home

www.dlcurrentsafe.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
dlcurrentsafe.com

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.installCore.MICROMAXSTUDIO.Installer (M), PUP.installCore (M)
100.00%

The domain www.dlcurrentsafe.com has been seen to resolve to the following 11 IP addresses.

52.25.41.73
ec2-52-25-41-73.us-west-2.compute.amazonaws.com
May 20, 2016

52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
May 20, 2016

54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
April 18, 2016

54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
April 18, 2016

52.26.95.11
ec2-52-26-95-11.us-west-2.compute.amazonaws.com
April 18, 2016

52.35.10.15
ec2-52-35-10-15.us-west-2.compute.amazonaws.com
April 13, 2016

52.34.170.106
ec2-52-34-170-106.us-west-2.compute.amazonaws.com
April 13, 2016

52.25.23.136
ec2-52-25-23-136.us-west-2.compute.amazonaws.com
April 13, 2016

54.191.37.5
ec2-54-191-37-5.us-west-2.compute.amazonaws.com
April 13, 2016

54.69.11.66
ec2-54-69-11-66.us-west-2.compute.amazonaws.com
April 13, 2016

52.88.159.85
ec2-52-88-159-85.us-west-2.compute.amazonaws.com
April 13, 2016

File downloads found at URLs served by www.dlcurrentsafe.com.

1 / 68      (PUP)
http://www.dlcurrentsafe.com/c?x=9DCXRkSSp4d9QdFhxYGe1Gwqm agnyQXaWcpqwysmW4=&c=kQ7ATyrc57X3N4W14la/d 3jncn/6s/MoQWlRsbD7xdYyrbTnTR/v0z9MujFyPXLr3/ ShqzdvbEl5KFKpORlLavoEnLFG/CMG9krvWRkAxTeC2RI6sZe3N4eDtc/mFhJa1RUQ QNxUgYatSNHwcJJpxQUZCPiIGHUBQEWFT14wpzGyleCrbEKwZyqR6clrB&fallback_url=http://res.mshist.com/.../ClashOfClans.exe  (a5614637754ddfe79ce26090d043ffdf)

1 / 68      (PUP)
http://www.dlcurrentsafe.com/c?x=vqS3mDEHRpC ripdlI7XiCSXQTO9uRUVnoULDOYa7so=&c=oJmJDKDPI0 2PHYifSX5qHhhCxszn8WAossXcDnmR91xJWCHyr3AUNpYLyx/S0d 8Gj5wGK4w59HaPzW3dP9VTxPuff2lfWhBOOVctsR9V59bGd9JqtVTKFdquWx ASU&fallback_url=http://res.hufftos.com/.../Firefox_Setup_21.0_fr.exe  (52852a66f03102177bfdaf2eec789fc3)

1 / 68      (PUP)
http://www.dlcurrentsafe.com/c?x=vBG9ZKlJZ9FRBCkcqzOhJtW6CN/njkdVDZOfdgPChiE=&c=rXZE1Yr8b1Op3tsGEA15RbLsV Er0rFndlZxx203GmK4jfkIDPrYl9cL 64Y4R2QKOlKmJ1fjv NSp6v6oR1NNWUsRInjr3DboL5pruuleXdgpu/CdVg/VAkuttGqbTV&fallback_url=http://res.hufftos.com/.../Firefox_Setup_21.0_fr.exe  (47f13e3aef7597254bdded6b2dd04b23)

1 / 68      (PUP)
http://www.dlcurrentsafe.com/c?x=E65IodmqYkecQwVbuwwryMeQNDr0ZPc8otl6LRQyfp4=&c=Ld3Rv qjAqB5xfYpu4g7rIg5g7rvLYWxubtINUGyYcBK1yaBOhgrakQtF peDVDMAHBFoAInItVrQWXNTs5wDCXQyD7ShBo042U/QuuCk1UmlIJhGrRSxMShCy9ou2gz&fallback_url=http://res.hufftos.com/.../Firefox_Setup_21.0_fr.exe  (icreinstall_firefox_setup_21.0_fr.exe)

1 / 68      (PUP)
http://www.dlcurrentsafe.com/c?x=uV3/p2CFAbryZxrm60 DlhXggyAajEoKJM ROiHgaBM=&c=KGrI673oCcMTnw6yEoYuklm3IS2r3xHCJdKaPFGwinqsODhWqEK7nel4hp9z6/xUJ8XVZ3xQ88pn4u1yyuCOOM8FdNdxoxsqeDIbCJWjCbrJWG7dn3/vx2Q5aeFN60O5&fallback_url=http://res.hufftos.com/.../Apache_OpenOffice_incubating_3.4.1_Win_x86_install_fr.exe  (fd97125faaa6146aa795e9fa37971efb)

The following 6 files have been seen to comunicate with www.dlcurrentsafe.com in live environments.

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.