42%

Fortinet FortiGate
Riskware/Toolbar_Conduit, Riskware/ClientConnect
10.42%

ESET NOD32
Win32/Toolbar.Conduit.AE, Win32/ClientConnect (variant), Win32/OpenCandy
10.42%

ESET NOD32
Win32/Toolbar.Conduit.M potentially unwanted application, Win32/Toolbar.Conduit.AJ potentially unwanted application, Win32/InstallCore.BL potentially unwanted application
8.33%

NANO AntiVirus
Riskware.Win32.Conduit.czvfwi, Riskware.Win32.BGuard.csnycu, Trojan.Win32.ClientConnect.deinfe
6.25%

F-Prot
W32/InstallCore.R.gen
6.25%

Panda Antivirus
PUP/Conduit.A
4.17%

The domain wiseconvert.com has been seen to resolve to the following 5 IP addresses.

69.39.236.56
ip-69.39.236.56.hosted.by.gigenet.com
June 2, 2016

172.99.89.194
April 4, 2016

69.170.135.92
March 30, 2016

50.63.202.52
ip-50-63-202-52.ip.secureserver.net
February 8, 2016

184.173.251.169
184.173.251.169-static.reverse.softlayer.com
December 27, 2013

File downloads found at URLs served by wiseconvert.com.

3 / 68      (PUP)
http://wiseconvert.com/.../download_fr.php  (setup.exe)

1 / 68      (Adware)
http://wiseconvert.com/.../download_ab2.php  (wiseconvert_tsv51eozv.exe)

1 / 68      (PUP)
http://wiseconvert.com/.../download_es.php  (wiseconvert_1.2.exe)

11 / 68    (PUP)
http://wiseconvert.com/.../download.php  (wiseconvert_b2.exe)

5 / 68      (PUP)
http://wiseconvert.com/.../downloadme.php  (451249d5d60830604ccf1c3c11a1e1c0684d8dc95c4b57f11d196a6536be3403)

1 / 68      (PUP)
http://wiseconvert.com/.../download_pt.php  (wiseconvert_1.1.exe)

The following 418 files have been seen to comunicate with wiseconvert.com in live environments.

TCP » 69.39.236.56:80
globalupdate.exe (globalUpdate Update by globalUpdate)

TCP » 69.39.236.56:8888
popdeals.exe (Today)

TCP » 69.39.236.56:80
9fe7cfbf-5cc9-4391-a512-8a764fd807c3-1-7.exe (CinemaPlus-3.2cV20.05 by Cinema PlusV20.05)

TCP » 50.63.202.52:80
googleupdate.exe13d7b73 (globalUpdate Update by globalUpdate)

TCP » 69.39.236.56:80
9fe7cfbf-5cc9-4391-a512-8a764fd807c3-5.exe (CinemaPlus-3.2cV20.05 by Cinema PlusV20.05)

TCP » 69.39.236.56:80
1573.exe (SavePass 1.1 by OB)

TCP » 69.39.236.56:80
9fe7cfbf-5cc9-4391-a512-8a764fd807c3-3.exe (CinemaPlus-3.2cV20.05 by Cinema PlusV20.05)

TCP » 69.39.236.56:80
6054.exe (SavePass 1.1 by OB)

TCP » 69.39.236.56:80
5dfde4f5-80af-4a98-8da4-e95b948f183d-10.exe (Ge-Force by Webar)

TCP » 69.39.236.56:80
a4bc936c-5e01-43ed-9315-bef9a4ae2675-10.exe (SavePass 1.1 by OB)

TCP » 69.39.236.56:80
pricehorse.exe (by Pay By Ads)

TCP » 69.39.236.56:80
tbhcn.exe (tcbhn by Blabbers Communications)

TCP » 69.39.236.56:80
d488e0ef-38ce-4f88-bb4a-7a53ee6d0463-1-7.exe (CinemaPlus-4.5vV22.05 by Cinema PlusV22.05)

TCP » 69.39.236.56:80
dailybee.exe

TCP » 69.39.236.56:80
024a6571-2a4e-4467-b299-604f4b85d0bf-7.exe (CinemaPlus-4.5vV23.05 by Cinema PlusV23.05)

TCP » 69.39.236.56:80
avast.exe

TCP » 69.39.236.56:80
shopwit.exe (by Pay By Ads)

TCP » 69.39.236.56:80
72adc4fb-6293-4a4b-a6cc-4fa0a475afe3-1-7.exe (CinemaPlus-3.2cV21.05 by Cinema PlusV21.05)

TCP » 69.39.236.56:80
f77056a6-54df-48d7-b91d-842cbb1c6277-1-7.exe (Cinem Plus 2.4cV25.05 by Cinema Plus ProV25.05)

TCP » 50.63.202.52:80
efcb551d-a7ca-448b-ab7b-184691bde092-6.exe (videos MediaPlay-Air by enter)

 
Latest 20 of 432 files

September 4, 2014
tools.wiseconvert.com

April 4, 2016
www.wiseconvert.com

URL:
http://wiseconvert.com/

Title:
“wiseconvert.com”

Web server:
Apache

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.