home

www.protectmedia.net

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain www.protectmedia.net is registered by proxy through ENOM, INC. and was originally registered in May of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Montreal, Quebec within Canada which resides on the OVH Hosting, Inc. network.
Registrar:
ENOM, INC.

Server location:
Quebec, Canada (CA)

Create date:
Wednesday, May 7, 2014

Expires date:
Thursday, May 7, 2015

Updated date:
Wednesday, May 7, 2014

ASN:
AS16276 OVH OVH SAS,FR

Root domain:
protectmedia.net

Whois:
1 protectmedia.net record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.BR Software.BRSOFTWA (M), PUP.Midia Technologies.MIDIATEC.Bundler (M), PUP.MINDSTOR.Installer (M), PUP.BR Software.GENCOLAB.Installer (M), PUP.BR Software (M), PUP.Midia Technologies (M)
98.00%

MicroWorld eScan
Trojan.GenericKD.2176974
2.00%

VIPRE Antivirus
Amonetize
2.00%

Trend Micro House Call
Suspicious_GEN.F47V0219
2.00%

avast!
NSIS:Adware-RE [PUP]
2.00%

Kaspersky
Trojan-Downloader.Win32.Genome
2.00%

Bitdefender
Trojan.GenericKD.2176974
2.00%

Lavasoft Ad-Aware
Trojan.GenericKD.2176974
2.00%

Emsisoft Anti-Malware
Trojan.GenericKD.2176974
2.00%

F-Secure
Trojan.GenericKD.2176974
2.00%

Sophos
Mal/Generic-S
2.00%

Avira AntiVirus
TR/Dldr.Adload.65579
2.00%

G Data
Trojan.GenericKD.2176974
2.00%

McAfee
RDN/Generic Downloader.x!mr
2.00%

Baidu Antivirus
Adware.Win32.Genome
2.00%

The domain www.protectmedia.net has been seen to resolve to the following 2 IP addresses.

192.99.4.18
onlinemidia.com
August 1, 2014

198.27.67.61
web01.onlinemidia.com
May 31, 2014

File downloads found at URLs served by www.protectmedia.net.

1 / 68      (Adware)
http://www.protectmedia.net/ids/.../getFile?lnk=Rmxhc2hQbGF5ZXJ8aHR0cDovL2dldC5hZG9iZS5jb20vYnIvZmxhc2hwbGF5ZXIv&dec=1  (flashplayer.exe)

1 / 68      (Adware)
https://www.protectmedia.net/ids/.../getFile?lnk=Rmxhc2hQbGF5ZXJ8aHR0cDovL2dldC5hZG9iZS5jb20vYnIvZmxhc2hwbGF5ZXIv&dec=1  (flashplayer.exe)

1 / 68      (Adware)
http://www.protectmedia.net/ids/.../getFile?lnk=Rmxhc2hQbGF5ZXJ8aHR0cDovL2dldC5hZG9iZS5jb20vYnIvZmxhc2hwbGF5ZXIv&dec=1  (flashplayer.exe)

1 / 68      (Adware)
http://www.protectmedia.net/ids/.../getFile?lnk=Rmxhc2hQbGF5ZXJ8aHR0cDovL2dldC5hZG9iZS5jb20vYnIvZmxhc2hwbGF5ZXIv&dec=1  (flashplayer.exe)

1 / 68      (Adware)
https://www.protectmedia.net/ids/.../ – Fuga de Alcatraz – DVDRip Dublado.exe  (fuga de alcatraz dvdrip dublado.exe)

1 / 68      (Adware)
http://www.protectmedia.net/ids/.../getFile?lnk=Rmxhc2hQbGF5ZXJ8aHR0cDovL2dldC5hZG9iZS5jb20vYnIvZmxhc2hwbGF5ZXIv&dec=1  (flashplayer.exe)

1 / 68      (Adware)
http://www.protectmedia.net/ids/.../getFile?lnk=Rmxhc2hQbGF5ZXJ8aHR0cDovL2dldC5hZG9iZS5jb20vYnIvZmxhc2hwbGF5ZXIv&dec=1  (flashplayer.exe)

1 / 68      (Adware)
https://www.protectmedia.net/ids/.../Xo John Mayer Lancamento 2014.exe  (xo john mayer lancamento 2014.exe)

1 / 68      (Adware)
https://www.protectmedia.net/ids/id27/Download Kmspico Ativador Windows 7/.../2013.exe  (download kmspico ativador windows 7.exe)

1 / 68      (Adware)
https://www.protectmedia.net/ids/.../Baixar Cd Hits Da Copa Brasil 2014.exe  (baixar cd hits da copa brasil 2014.exe)

1 / 68      (Adware)
https://www.protectmedia.net/ids/id51/.../Download_CD_Brasil_Copa_2014_–_Coletânea_Especial_em_Mp3.exe  (download_cd_brasil_copa_2014__coletnea_especial_em_mp3.exe)

1 / 68      (Adware)
https://www.protectmedia.net/ids/.../Wolverine Imortal (Wolverine Immortal) (2013) Bluray 1080p Mp4 Dublado.exe  (wolverine imortal (wolverine immortal) bluray 1080p mp4 dublado.exe)

1 / 68      (Adware)
https://www.protectmedia.net/ids/.../Cd: Renascer Praise 18 Canto De Siao 2013 .exe  (cd- renascer praise 18 canto de siao 2013.exe)

1 / 68      (Adware)
https://www.protectmedia.net/ids/.../Sabe De Nada Roberto Nunes Lancamento 2014.exe  (sabe de nada roberto nunes lancamento 2014.exe)

1 / 68      (Adware)
https://www.protectmedia.net/ids/.../ Norbit.exe  (771433226f211ac8e706121f09e0d68e)

1 / 68      (Adware)
https://www.protectmedia.net/ids/.../Copa De Elite Nacional AVI BDRip.exe  (6a7c94218d9b4a31d30f24e668cb3494)

1 / 68      (Adware)
https://www.protectmedia.net/ids/.../ Julio Sumiu Nacional 2014 .exe  (julio sumiu nacional 2014.exe)

1 / 68      (Adware)
https://www.protectmedia.net/ids/.../ Filme Julio Sumiu – Nacional.exe  (filme julio sumiu nacional.exe)

1 / 68      (Adware)
https://www.protectmedia.net/ids/id120/Dump-azamerica-f38 20/.../2014.exe  (dump-azamerica-f38 20.exe)

1 / 68      (Adware)
https://www.protectmedia.net/ids/.../Jotta A. Nossa Vibe (feat. Lito Atalaia) Mp3.exe  (jotta a. nossa vibe (feat. lito atalaia) mp3.exe)

The following file have been seen to comunicate with www.protectmedia.net in live environments.

TCP » 198.27.67.61:80
webproxy.exe (Panda residents by Panda Security)

URL:
http://www.protectmedia.net/

SSL certificate subject:
CN=protectmedia.net, OU=PositiveSSL, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
nginx/1.0.15

alamaya.me

baixarmidia.com

centijo.net

eimia.net

flashbean.net

gonload.me

klumag.net

loadfor.me

midiasense.com

netcoolery.net

onlinemidia.com

reqget.me

skivu.net

skullpoller.me

wikizu.net

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.