home

www.bufiyataolmaz.com

Domain Information

Server location:
Nicosia, CY (CY)

ASN:
AS51557 TR-FBS FBS BILISIM COZUMLERI TIC LTD STI.,TR

Root domain:
bufiyataolmaz.com

Scanner detections:
Malware distribution  (67% detected)

Scan engine
Details
Detections

MicroWorld eScan
Trojan.Generic.9531917, Trojan.Generic.8551052
100.00%

nProtect
Trojan.Generic.9531917, Trojan.Generic.8551052
100.00%

McAfee
Artemis!7E48DCBCDB74, Artemis!448E7AD78EBE
100.00%

K7 AntiVirus
Riskware
100.00%

Norman
Suspicious_Gen4.ESCUP, Suspicious_Gen4.BXKXO
100.00%

Trend Micro House Call
TROJ_GEN.R00GC0DK313, TROJ_GEN.RCBB1AI
100.00%

avast!
Win32:Malware-gen, Win32:Dropper-gen [Drp]
100.00%

Bitdefender
Trojan.Generic.9531917, Trojan.Generic.8551052
100.00%

Emsisoft Anti-Malware
Trojan.Generic.9531917, BrowserModifier.Win32.Sebutag.AMN
100.00%

Comodo Security
UnclassifiedMalware, TrojWare.Win32.Agent.~fry
100.00%

F-Secure
Trojan.Generic.9531917, Trojan.Generic.8551052
100.00%

VIPRE Antivirus
Trojan.Win32.Generic
100.00%

Avira AntiVirus
TR/Agent.395776.82, TR/BHO.Sebutag
100.00%

Microsoft Security Essentials
TrojanClicker:MSIL/Reksed.A, BrowserModifier:Win32/Sebutag
100.00%

G Data
Trojan.Generic.9531917, Trojan.Generic.8551052
100.00%

The domain www.bufiyataolmaz.com has been seen to resolve to the following IP address.

93.89.226.17
93-89-226-17.fbs.com.tr
July 8, 2016

File downloads found at URLs served by www.bufiyataolmaz.com.

17 / 68    (Malware)
https://www.bufiyataolmaz.com/.../VideoPlayer.exe  (448e7ad78ebebc053c2ac7ad7794f6e1)

26 / 68    (Malware)
https://www.bufiyataolmaz.com/.../FiLMi-iZLE.exe  (7e48dcbcdb743959d9b3f1d54e0fd52e)

0 / 68
https://www.bufiyataolmaz.com/.../FiLMi-iZLE.exe  (c6ec07cfbc7248916c1f43bb549f45f2)

The following 42 files have been seen to comunicate with www.bufiyataolmaz.com in live environments.

TCP » 93.89.226.17:80
ContentFinder.exe (ContentFinder by ContentFinder Software)

TCP » 93.89.226.17:80
ContentSinder.exe (ContentSinder by ContentSinder Company)

TCP » 93.89.226.17:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 93.89.226.17:80
uran.exe (Uran by uCoz Media and Chromium Authors)

TCP » 93.89.226.17:80
ContentFinder.exe (ContentFinder by ContentFinder Company)

TCP » 93.89.226.17:80
genupdater.exe

TCP » 93.89.226.17:80
adobe online.com

TCP » 93.89.226.17:80
mobogeniehelper.exe

TCP » 93.89.226.17:80
ContentFinder.exe (ContentFinder by DigitalSoftware Group)

TCP » 93.89.226.17:80
rocketdock.exe

TCP » 93.89.226.17:80
pbiiuvda.exe

TCP » 93.89.226.17:80
winrar4.exe (AsiM0us3 by Asiturk)

TCP » 93.89.226.17:80
windefender.exe (Defend Center)

TCP » 93.89.226.17:80
updates.exe

TCP » 93.89.226.17:80
USBGuard.EXE (USBGuard Application by Zbshareware Lab)

TCP » 93.89.226.17:80
msiql.exe

TCP » 93.89.226.17:80
adobe online.com

TCP » 93.89.226.17:80
DrvUpdater.exe (DRP Su Updater)

TCP » 93.89.226.17:80
service.exe

TCP » 93.89.226.17:80
service.exe

 
Latest 20 of 42 files

hotvideo.website

sxe-anticheat.org

tuxcswjc.website

videooizleyin.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.