home

www.presentbestsafe.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
presentbestsafe.com

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.InstallCore.Installer.Installer (M), PUP.InstallCore.FC.Installer (M)
100.00%

The domain www.presentbestsafe.com has been seen to resolve to the following 13 IP addresses.

52.38.209.219
ec2-52-38-209-219.us-west-2.compute.amazonaws.com
June 6, 2016

52.33.165.25
ec2-52-33-165-25.us-west-2.compute.amazonaws.com
June 6, 2016

52.32.12.104
ec2-52-32-12-104.us-west-2.compute.amazonaws.com
June 6, 2016

52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
June 6, 2016

54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
April 15, 2016

54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
April 15, 2016

52.26.95.11
ec2-52-26-95-11.us-west-2.compute.amazonaws.com
April 15, 2016

52.25.23.136
ec2-52-25-23-136.us-west-2.compute.amazonaws.com
February 12, 2016

54.191.37.5
ec2-54-191-37-5.us-west-2.compute.amazonaws.com
February 12, 2016

54.69.11.66
ec2-54-69-11-66.us-west-2.compute.amazonaws.com
February 12, 2016

52.88.159.85
ec2-52-88-159-85.us-west-2.compute.amazonaws.com
February 12, 2016

52.35.10.15
ec2-52-35-10-15.us-west-2.compute.amazonaws.com
February 12, 2016

52.34.170.106
ec2-52-34-170-106.us-west-2.compute.amazonaws.com
February 12, 2016

File downloads found at URLs served by www.presentbestsafe.com.

1 / 68      (Adware)
http://www.presentbestsafe.com/c?x=9HwakztgvzWu2du/dURaYLG0LmJLEdiYYpMjPqEqQ10=&c=waifmeFKVENEDMKwGOSq0F2vVDyDXRl/0WVfRslp0/WLmKSQvjAQWiXpXlgvHUX2NA8l/H4kkMsIhjr3gdkgSMhj/ZrWBBAnibmFZ5Daej41gr1Y8FmVqDCTj5mFKQnwtA/YeCJA8HntMCQ1Edp7Xg==&downloadAs=super_mario_rpg.exe&fallback_url=http://gamefabrique.com/dl/.../super_mario_rpg.exe  (icreinstall_super_mario_rpg.exe)

1 / 68      (Adware)
http://www.presentbestsafe.com/c?x=dhTJL6Ly69ZQpYgQU0lXYfprlO6GIAUUydQ05D6Acxc=&c=wI4gsbOqBhtztdpp0sV uagGh sjQ70MSN6aH3AbYx80lA19O4awKO1dZJ1qveM8x2N9O558IHSDih5nWglztaH7FTEpUeaS4PRafBNVJiVhzxgbapP/3o7TVpF9byoy&downloadAs=supercross_2000.exe&fallback_url=http://gamefabrique.com/dl/.../supercross_2000.exe  (icreinstall_supercross_2000.exe)

1 / 68      (Adware)
http://www.presentbestsafe.com/c?x=jPABRFwk6ttgqF0hdk0BmA8GwyJ8954Eevqw9w33J/M=&c=j6U8gfZxaIBVF5BJV9N5ryOi1nfTSJCgFHvvwQh8wtQ4fdtQZudOdrOjexOZSGxp14VutzpVU3Ynjs6GMeAVyzpledW 9vGnm kpKW17VnCjy9aNu4i5u4ud9WIHGSCJ&downloadAs=nhl_99.exe&fallback_url=http://gamefabrique.com/dl/.../nhl_99.exe  (ef179d827313101c969d57e5b93c5ef4)

1 / 68      (Adware)
http://www.presentbestsafe.com/c?x=4Bldz9d8iRNbxJUX4K1sO1IGA VlaaC4OV7bagfLFH0=&c=Gp0xApdCqpMLGvn0NWENW/GyJu4qYzFBnkbt 5wsSUS20oXVtOt5MRkk6BVcd4fLaB/Q0GDxzd FWYeU29nwTdPPLyQsk1RhSDdjol29MH3hRqFmmaFlsY8Z1yxvG ga&downloadAs=wcw_nitro.exe&fallback_url=http://gamefabrique.com/dl/.../wcw_nitro.exe  (7dcbce46dc92945323216a29b8bca447)

1 / 68      (Adware)
http://www.presentbestsafe.com/c?x=lf6hgog0F15PseLEwHy5/FlsGahkOhAwuFrz1D7TvJk=&c=9Z8WmBoS7celDak8xRHD2Za3PoZckFbZbqWb7BltrXwEi23yK3iNTH245zudnkVlgWc2jLe2JmRN8trwShxOCA7UdMG4Yk3GlyrPXwYrnBbUPWpDcyeJ66c2OQs26TCt&downloadAs=nhl_99.exe&fallback_url=http://gamefabrique.com/dl/.../nhl_99.exe  (ef179d827313101c969d57e5b93c5ef4)

1 / 68      (Adware)
http://www.presentbestsafe.com/c?x=kcBmDOqTT3wxWsBWkzugpHEaMAgDN57Krk9oi/C/d/I=&c=RiIzyQtZLmdrlIArc1CjnwC8EixSnoEr7MuakHadMkDn/dd2ETwDUmpAuIjcDyJiTwV9IrrOj7kF2obNTwBIJbuW6D9QE4BRRRi5ehpBAMRyEptSUTOcd8raXgl2/P2d&downloadAs=sonic_the_hedgehog.exe&fallback_url=http://gamefabrique.com/dl/.../sonic_the_hedgehog.exe  (39f1c939ab809446486711aa363128d4)

1 / 68      (Adware)
http://www.presentbestsafe.com/c?x=J/JkrWp6vuRWYLcn4yW8BCWUUO3aOGoWayQbpw6aEdk=&c=dtN7FbkrE8Y2fsGkjixn91IoMbI6ZuXXMI1OKleJ9LDl1Ri1WwVzoqW2jUFdR6D/sVYRd6t4HNwlZYmm0TjT3y4gh8TJb0oO3RhGG1qSDtbjhnd7zRaIzie0uK4E6LrMXcwGb4E 9kYLLT2WO90PQ==&downloadAs=desert_strike_return_to_the_gulf.exe&fallback_url=http://www.games4win.com/download/.../desert_strike_return_to_the_gulf.exe  (18aed1d11be7814d9ba87bed3e839c2f)

1 / 68      (Adware)
http://www.presentbestsafe.com/c?x=BjDEFqaOizRTh2YHWx0rvzjAyjr2EC1DI9Xii1VRXeM=&c=Bzt4ppyYGrzOUZC7o i8Ppie0TcxvZ78qFH0ZVSMLK9i7fM7baQCyfQmGXRH6mozO//egbt6p6PZ41CZZp7ugJ IR5cFnj/GQOTxU lEKeebmn0yFiWxmaFavkAcFr0ZTuvLk2DYX8Y6C7sGB2yObA==&downloadAs=super_mario_bros.exe&fallback_url=http://gamefabrique.com/dl/.../super_mario_bros.exe  (icreinstall_super_mario_bros.exe)

1 / 68      (Adware)
http://www.presentbestsafe.com/c?x=Ju3D2cT834XWN8vNnht /Ja/EMU2KUjldnomsZbpzNw=&c=iHw0allAE8hLcOu2mGhcvVrdFAFnCH2TMSlaDyNQHkneeofpMa75eAD2ODpl0qZmt8PbsULyK/WdIY6vYMuw/aMRj5bk jiCQsIawvayK4rMHuUFHwQLmIcwhXCyLOry&downloadAs=RnR_JEOPARDY!_Setup.exe&fallback_url=http://d.trymedia.com/dm/sonypictures/1h_pkg531/.../RnR_JEOPARDY!_Setup.exe  (2b24348a1a3a8f657f210fb6acbd20c6)

1 / 68      (Adware)
http://www.presentbestsafe.com/c?x=cwWJCTJwhSke3RDpFjCOX4RgfWCFYkYGRa0K1rMsMtI=&c=lZGJJLSnBuZ7hPZm0XOodvfPG6pFKQuyvdOaP7EAZCu3IOxeLuYt9/gn8fXxzaZyB/zMgqWL3r49R7jPwnZdFCqanM5ML3buDu5kw0rhQO5T2dipd/q/ptZVZFnfgZ a&downloadAs=Dark MatterSetup.exe&fallback_url=http://d.trymedia.com/dm/meridian/1h_pkg542/.../Dark MatterSetup.exe  (e161a70ef17b6ee8ad3b9d9f957457d9)

1 / 68      (Adware)
http://www.presentbestsafe.com/c?x=Mjx9Tb 6hhzWkERo/ sL/60YaSCGW7sOslurtz2 208=&c=9mshp/2ZbIV4GCRylL/i8/5E9SuS4NoUTjzly 597e4aBdFr0gRNcPV4RGnOFiliiKmnU/jSq iJ/f rhdPTb8X/kJPWskFG2uD7wg4jhFxIu2g Y5zbNTifA2Ti36zI&downloadAs=HoChiMinhTrailSetup.exe&fallback_url=http://d.trymedia.com/dm/epie/30m3l_d_tg52/.../HoChiMinhTrailSetup.exe  (288100bafb3380412a6fa7b3c2ffb4c9)

The following 18 files have been seen to comunicate with www.presentbestsafe.com in live environments.

TCP » 52.38.209.219:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.38.209.219:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.38.209.219:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.38.209.219:80
browser.exe (Browser)

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.38.209.219:80
3.9.0.128_20140916045038.exe (The KMPlayer by PandoraTV)

TCP » 52.38.209.219:80
e5be.tmp

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

TCP » 52.38.209.219:80
client.exe

TCP » 52.38.209.219:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.38.209.219:80
kmplayer 3.8.0.117 -[www.patoghu.com].exe (The KMPlayer by PandoraTV)

TCP » 52.38.209.219:80
KMPlayer_3.9.0.126.exe (The KMPlayer by PandoraTV)

TCP » 52.38.209.219:80
3.9.0.125_20140702035547.exe (The KMPlayer by PandoraTV)

TCP » 52.38.209.219:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.38.209.219:80
online-guardian-v2.0.9.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.