home

www.winflashupdate.com

Jennifer Reynolds

Domain Information

The domain www.winflashupdate.com registered by Jennifer Reynolds was initially registered in October of 2014 through NAME.COM, INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Kirkland, Washington within the United States which resides on the eNom, Incorporated network.
Registrar:
NAME.COM, INC.

Server location:
Washington, United States (US)

Create date:
Monday, October 13, 2014

Expires date:
Thursday, October 13, 2016

Updated date:
Wednesday, November 25, 2015

ASN:
AS21740 ENOMAS1 - eNom, Incorporated,US

Root domain:
winflashupdate.com

Whois:
3 winflashupdate.com records

Scanner detections:
Detections  (98% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Win.Reputation.IMP, PUP.Systweak.TUNEUPPR.Installer.Meta (L), PUP.Installer.PluginUpdateSL.F, PUP.Optional.Installer.F, PUP.Bundler.Softpulse, PUP.Softpulse.PluginUpdate.Bundler (M), PUP.Softpulse.Bundler (M), PUP.Softpulse.PluginUp.Bundler (M), PUP.Vittalia.InstallA.Installer (M), PUP.Vittalia.Software.Installer (M), PUP.Softpulse (M)
100.00%

Dr.Web
Trojan.DownLoader11.36367, Program.Unwanted.79, Adware.SoftPules.3, Trojan.DownLoader11.36367
16.33%

Malwarebytes
PUP.Optional.DomaIQ
16.33%

K7 AntiVirus
Unwanted-Program , Trojan
16.33%

Zillya! Antivirus
Adware.Agent.Win32.14911, Adware.Agent.Win32.16529, Adware.Agent.Win32.14751
16.33%

Clam AntiVirus
Win.Trojan.Softpulse-62, Win.Trojan.Softpulse-65, Win.Adware.Agent-30249, Win.Trojan.Agent-799612, Win.Adware.MultiPlug-31138
16.33%

avast!
Win32:SoftPulse-AM [PUP], SoftPulse-AO [PUP]
14.29%

VIPRE Antivirus
Threat.4783235, Threat.4150696
14.29%

MicroWorld eScan
Gen:Variant.Application.Bundler.20, Application.Bundler.SoftPulse.P
14.29%

McAfee
SoftPulse.a
14.29%

Bitdefender
Gen:Variant.Application.Bundler.20, Application.Bundler.GL, Gen:Variant.Application.Bundler.SoftPulse.8
14.29%

Sophos
SoftPulse, PUA 'SoftPulse' (of type Adware)
14.29%

Avira AntiVirus
APPL/Softpulse.Gen4, APPL/Downloader.Gen, PUA/SoftPulse.aone
14.29%

AhnLab V3 Security
PUP/Win32.SoftPulse
14.29%

G Data
Gen:Variant.Application.Bundler.20, Application.Bundler.GL, Gen:Variant.Application.Bundler.SoftPulse
14.29%

The domain www.winflashupdate.com has been seen to resolve to the following 4 IP addresses.

23.246.244.251
fb.f4.f617.ip4.static.sl-reverse.com
January 3, 2016

69.64.147.242
rc2.sjl01.dmtracker.com
October 26, 2015

104.28.24.16
October 20, 2014

104.28.25.16
October 20, 2014

File downloads found at URLs served by www.winflashupdate.com.

1 / 68      (Adware)
http://www.winflashupdate.com/down/flash/.../down.php?sid=310&dv1=ad304-gb&kw1=ad304-gb-san&uuid=03b5b778-99a7-4b42-4bf6-1b1c053e5001&dv3=03b5b778-99a7-4b42-4bf6-1b1c053e5001  (setup.exe)

1 / 68      (Adware)
http://www.winflashupdate.com/down/flash/.../down.php?sid=312&dv1=ad306-fr&kw1=ad306-fr-san&uuid=b475ae4e-d124-4bfd-4741-7a479ef859b7&dv3=b475ae4e-d124-4bfd-4741-7a479ef859b7  (setup.exe)

1 / 68      (PUP)
http://www.winflashupdate.com/down/flash/.../down.php?sid=312&dv1=ad306-fr&kw1=ad306-fr-san&uuid=57de908e-1b43-41e8-63bc-ea23ce771c4f&dv3=57de908e-1b43-41e8-63bc-ea23ce771c4f  (setup.exe)

1 / 68      (Adware)
http://www.winflashupdate.com/down/flash/.../down.php?sid=314&dv1=ad308-de&kw1=ad308-de-san&uuid=bcecb6da-7c31-44df-794c-288e7ee65fc4&dv3=bcecb6da-7c31-44df-794c-288e7ee65fc4  (setup.exe)

1 / 68      (Adware)
http://www.winflashupdate.com/down/flash/.../down.php?sid=312&dv1=ad306-fr&kw1=ad306-fr-san&uuid=78b2a00f-8b8c-4da5-7e8a-272e304d63d9&dv3=78b2a00f-8b8c-4da5-7e8a-272e304d63d9  (setup.exe)

1 / 68      (Adware)
http://www.winflashupdate.com/down/flash/.../down.php?sid=310&dv1=ad304-gb&kw1=ad304-gb-san&uuid=0da402d2-559c-4be8-5395-9155abd94950&dv3=0da402d2-559c-4be8-5395-9155abd94950  (setup.exe)

1 / 68      (Adware)
http://www.winflashupdate.com/down/flash/.../down.php?sid=325&dv1=ad319-it&kw1=ad319-it-san&uuid=d1082bb1-8f73-449f-6690-d68fe298a466&dv3=d1082bb1-8f73-449f-6690-d68fe298a466  (setup.exe)

1 / 68      (Adware)
http://www.winflashupdate.com/down/flash/.../down.php?sid=312&dv1=ad306-fr&kw1=ad306-fr-san&uuid=0c9b5d53-2f08-4463-7b03-3a9d39d5c96f&dv3=0c9b5d53-2f08-4463-7b03-3a9d39d5c96f  (setup.exe)

1 / 68      (Adware)
http://www.winflashupdate.com/down/flash/.../down.php?sid=325&dv1=ad319-it&kw1=ad319-it-san&uuid=e4119bfd-c0d4-4ccf-5502-ca21ac55f386&dv3=e4119bfd-c0d4-4ccf-5502-ca21ac55f386  (setup.exe)

1 / 68      (Adware)
http://www.winflashupdate.com/down/flash/.../down.php?sid=312&dv1=ad306-fr&kw1=ad306-fr-san&uuid=232e4b4f-de57-4264-5269-087e6054a4d7&dv3=232e4b4f-de57-4264-5269-087e6054a4d7  (setup.exe)

1 / 68      (Adware)
http://www.winflashupdate.com/down/flash/.../down.php?sid=311&dv1=ad305-ca&kw1=ad305-ca-san&uuid=47c25e51-2cf4-4a4d-40ea-10d29af17221&dv3=47c25e51-2cf4-4a4d-40ea-10d29af17221  (setup.exe)

1 / 68      (Adware)
http://www.winflashupdate.com/down/flash/.../down.php?sid=311&dv1=ad305-ca&kw1=ad305-ca-san&uuid=22fd9282-1a40-4b5a-4d5a-d527793aaa3c&dv3=22fd9282-1a40-4b5a-4d5a-d527793aaa3c  (setup.exe)

1 / 68      (Adware)
http://www.winflashupdate.com/down/flash/.../down.php?sid=311&dv1=ad305-ca&kw1=ad305-ca-san&uuid=745af421-5cf6-45b6-5149-0f31c8c87be8&dv3=745af421-5cf6-45b6-5149-0f31c8c87be8  (setup.exe)

1 / 68      (Adware)
http://www.winflashupdate.com/down/flash/.../down.php?sid=312&dv1=ad306-fr&kw1=ad306-fr-san&uuid=c47355a6-c430-45e5-7651-508e251c82e1&dv3=c47355a6-c430-45e5-7651-508e251c82e1  (setup.exe)

1 / 68      (Adware)
http://www.winflashupdate.com/down/flash/.../down.php?sid=312&dv1=ad306-fr&kw1=ad306-fr-san&uuid=95b46d66-f5ae-4740-4f0c-6bdd5d1a8405&dv3=95b46d66-f5ae-4740-4f0c-6bdd5d1a8405  (setup.exe)

1 / 68      (Adware)
http://www.winflashupdate.com/down/flash/.../down.php?sid=312&dv1=ad306-fr&kw1=ad306-fr-san&uuid=91fc8051-674e-49dc-4de4-7ed66a997683&dv3=91fc8051-674e-49dc-4de4-7ed66a997683  (setup.exe)

1 / 68      (Adware)
http://www.winflashupdate.com/down/flash/.../down.php?sid=311&dv1=ad305-ca&kw1=ad305-ca-san&uuid=1dadf351-6759-47ba-6540-4fa5f83caafc&dv3=1dadf351-6759-47ba-6540-4fa5f83caafc  (setup.exe)

1 / 68      (Adware)
http://www.winflashupdate.com/down/flash/.../down.php?sid=312&dv1=ad306-fr&kw1=ad306-fr-san&uuid=e1090a2e-f061-4ee7-7f95-2efea8b56e97&dv3=e1090a2e-f061-4ee7-7f95-2efea8b56e97  (setup.exe)

1 / 68      (Adware)
http://www.winflashupdate.com/down/flash/.../down.php?sid=311&dv1=ad305-ca&kw1=ad305-ca-san&uuid=4d338d7c-e407-4b06-54ba-1a9cb6ccd4db&dv3=4d338d7c-e407-4b06-54ba-1a9cb6ccd4db  (setup.exe)

1 / 68      (Adware)
http://www.winflashupdate.com/down/flash/.../down.php?sid=312&dv1=ad306-fr&kw1=ad306-fr-san&uuid=1a61c9e0-5cbf-4a59-5d92-9810cb12598b&dv3=1a61c9e0-5cbf-4a59-5d92-9810cb12598b  (setup.exe)

1 / 68      (Adware)
http://www.winflashupdate.com/down/flash/.../down.php?sid=311&dv1=ad305-ca&kw1=ad305-ca-san&uuid=7a3a41c6-2b1c-411f-7115-6d868403e55c&dv3=7a3a41c6-2b1c-411f-7115-6d868403e55c  (setup.exe)

1 / 68      (Adware)
http://www.winflashupdate.com/down/flash/.../down.php?sid=312&dv1=ad306-fr&kw1=ad306-fr-san&uuid=2910254e-bdc5-4622-535a-21845ad9294d&dv3=2910254e-bdc5-4622-535a-21845ad9294d  (setup.exe)

1 / 68      (Adware)
http://www.winflashupdate.com/down/flash/.../down.php?sid=310&dv1=ad304-gb&kw1=ad304-gb-san&uuid=2f98b304-754a-4101-4c40-ea88d9a73dce&dv3=2f98b304-754a-4101-4c40-ea88d9a73dce  (setup.exe)

1 / 68      (Adware)
http://www.winflashupdate.com/down/flash/.../down.php?sid=311&dv1=ad305-ca&kw1=ad305-ca-san&uuid=e0de0a97-651c-43e5-438d-b949421853d9&dv3=e0de0a97-651c-43e5-438d-b949421853d9  (setup.exe)

1 / 68      (Adware)
http://www.winflashupdate.com/down/flash/.../down.php?sid=310&dv1=ad304-gb&kw1=ad304-gb-san&uuid=6ce5135d-1811-4394-763b-a2f3d67ab7fc&dv3=6ce5135d-1811-4394-763b-a2f3d67ab7fc  (setup.exe)

0 / 68
http://www.winflashupdate.com/down/flash/.../down.php?sid=312&dv1=ad306-fr&kw1=ad306-fr-san&uuid=86d0a893-aeb2-421a-60cb-554afe5e39a2&dv3=86d0a893-aeb2-421a-60cb-554afe5e39a2  (version.txt)

1 / 68      (Adware)
http://www.winflashupdate.com/down/flash/.../down.php?sid=312&dv1=ad306-fr&kw1=ad306-fr-san&uuid=5300d6b3-d0aa-42c7-6285-e7f8d7dd6e36&dv3=5300d6b3-d0aa-42c7-6285-e7f8d7dd6e36  (setup.exe)

1 / 68      (Adware)
http://www.winflashupdate.com/down/flash/.../down.php?sid=325&dv1=ad319-it&kw1=ad319-it-san&uuid=c7712ba4-93e5-42f4-5b27-4a3ff53f86c3&dv3=c7712ba4-93e5-42f4-5b27-4a3ff53f86c3  (setup.exe)

1 / 68      (Adware)
http://www.winflashupdate.com/down/flash/.../down.php?sid=310&dv1=ad304-gb&kw1=ad304-gb-san&uuid=66347d6c-f02c-44d1-5eb6-73b4a11ce169&dv3=66347d6c-f02c-44d1-5eb6-73b4a11ce169  (setup.exe)

1 / 68      (Adware)
http://www.winflashupdate.com/down/flash/.../down.php?sid=325&dv1=ad319-it&kw1=ad319-it-san&uuid=c2c119db-2cd6-4fbd-776a-136510658355&dv3=c2c119db-2cd6-4fbd-776a-136510658355  (setup.exe)

 
Latest 30 of 52 download URLs

The following 35 files have been seen to comunicate with www.winflashupdate.com in live environments.

TCP » 69.64.147.242:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 69.64.147.242:80
pricemeter.exe (PriceMeter)

TCP » 69.64.147.242:80
ContentFinder.exe (ContentFinder by ContentFinder Software)

TCP » 69.64.147.242:80
pricemeter.exe (PriceMeter)

TCP » 69.64.147.242:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 69.64.147.242:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 69.64.147.242:80
ContentFinder.exe (ContentFinder by ContentFinder Company)

TCP » 69.64.147.242:80
pricemeter.exe (PriceMeter)

TCP » 69.64.147.242:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 69.64.147.242:80
PopiTV.exe (PopiTV)

TCP » 69.64.147.242:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 69.64.147.242:80
ContentSinder.exe (ContentSinder by ContentSinder Company)

TCP » 69.64.147.242:80
pricemeter.exe (PriceMeter)

TCP » 69.64.147.242:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 69.64.147.242:80
tmp197b.tmp.exe (HLClientUpdater by ECON)

TCP » 69.64.147.242:80
GenieCleanService.exe (Genie Cleaner by Oppoos.com)

TCP » 69.64.147.242:80
pricemeter.exe (PriceMeter)

TCP » 69.64.147.242:80
ContentFinder.exe (ContentFinder by DigitalSoftware Group)

TCP » 69.64.147.242:80
pricemeter.exe (PriceMeter)

TCP » 69.64.147.242:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

 
Latest 20 of 47 files

URL:
http://www.winflashupdate.com/

Title:
“Apeza Design”

Title (11/3/2014):
“Welcome to nginx!”

Title (10/26/2015):
“Winflashupdate.com”

Web server:
Apache

Facebook:
Shares:  1

Statistics are for the previous month.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.