www.2ndrequest.me

WhoisGuard, Inc.  (Proxy Registrant)

Domain Information

The domain www.2ndrequest.me is registered by proxy through eNom Inc R32-ME (48) and was originally registered in September of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Reykjavik, Hofuoborgarsvaoio within IS which resides on the RIPE Network Coordination Centre network.
Registrar:
eNom Inc R32-ME (48)

Server location:
Hofuoborgarsvaoio, IS (IS)

Create date:
Tuesday, September 2, 2014

Expires date:
Friday, September 2, 2016

Updated date:
Saturday, January 30, 2016

ASN:
AS50613 THORDC-AS THOR Data Center ehf,IS

Root domain:

Scanner detections:
Detections  (88% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Resoft.MYPOPSHOP, PUP.LiMo.J, PUP.CNBTECHNOLOGIES.I, PUP.BRSOFTWARE.I, PUP.SearchVortex.J, PUP.SquareNet, PUP.Installer.CLARALABSOFTWARE.J, PUP.BRSOFTWARE.J, PUP.MaLin.S, PUP.Yontoo.SearchVortex.Installer (M), PUP.Midia Technologies.MIDIATECHNOLOGIES.Bundler (M), PUP.Midia Technologies.MIDIATEC.Bundler (M)
69.70%

Baidu Antivirus
Adware.Win32.DealPly, PUA.Win32.Reporter, Adware.Win32.Amonetize, Adware.Win32.Linkular, Adware.Win32.SquareNet, PUA.Win32.LiMo
51.52%

G Data
Win32.Adware.Adpeak, Win32.Trojan.Agent.0E9JMY, NSIS.Application.BrowseFox, Trojan.GenericKD.1926600, Win32.Application.Elex
48.48%

Trend Micro House Call
Suspicious_GEN.F47V0611, ADW_LINKURY, Suspicious_GEN.F47V0820, Suspici.12797D5E, Suspicious_GEN.F47V0905, Suspici.B9464E66, Suspicious_GEN.F47V1201
27.27%

Dr.Web
Adware.Linkury.10, Adware.Mutabaha.70, Threat.Undefined, infected with Trojan.BPlug.181, Adware.Mutabaha.80, Adware.Mutabaha.84
27.27%

McAfee
Artemis!6F67E1B655F1, Artemis!68E4FBAA32C6, RDN/Generic.dx!df3, RDN/Generic PUP.x!c2x, Artemis!1921C73BEE27, Artemis!A5496B7F8124
27.27%

ESET NOD32
MSIL/Toolbar.Linkury (variant), Win32/Amonetize.BH (variant), Win32/Amonetize.BQ (variant), Win32/LiMo (variant)
24.24%

Malwarebytes
PUP.Optional.SearchHijacker.A, PUP.Optional.Babylon, PUP.Optional.BPlug, PUP.Optional.Clara.A, PUP.Optional.LiMo, PUP.Optional.Bundle
24.24%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4150696
21.21%

AhnLab V3 Security
PUP/Win32.Pennybee, PUP/Win32.Downloader, PUP/Win32.SearchHijacker, PUP/Win32.BrowseFox, Trojan/Win32.Gen
21.21%

avast!
Win32:Dropper-gen [Drp], Win.Threat.Undefined, Win32:Amonetize-FS [PUP], GenMalicious-EMP [Trj]
21.21%

NANO AntiVirus
Riskware.Win32.Linkury.dcvwxz, Trojan.Win32.Reporter.deiohq, Trojan.Win32.Triosir.dgibtv, Trojan.Win32.BPlug.dfsehz, Riskware.Win32.Mutabaha.djrxwq
18.18%

Agnitum Outpost
PUA.Toolbar.Linkury, PUA.Mutabaha, Riskware.Agent, PUA.Amonetize
18.18%

AVG
Generic5
18.18%

Qihoo 360 Security
Trojan.Generic, Malware.QVM06.Gen, HEUR/QVM42.0.Malware.Gen, HEUR/QVM10.1.Malware.Gen
18.18%

The domain www.2ndrequest.me has been seen to resolve to the following IP address.

February 4, 2016

File downloads found at URLs served by www.2ndrequest.me.

2 / 68      (Adware)

1 / 68      (Adware)
http://www.2ndrequest.me/.../310714_hp.exe  (4711d22e685d78e69282f92393c15faa)

2 / 68      (inconclusive)

3 / 68      (PUP)
http://www.2ndrequest.me/.../310714_bb.exe  (857dde7fd4921f5fc24bd8c395d0426a)

6 / 68      (Adware)
http://www.2ndrequest.me/.../310714_br.exe  (e7bf2d4c8aff85834f7b65c0f4b58249)

4 / 68      (Adware)

12 / 68    (PUP)
http://www.2ndrequest.me/.../310714_vp.exe  (addonsptus-543f65b9ce255.exe)

1 / 68
http://www.2ndrequest.me/.../310714_tw.exe  (addoncnmus-54474eea05fdb.exe)

3 / 68      (PUP)
http://www.2ndrequest.me/.../310714_ss.exe  (aa04ffa63ae8b7e3002cb7ed3ab1772e)

26 / 68    (Adware)
http://www.2ndrequest.me/.../310714_a7.exe  (wwaywqrhscskyy6_a7.exe)

2 / 68      (PUP)
http://www.2ndrequest.me/.../310714_pc.exe  (addoncnmus-5414372c54065.exe)

6 / 68      (Adware)

4 / 68      (Adware)
http://www.2ndrequest.me/.../310714_nj.exe  (3d50436018a35253d0ce788189f9ba45)

3 / 68      (Adware)
http://www.2ndrequest.me/.../310714_l.exe  (35c69c40b53c1a6d8475ce2b0085abac)

21 / 68    (Adware)
http://www.2ndrequest.me/.../240714_t3.exe  (f1c97746e73cb5db531f0de9096fdcbb)

8 / 68      (Adware)
http://www.2ndrequest.me/.../310714_a6.exe  (33726375be3339402d859c22d36221ac)

22 / 68    (Adware)

16 / 68    (PUP)
http://www.2ndrequest.me/.../310714_am.exe  (46474f658bcd0675b6902f4f7c68e8f2)

4 / 68      (PUP)

URL:
http://www.2ndrequest.me/

Title:
“Em manutencao”

Web server:
nginx/1.0.15 (PHP/5.6.13)

30 of 43 related domains