» www.greensft.com
Overview
Analysis
IPs Addresses (4)
Downloads (1)
Website Detail

www.greensft.com

Felix Leshno

Domain Information

The domain www.greensft.com registered by Felix Leshno was initially registered in March of 2013 through Moniker Online Services. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Chantilly, Virginia within the United States which resides on the SoftLayer Technologies Inc. network.

Registrant:

Felix Leshno

Registrar:

Moniker Online Services

Server location:

Virginia, United States (US)

Create date:

Monday, March 11, 2013

Expires date:

Wednesday, March 11, 2015

Updated date:

Thursday, February 20, 2014

ASN:

AS36351 SOFTLAYER - SoftLayer Technologies Inc.,US

Root domain:

greensft.com

Whois:

1 greensft.com record

Scanner detections:

Detections (95% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.Installer.R2D2TechSoftware.P, PUP.Installer.GiraffeTechSoftware.P, PUP.Performersoft.GreenTechSoftware.Installer (M), PUP.Performersoft.FortySevenTechSoftware.Bundler (M), PUP.Performersoft.CheapSoftware.Bundler (M), PUP.Performersoft.GiraffeTechSoftware.Bundler (M), PUP.Performersoft.GreenTec.Installer (M), PUP.Performersoft.R2D2Tech.Bundler (M), PUP.Performersoft.FortySev.Bundler (M), PUP.Performersoft.GiraffeT.Bundler (M), PUP.Performersoft (M)

94.74%

Dr.Web

Trojan.InstallBrain.1, Trojan.DownLoader11.27268, Adware.Downware.8543

23.68%

VIPRE Antivirus

Threat.4759033, InstallBrain

23.68%

AVG

Adware InstallBrain.BH, Adware InstallBrain.AT

23.68%

K7 AntiVirus

Unwanted-Program

23.68%

Sophos

InstallBrain, PUA 'InstallBrain'

23.68%

F-Prot

W32/A-3442f84d, W32/A-7db4adfc, W32/IBrain.B2.gen

23.68%

Avira AntiVirus

APPL/InstallBrain.Gen4, ADWARE/InstallBrain.Gen, APPL/InstallBrain.Gen7

23.68%

ESET NOD32

Win32/InstallBrain.CL potentially unwanted application, Win32/InstallBrain.CR potentially unwanted application, Win32/InstallBrain.CP potentially unwanted application

21.05%

MicroWorld eScan

Gen:Trojan.Heur.jv1@Ivh3p4b, Gen:Variant.Application.Bundler.27, Gen:Trojan.Heur.pv1@IX!Y1ld

21.05%

Bitdefender

Gen:Trojan.Heur.jv1@Ivh3p4b, Gen:Variant.Application.Bundler.27, Gen:Trojan.Heur.pv1@IX!Y1ld

21.05%

Emsisoft Anti-Malware

Gen:Trojan.Heur.pv1@IXffmNki, Gen:Variant.Application.Bundler.27, Gen:Trojan.Heur.pv1@IX!Y1ld

21.05%

Zillya! Antivirus

Trojan.Black.Win32.17554, Adware.BrainInst.Win32.132, Trojan.Black.Win32.16744

21.05%

G Data

Gen:Trojan.Heur.jv1@Ivh3p4b, Gen:Variant.Application.Bundler.27, Gen:Trojan.Heur.pv1@IX!Y1ld

21.05%

Vba32 AntiVirus

AdWare.BrainInst, Trojan.Badur

21.05%

The domain www.greensft.com has been seen to resolve to the following 4 IP addresses.

184.173.139.227

184.173.139.227-static.reverse.softlayer.com

November 3, 2014

108.168.162.219

108.168.162.219-static.reverse.softlayer.com

November 3, 2014

50.97.57.35

50.97.57.35-static.reverse.softlayer.com

November 3, 2014

50.97.56.107

50.97.56.107-static.reverse.softlayer.com

November 3, 2014

File downloads found at URLs served by www.greensft.com.

1 / 68 (Adware)

http://www.greensft.com/?p=veoh (veohplayersetup.exe)

URL:

http://www.greensft.com/

Web server:

nginx/1.2.4

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.