This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Scottsdale, Arizona within the United States which resides on the GoDaddy.com, LLC network.
Registrar:
GoDaddy.com, LLC
Server location:
Arizona, United States (US)
ASN:
AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
Scanner detections:
Detections (98% detected)
Scan engine
Details
Detections
Reason Heuristics
PUP.InstallCore.Internet.Installer.Meta (M), PUP.installCore (M), PUP.installCore.Program.Installer.Meta (M), PUP.InstallCore.RES (M), PUP.InstallCore.AFF.Installer.Meta (M), PUP.InstallCore (M), PUP.InstallCore.AFF (M)
85.71%
VIPRE Antivirus
Threat.4788237
16.33%
ESET NOD32
Win32/InstallCore.WQ potentially unwanted application, Win32/InstallCore.ACZ potentially unwanted application, Win32/InstallCore.ADX.gen potentially unwanted application
16.33%
Dr.Web
Trojan.InstallCore.60, Trojan.InstallCore.704
12.24%
Malwarebytes
PUP.Optional.Bundle, PUP.Optional.InstallCore
8.16%
NANO AntiVirus
Riskware.Win32.InstallCore.dotkes, Riskware.Win32.InstallCore.dpfxzi, Riskware.Win32.InstallCore.dpfxza, Riskware.Win32.InstallCore.dqheru
8.16%
Comodo Security
Application.Win32.InstallCore.DSG, Application.Win32.InstallCore.DUQ, Application.Win32.InstallCore.AOP
8.16%
Zillya! Antivirus
Tool.ArchSMS.Win32.26513, Adware.Agent.Win32.80535, Adware.PullUpdate.Win32.73082, Downloader.Agent.Win32.282039
8.16%
Avira AntiVirus
PUA/InstallCo.RE, PUA/InstallCore.A.2387, W32/Ramnit.C
8.16%
Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
8.16%
G Data
Win32.Application.InstallCore.CZ, Win32.Application.InstallCore.EG
8.16%
Kaspersky
not-a-virus:Downloader.Win32.InstallMonster
6.12%
Agnitum Outpost
PUA.InstallCore, PUA.Downloader
6.12%
AhnLab V3 Security
PUP/Win32.InstallCore
6.12%
Qihoo 360 Security
HEUR/QVM06.1.Malware.Gen
6.12%
The domain www.zheateomb.info has been seen to resolve to the following 28 IP addresses.
ip-184-168-221-37.ip.secureserver.net
February 13, 2016
ec2-54-165-90-204.compute-1.amazonaws.com
January 31, 2016
ec2-52-20-94-168.compute-1.amazonaws.com
January 31, 2016
ec2-54-173-35-140.compute-1.amazonaws.com
January 31, 2016
ec2-54-236-186-201.compute-1.amazonaws.com
January 6, 2016
ec2-52-22-88-81.compute-1.amazonaws.com
January 6, 2016
ec2-107-23-41-125.compute-1.amazonaws.com
January 6, 2016
ec2-54-164-99-205.compute-1.amazonaws.com
December 17, 2015
ec2-52-7-249-141.compute-1.amazonaws.com
December 17, 2015
ec2-54-174-125-53.compute-1.amazonaws.com
December 17, 2015
ec2-52-22-183-105.compute-1.amazonaws.com
December 1, 2015
ec2-52-5-253-65.compute-1.amazonaws.com
December 1, 2015
ec2-54-209-201-192.compute-1.amazonaws.com
December 1, 2015
ec2-54-174-109-230.compute-1.amazonaws.com
October 29, 2015
ec2-52-20-157-137.compute-1.amazonaws.com
October 29, 2015
ec2-52-4-83-252.compute-1.amazonaws.com
October 6, 2015
ec2-54-210-9-221.compute-1.amazonaws.com
October 6, 2015
ec2-52-7-229-133.compute-1.amazonaws.com
October 6, 2015
ec2-54-175-54-85.compute-1.amazonaws.com
September 16, 2015
ec2-52-6-136-173.compute-1.amazonaws.com
September 16, 2015
ec2-52-0-99-229.compute-1.amazonaws.com
September 16, 2015
ec2-54-236-102-99.compute-1.amazonaws.com
July 16, 2015
ec2-54-208-101-252.compute-1.amazonaws.com
July 7, 2015
ec2-52-5-229-114.compute-1.amazonaws.com
July 1, 2015
ec2-54-174-238-204.compute-1.amazonaws.com
June 26, 2015
ec2-54-152-20-135.compute-1.amazonaws.com
June 19, 2015
ec2-52-7-153-102.compute-1.amazonaws.com
May 28, 2015
ec2-52-0-246-198.compute-1.amazonaws.com
May 7, 2015
File downloads found at URLs served by www.zheateomb.info.
The following 15 files have been seen to comunicate with www.zheateomb.info in live environments.
URL:
http://www.zheateomb.info/
Web server:
Microsoft-IIS/7.5 (ASP.NET) (Version: 4.0.30319)