home

wt.applefutures.com

Whois Privacy Protection Service, Inc.  (Proxy Registrant)

Domain Information

The domain wt.applefutures.com is registered by proxy through NAME.COM, INC. and was originally registered in December of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Atlanta, Georgia within the United States which resides on the Google Inc. network.
Registrar:
NAME.COM, INC.

Server location:
Georgia, United States (US)

Create date:
Sunday, December 7, 2014

Expires date:
Monday, December 7, 2015

Updated date:
Sunday, December 7, 2014

ASN:
AS15169 GOOGLE - Google Inc.,US

Root domain:
applefutures.com

Whois:
1 applefutures.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.PluginUpdateSL.F, PUP.YumonSystem.Installer (M), PUP.Softpulse.YumonSystem.Bundler (M), PUP.Softpulse.PluginUpdate.Bundler (M), PUP.Softpulse.PluginUp.Bundler (M), PUP.Softpulse.YumonSys.Bundler (M)
100.00%

AVG
Found Win32/DH{gRIxfX5QgQd5VE8VUYEVgQkcU4ETQYEP}
33.33%

Dr.Web
Adware.SoftPules.3, Adware.SoftPules.3, Trojan.Domaiq.24
33.33%

ESET NOD32
Win32/SoftPulse.R potentially unwanted application, Win32/SoftPulse.S potentially unwanted application
33.33%

Avira AntiVirus
TR/Dropper.Gen, PUA/SoftPulse.oans
33.33%

VIPRE Antivirus
Threat.4783235, Threat.4150696
33.33%

Kaspersky
not-a-virus:AdWare.Win32.SoftPulse, Trojan.Win32.Inject
33.33%

F-Prot
W32/A-3f31f6a7, W32/S-f85cfebf
33.33%

Comodo Security
Application.Win32.SoftPulse.D
33.33%

Sophos
PUA 'SoftPulse' (of type Adware)
33.33%

G Data
Win32.Application.SoftPulse, Gen:Variant.Application.Bundler.SoftPulse
33.33%

AhnLab V3 Security
Win-PUP/SoftPulse, PUP/Win32.SoftPulse
33.33%

McAfee
Program.SoftPulse
33.33%

Vba32 AntiVirus
Signed-Adware.Softpulse, Trojan.Buzus
33.33%

avast!
Win32:SoftPulse-BE [PUP]
33.33%

The domain wt.applefutures.com has been seen to resolve to the following 10 IP addresses.

74.125.228.241
iad23s24-in-f17.1e100.net
June 30, 2015

74.125.228.240
iad23s24-in-f16.1e100.net
June 30, 2015

74.125.228.244
iad23s24-in-f20.1e100.net
June 30, 2015

74.125.228.243
iad23s24-in-f19.1e100.net
June 30, 2015

74.125.228.242
iad23s24-in-f18.1e100.net
June 30, 2015

173.194.46.84
ord08s11-in-f20.1e100.net
January 2, 2015

173.194.46.83
ord08s11-in-f19.1e100.net
January 2, 2015

173.194.46.82
ord08s11-in-f18.1e100.net
January 2, 2015

173.194.46.81
ord08s11-in-f17.1e100.net
January 2, 2015

173.194.46.80
ord08s11-in-f16.1e100.net
January 2, 2015

File downloads found at URLs served by wt.applefutures.com.

1 / 68      (Adware)
http://wt.applefutures.com/down/flash/.../down.php?sid=471&dv1=ad464-it&kw1=ad464-it-lm&uuid=3c08ca63-37d6-4796-7062-1f9abe863243&dv3=3c08ca63-37d6-4796-7062-1f9abe863243  (setup.exe)

1 / 68      (Adware)
http://wt.applefutures.com/down/flash/.../down.php?sid=1122&dv1=ad1120-ca&kw1=ad1120-ca-qyc&uuid=09911bf9-582b-494e-7b9e-f3be7a1a03d9&dv3=09911bf9-582b-494e-7b9e-f3be7a1a03d9  (setup.exe)

1 / 68      (Adware)
http://wt.applefutures.com/down/flash/.../down.php?sid=1076&dv1=ad1074-de&kw1=ad1074-de&uuid=e1ad1a14-bc08-42fd-683d-a3f032cf7188&dv3=e1ad1a14-bc08-42fd-683d-a3f032cf7188  (setup.exe)

1 / 68      (Adware)
http://wt.applefutures.com/down/flash/.../down.php?sid=1122&dv1=ad1120-ca&kw1=ad1120-ca-qyc&uuid=02115965-b940-43a6-7637-3bb41f75d8c7&dv3=02115965-b940-43a6-7637-3bb41f75d8c7  (setup.exe)

32 / 68    (Adware)
http://wt.applefutures.com/down/flash/.../down.php?sid=300&dv1=ad294-gb&kw1=ad294-gb-qyc&uuid=9ef316e6-3f42-41fb-46ad-95e508cb14ab&dv3=9ef316e6-3f42-41fb-46ad-95e508cb14ab  (setup.exe)

35 / 68    (Adware)
http://wt.applefutures.com/down/flash/.../down.php?sid=1121&dv1=ad1119-ca&kw1=ad1119-ca&uuid=6ba9057b-3787-426f-5c28-3d2425cca82e&dv3=6ba9057b-3787-426f-5c28-3d2425cca82e  (setup.exe)

1 / 68      (Adware)
http://wt.applefutures.com/down/flash/.../down.php?sid=732&dv1=ad725-gb&kw1=ad725-gb-qyc&uuid=ea4d0ae0-761a-424b-7745-7ba1e5f95b43&dv3=ea4d0ae0-761a-424b-7745-7ba1e5f95b43  (setup.exe)

1 / 68      (Adware)
http://wt.applefutures.com/down/flash/.../down.php?sid=732&dv1=ad725-gb&kw1=ad725-gb-qyc&uuid=ea4d0ae0-761a-424b-7745-7ba1e5f95b43&dv3=ea4d0ae0-761a-424b-7745-7ba1e5f95b43  (setup.exe)

30 / 68    (Adware)
http://wt.applefutures.com/down/flash/.../down.php?sid=300&dv1=ad294-gb&kw1=ad294-gb-qyc&uuid=8c3ac360-4432-4223-6bf3-ddbaf42384a6&dv3=8c3ac360-4432-4223-6bf3-ddbaf42384a6  (setup.exe)

The following 20 files have been seen to comunicate with wt.applefutures.com in live environments.

TCP » 173.194.46.80:80
adawarebp.exe (Anti-phishing Domain Advisor by Lavasoft)

TCP » 173.194.46.80:80
Glo.exe (Glo by Immersion Digital)

TCP » 173.194.46.80:443
client.exe

TCP » 173.194.46.80:80
panda_url_filtering.exe (Anti-phishing Domain Advisor (Powered by Panda Security) by Visicom Media)

TCP » 173.194.46.81:80
hitleap-viewer-browser.exe

TCP » 173.194.46.81:443
AVKProxy.exe (G Data Security Software by G Data Software AG)

TCP » 173.194.46.81:80
Toaster.exe (Dell Backup And Recovery by SoftThinks - Dell)

TCP » 173.194.46.81:443
ContentExplorer.exe (ContentExplorer)

TCP » 173.194.46.81:80
AdjustService.exe (AdjustService)

TCP » 173.194.46.82:443
myosprotect.exe (MyOSProtect.exe by MyOSCompany)

TCP » 173.194.46.82:443
ContentExplorer.exe (ContentExplorer)

TCP » 173.194.46.82:443
pokki.exe (Pokki)

TCP » 173.194.46.83:80
AdjustService.exe (AdjustService)

TCP » 173.194.46.83:443
Client.exe

TCP » 173.194.46.83:443
new_chrome.exe (Google Chrome by Google)

TCP » 173.194.46.83:80
client.exe

TCP » 74.125.228.240:443
GVNotifier.net.exe (GVNotifier by Dave Amenta Software)

TCP » 74.125.228.241:443
Client.exe

TCP » 74.125.228.241:443
Explore.exe (Chromium by The Chromium Authors)

TCP » 74.125.228.243:443
geplugin.exe (Google Earth by Google)

 
Latest 20 of 22 files

URL:
http://wt.applefutures.com/

Title:
“Google”

Description:
“Search the world's information, including webpages, images, videos and more. Google has many special features to help you find exactly what you're looking for.”

Web server:
gws

google-analytics.com

googleapis.com

blogger.com

google.com

googlecode.com

googlegroups.com

googlevideo.com

softwinupdate.com

wkwindowsflash.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.