home

www.cleandeliveryhead.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
cleandeliveryhead.com

Scanner detections:
Detections  (89% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.InstallCore.Installer.Installer (M), PUP.installCore (M)
88.89%

Microsoft Security Essentials
Worm:Win32/NeksMiner.A
11.11%

F-Secure
Application:W32/Generic.70053c248f!Online
11.11%

The domain www.cleandeliveryhead.com has been seen to resolve to the following 11 IP addresses.

52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
May 18, 2016

52.25.41.73
ec2-52-25-41-73.us-west-2.compute.amazonaws.com
May 18, 2016

54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
April 19, 2016

54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
April 19, 2016

52.26.95.11
ec2-52-26-95-11.us-west-2.compute.amazonaws.com
April 19, 2016

52.34.170.106
ec2-52-34-170-106.us-west-2.compute.amazonaws.com
April 4, 2016

52.25.23.136
ec2-52-25-23-136.us-west-2.compute.amazonaws.com
April 4, 2016

54.191.37.5
ec2-54-191-37-5.us-west-2.compute.amazonaws.com
April 4, 2016

54.69.11.66
ec2-54-69-11-66.us-west-2.compute.amazonaws.com
April 4, 2016

52.88.159.85
ec2-52-88-159-85.us-west-2.compute.amazonaws.com
April 4, 2016

52.35.10.15
ec2-52-35-10-15.us-west-2.compute.amazonaws.com
April 4, 2016

File downloads found at URLs served by www.cleandeliveryhead.com.

1 / 68      (PUP)
http://www.cleandeliveryhead.com/c?x=3RBJsoSdxmPEsVKVTtUAy5JuYGGbh/3KcxtVv3AQkzo=&c=U 7uR2B d2dEs1H8QEcOVWdkSDh0cu5cPfGeUB/zF3jQr1altwjNi2AOZwTrEC7HXHmwn29tftFfhmRFPL4J1Ke5DaeXeo1Cl3t/wG2f9jn2j 3XZm7KzlCrmRH1aCoC&fallback_url=http://www.rarlab.com/.../wrar531pl.exe&downloadAs=WinRAR-12398-dp.exe  (ae312697d0f0366a40c5974524da3088)

1 / 68      (Adware)
http://www.cleandeliveryhead.com/c?x=Zu4b81qU5pMGSLBQ9SwErD2whW4JVMXSo/juLERFASI=&c=lXWRSP2iyIdJCRQyxTz5MMx9NMppoHxADgQ/uZ5Hj9KP6IaNIybZ5oQRxLMgNDEE3AXdFWLn6I0U9VmuHvg25gTpdaF PDc3t/WwpnnnrpKocQ6ZUu5o9pszO6vMDTZ2&fallback_url=http://dl.google.com/.../picasa39-setup.exe&downloadAs=Picasa-12733-dp.exe  (6ad37484bd95ebec354625a5da2b1db7)

1 / 68      (PUP)
http://www.cleandeliveryhead.com/c?x=S QpQsx42mHYHmOJMJXLittHCSRrQve9itYrFewJWsg=&c=szVpoGl7VrpaBczIwqnHawY0giffGcenDoDxyNdetXkflA1Ts3wCwk6bu/JTY212fRjqXDDrkbU/abwIT 7kgZDuMjgnQAzKgEtS7LOemIO93br2tQnfCcxo4JWnEs2JfJ5nkwzRFd3ZidnZK/sgzSyPEAqgFGiCCHjL2SY1aWQ=&fallback_url=http://www.abiword.org/downloads/abiword/2.9.4/.../abiword-setup-2.9.4.exe&downloadAs=AbiWord-12889-dp.exe  (59e6.tmp)

1 / 68      (Adware)
http://www.cleandeliveryhead.com/c?x=w8Usl/9TO3mslRm2jvf5NbgpjiSrao9Cd1kltY y0gA=&c=Nqe8QlHSKmMDzlQEzMlKt/f78yZiUsaeM4k4yCok HSGyS4SLkcn3qcO97Xr1N ovfm bwguaYWPHmNwy8LghAYtnTzGLYDZSx2byHYreXattouKqwWXC9J27lo3NVX8&fallback_url=http://www.nchsoftware.com/.../pstagesetup.exe&downloadAs=Photostage-Slideshow-17952-dp.exe  (402b0079e2ec5b90e2d3081ba27df508)

2 / 68      (false positives)
http://www.cleandeliveryhead.com/c?x=KN2exYDfpq0QKWkKJ97W4w6iMP6ruN3Xh 6/1bKmxFg=&c=bLuOffMzqjyFY7aDjmEDW5K0UwMnBdOjz7jvwnbuKhdsmTUws6CghZCCQFEPCV8i1zMKvGF2ID6pqvv9xFqmOuVUSV96wrxW8ATGeJwqz2H7wGkc7P VkableW8cZ6Jy&fallback_url=https://ftp.mozilla.org/pub/firefox/releases/44.0.2/win64/.../Firefox Setup 44.0.2.exe&downloadAs=Firefox-13108-dp.exe  (wrar420.exe)

1 / 68      (Adware)
http://www.cleandeliveryhead.com/c?x=TkNeqUBPm4hpU7/OJg3ggP4NnJFcp0KS9Q5MM0z3Ipo=&c=DnujTtBelQKDE7KHtcJniprAk5NeZRYziOAnrSm028OQI84nm1On/zODgsy7zcDcg1CiUWh0JbdOBY5v33nqw91qM4VeagDJZbMvpwZks8Wnkx/aHxRqN5neWjnNcVnP&fallback_url=http://appldnld.apple.com/Safari5/.../SafariSetup.exe&downloadAs=Safari-13196-dp.exe  (b78c0c4107d29cc280b11778f9019a2e)

1 / 68      (Adware)
http://www.cleandeliveryhead.com/c?x= 4PI9KSZF2 6L90x5WPf2JuRLkKR4GF8c9ZadExDZ2M=&c=31NqxMrU/4lhe4Q6awoD EYgLnd7ZYXjHM/65ZmIkcEjkCtXJfXg0QDdwSOAGNlZDPbAeEDA31mAVTAE23ae KR/wsK1bqTJGZA a1biGYr6sK1ll/ J2Qhm67UJfhF6&fallback_url=http://storage.dobreprogramy.pl/.../microsoftproducer.msi&downloadAs=Producer-for-PowerPoint-11667-dp.exe  (a5f5d78666a0e617f9bf85940cc43c1d)

1 / 68      (Adware)
http://www.cleandeliveryhead.com/c?x=6Jvw8SR770OJ6UvXU67Cjp1cppIYYnMsEockUpXyxF8=&c=aDEWtgAbVRX2mLKvmd8pHocOvKNgkpYGIWjnvKjVAiGRETsF/T nSrRsydWUMP40BkmJP90FvL7GoEKW5ivJ3xuYC2tjZ01Cwfg9xYVs21jjhfGtoH8svrkeLe9rhKem&fallback_url=http://files.metageek.net/.../inSSIDer4-installer.msi&downloadAs=inSSIDer-17095-dp.exe  (83b7a99b8c62d2beb12ecb5de64d68a3)

1 / 68      (Adware)
http://www.cleandeliveryhead.com/c?x=4aE0/dX48jTdn9lee1s4iEoW27iKN2zk6eD6GFBjtAM=&c=QB6 g60Gqlmc6D2o2lhMZvCULbiA5hNoAm3QSJ/lKAreJc891dx//J Tu 2A fZofO5Z5fKZfGVPfzHvPFPYzVAP3qPx26noD1U9956xBngfA3l4IYOT3rnfJPUKWpnJ&fallback_url=http://goldwaving.com/.../InstallGoldWave619.exe&downloadAs=GoldWave-30566-dp.exe  (264337df99f9094cfd05d9c0e3c5f9a9)

The following 6 files have been seen to comunicate with www.cleandeliveryhead.com in live environments.

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.