home

www.registry-clean-up.net

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain www.registry-clean-up.net is registered by proxy through ENOM, INC. and was originally registered in September of 2008. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in West Chester, Ohio within the United States which resides on the Level 3 Communications, Inc. network.
Registrar:
ENOM, INC.

Server location:
Ohio, United States (US)

Create date:
Monday, September 15, 2008

Expires date:
Saturday, September 15, 2018

Updated date:
Tuesday, December 15, 2015

ASN:
AS30152 BEYOND-HOSTING - Beyond Hosting, LLC,US

Root domain:
registry-clean-up.net

Whois:
2 registry-clean-up.net records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.ParetoLogic.Optional.Installer.Meta (L), PUP.Optional.ReimageLimited.N, PUP.Optional.Installer, PUP.Reimage (L), Win32.Generic.Reimage.Installer.Meta
100.00%

Trend Micro House Call
Suspicious_GEN.F47V1116, Suspicious_GEN.F47V0429, Suspicious_GEN.F47V0520
80.00%

Dr.Web
Adware.Plugin.171, Trojan.Crossrider1.1621, riskware program Program.Unwanted.493
80.00%

McAfee
Artemis!8DDC6C3D11DC, Artemis!9B8D97161AE5, Artemis!72CB31555DA5, Artemis!D7830F8B35ED
80.00%

Fortinet FortiGate
Riskware/ReImageRepair
80.00%

Baidu Antivirus
PUA.Win32.VMDetect, PUA.Win32.ReImageRepair
80.00%

ESET NOD32
Win32/ReImageRepair (variant), Win32/ReImageRepair.F potentially unwanted
60.00%

Agnitum Outpost
Riskware.Agent
40.00%

Zillya! Antivirus
Downloader.Agent.Win32.227126, Downloader.Agent.Win32.241821
40.00%

Bkav FE
W32.HfsAdware
40.00%

Malwarebytes
PUP.Optional.ReImageRepair.A
40.00%

AhnLab V3 Security
Trojan/Win32.FakeAV
20.00%

avast!
Win32:Rootkit-gen [Rtk]
20.00%

G Data
Win32.Application.VMDetect
20.00%

herdProtect (fuzzy)
a variant of 3d37449f32d1a44822a2eb9df54648f27564eb7d
20.00%

The domain www.registry-clean-up.net has been seen to resolve to the following 3 IP addresses.

192.124.249.12
cloudproxy10012.sucuri.net
March 3, 2016

167.114.0.153
cloudproxy429-eth0.sucuri.net
May 5, 2015

8.29.130.167
vps1.prospertracking202.info
May 30, 2014

File downloads found at URLs served by www.registry-clean-up.net.

10 / 68    (PUP)
http://www.registry-clean-up.net/.../RegCureProInstall.php  (reimagerepair.exe)

10 / 68    (PUP)
http://www.registry-clean-up.net/.../RegCureProInstall.php  (reimagerepair.exe)

12 / 68    (PUP)
http://www.registry-clean-up.net/.../RegCureProInstall.php  (ReimageRepair.exe)

11 / 68    (PUP)
http://www.registry-clean-up.net/.../RegCureProInstall.php  (reimagerepair.exe)

1 / 68      (PUP)
http://www.registry-clean-up.net/.../RegCurePro.exe  (regcureprosetup_rw.exe)

1 / 68      (PUP)
http://www.registry-clean-up.net/.../RegCureProInstall.php  (regcureprosetup_rw.exe)

URL:
http://www.registry-clean-up.net/

Web server:
Sucuri/Cloudproxy

Facebook:
Shares:  37
Comments:  3

Statistics are for the previous month.

alphacard.com

cicnews.com

cuevana2.tv

cummins.com

desicomments.com

eradicationx.com

graphictwister.com

haxreborn.com

inspirationde.com

lenscratch.com

mcleodhealth.org

oncenter.com

pecuniasystems.com

profileengine.com

sutron.com

tfdidesign.com

thepushforchange.com

spyware-fix.net

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.