home

www.thelrein.com

Fundacion Private Whois  (Proxy Registrant)

Domain Information

The domain www.thelrein.com is registered by proxy through INTERNET.BS CORP. and was originally registered in March of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Montreal, Quebec within Canada which resides on the OVH Hosting, Inc. network.
Registrar:
INTERNET.BS CORP.

Server location:
Quebec, Canada (CA)

Create date:
Tuesday, March 18, 2014

Expires date:
Wednesday, March 18, 2015

Updated date:
Tuesday, March 18, 2014

Root domain:
thelrein.com

Whois:
1 thelrein.com record

Google Safe Browsing:
malware

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.SOFTWAREAGILITYLIMITED.N, PUP.SOFTWAREAGILITYLIMITED.Q, PUP.SOFTWAREAGILITY (M), PUP.SOFTWARE (M)
100.00%

Dr.Web
Adware.Downware.6864
22.22%

avast!
Win32:Adware-gen [Adw]
22.22%

ESET NOD32
Win32/AdWare.OxyPumper.B application
22.22%

AVG
Adware Generic5.BCOT
22.22%

MicroWorld eScan
Gen:Variant.Adware.Graftor.148401
22.22%

McAfee
PUP-FNC, Program.PUP-FNC
22.22%

NANO AntiVirus
Trojan.Win32.Agent.ddthdl, Trojan.Win32.Agent.ddphle
22.22%

F-Prot
W32/A-9008fe7f, W32/A-6bd25a89
22.22%

Kaspersky
not-a-virus:Downloader.Win32.Agent
22.22%

Bitdefender
Gen:Variant.Adware.Graftor.148401
22.22%

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.148401
22.22%

F-Secure
Gen:Variant.Adware.Graftor.148401
22.22%

Avira AntiVirus
ADWARE/Adware.Gen8
22.22%

AhnLab V3 Security
Adware/Win32.Graftor
22.22%

The domain www.thelrein.com has been seen to resolve to the following 4 IP addresses.

5.39.99.51
July 12, 2016

167.114.156.214
ns513839.ip-167-114-156.net
June 21, 2016

54.72.9.51
ec2-54-72-9-51.eu-west-1.compute.amazonaws.com
April 10, 2016

176.121.11.90
August 19, 2014

File downloads found at URLs served by www.thelrein.com.

1 / 68      (Adware)
http://www.thelrein.com/getdm/down.php?keywordname=Game&filesize=20MB&fileurl=http://www.installdream.com/.../OxyBrowser.exe&affid=57200003&type=oxy&version=2.0.0.109  (game.exe)

1 / 68      (Adware)
http://www.thelrein.com/getdm/down.php?keywordname=dokhtar_irani&filesize=8MB&fileurl=http://www.installdream.com/.../OxyBrowser.exe&affid=470500014&type=oxy&version=2.0.0.139  (dokhtar_irani.exe)

1 / 68      (Adware)
http://www.thelrein.com/getdm/down.php?keywordname={Activate_Win7}&filesize=9MB&fileurl=http://www.installdream.com/.../OxyBrowser.exe&affid=1384000010&type=oxy&version=2.0.0.139  ({activate_win7}.exe)

1 / 68      (Adware)
http://www.thelrein.com/getdm/down.php?keywordname={Activate_Win7}&filesize=11MB&fileurl=http://www.installdream.com/.../OxyBrowser.exe&affid=1384000010&type=oxy&version=2.0.0.139  ({activate_win7}.exe)

1 / 68      (Adware)
http://www.thelrein.com/getdm/down.php?keywordname=VMPLAYER_DOWNLOAD&filesize=14MB&fileurl=http://www.installdream.com/.../OxyBrowser.exe&affid=11100002&type=oxy&version=2.0.0.109  (vmplayer_download.exe)

1 / 68      (Adware)
http://www.thelrein.com/.../ColorMyFacebook_Downloader_1018600014.exe  (colormyfacebook_downloader.exe)

1 / 68      (Adware)
http://www.thelrein.com/getdm/down.php?keywordname=J_S_Bach_s_Air_on_G_String_(5_MB)_mp3&filesize=8MB&fileurl=http://www.installdream.com/.../OxyBrowser.exe&affid=1428800001&type=oxy&version=2.0.0.124  (j_s_bach_s_air_on_g_string_(5_mb)_mp3.exe)

29 / 68    (Adware)
http://www.thelrein.com/getdm/down.php?keywordname=Adobe_CS6_Keygen&filesize=7MB&fileurl=http://www.installdream.com/.../OxyBrowser.exe&affid=170200010&type=oxy&version=2.0.0.107  (adobe_cs6_keygen.exe)

19 / 68    (Adware)
http://www.thelrein.com/getdm/down.php?keywordname=Pokemon_Y_Rom&filesize=6MB&fileurl=http://www.installdream.com/.../OxyBrowser.exe&affid=510800010&type=oxy&version=2.0.0.125  (pokemon_y_rom.exe)

The following 246 files have been seen to comunicate with www.thelrein.com in live environments.

TCP » 54.72.9.51:80
toolbarupdaterservice.exe

TCP » 54.72.9.51:80
hdnInstaller.exe (hdnInstaller)

TCP » 54.72.9.51:80
onedrvup.exe

TCP » 54.72.9.51:80
hdnInstaller.exe (hdnInstaller)

TCP » 167.114.156.214:3333
webproxy.exe

TCP » 54.72.9.51:80
247843.ftf (Optimizer Pro v3.2 by PC Utilities Software Limited)

TCP » 54.72.9.51:80
1799877.exe

TCP » 54.72.9.51:80
IEError.exe (IEError)

TCP » 54.72.9.51:80
install_flashplayer14x32_x64md_aaa_aih.exe (bon joueur)

TCP » 54.72.9.51:80
optimizerproinstaller.exe (Optimizer Pro v3.2 by PCUtilities Software Limited)

TCP » 167.114.156.214:80
setup_info.exe

TCP » 54.72.9.51:80
charles.exe (by Apple)

TCP » 54.72.9.51:80
onedrv.exe

TCP » 54.72.9.51:80
IEError.exe (IEError)

TCP » 54.72.9.51:80
updater27793.exe (CouponDropDown Plugin by Innovative Apps)

TCP » 167.114.156.214:80
tencent.exe (by Tencent)

TCP » 54.72.9.51:80
install_flashplayer16x33_masp_aaa_aih.exe (by Apple)

TCP » 54.72.9.51:80
toolbarupdaterservice.exe

TCP » 54.72.9.51:80
hdnInstaller.exe (hdnInstaller)

TCP » 167.114.156.214:80
rs.exe

 
Latest 20 of 260 files

URL:
http://www.thelrein.com/

Title:
“thelrein.com”

Web server:
nginx

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.