home

x.safe431demo.com

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain x.safe431demo.com is registered by proxy through ENOM, INC. and was originally registered in April of 2015. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Sherman Oaks, California within the United States which resides on the Unitas Global LLC network.
Registrar:
ENOM, INC.

Server location:
California, United States (US)

Create date:
Wednesday, April 22, 2015

Expires date:
Saturday, April 22, 2017

Updated date:
Wednesday, March 23, 2016

ASN:
AS17025 ABOVENET-CUSTOMER - Abovenet Communications, Inc,US

Root domain:
safe431demo.com

Whois:
2 safe431demo.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Dr.Web
Adware.Conduit.266, Adware.Searcher.2835, Adware.Compete.1, Trojan.DownLoader14.1603, Adware.Pasta.18, Adware.Downware.11240
75.00%

Malwarebytes
PUP.Optional.WebBar.A, PUP.Optional.Clara.A, PUP.Optional.SushiLeads.A, PUP.Optional.ValcanLabs.A
58.33%

Reason Heuristics
PUP.ValcanLabs.Optional.Installer.Meta (L), Threat.Installer.WebBarMedia, PUP.Installer.CLARALABSOFTWARE, PUP.WebBarMedia.Installer (M)
50.00%

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen, HEUR/QVM41.2.Malware.Gen, HEUR/QVM42.1.Malware.Gen, HEUR/QVM03.0.Malware.Gen
41.67%

VIPRE Antivirus
Rocketfuel Installer, GuppyGames, Blinkx/LeadImpact, Threat.4835506
33.33%

McAfee
Artemis!E0A27FE398F7, Artemis!4DE8801D5177, Artemis!CDF5F7A3C28C, Trojan.Artemis!BA519532AF92
33.33%

Trend Micro House Call
Suspicious_GEN.F47V0828, Suspicious_GEN.F47V0507, Suspici.F4AF8F21
25.00%

avast!
Win32:Dropper-gen [Drp], Win32:Evo-gen [Susp], Win32:Adware-gen [Adw]
25.00%

herdProtect (fuzzy)
a variant of 77643fcc58b323787f7bf0d4c08e3c49a5a92faf, a variant of 8451e6c3c7265c03ab7b329c100f8d2db9188e05
16.67%

Panda Antivirus
PUP/Clara, Generic Suspicious
16.67%

Avira AntiVirus
ADWARE/Pasta.2010417, TR/Cpete.1915232
16.67%

AVG
Generic6
16.67%

IKARUS anti.virus
PUA.Compete, AdWare.Agent
16.67%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
8.33%

Total Defense
Heur/Infostealer.ZAAP!suspicious
8.33%

The domain x.safe431demo.com has been seen to resolve to the following IP address.

198.232.125.3
3-125-232-198.static.unitasglobal.net
January 5, 2016

File downloads found at URLs served by x.safe431demo.com.

3 / 68      (PUP)
http://x.safe431demo.com/.../IM_P_SL_CA_2.5.0.2_080715.exe  (im_p_sl_us_2.5.0.2_080715.exe)

7 / 68      (PUP)
http://x.safe431demo.com/.../IM_P_SL_CA_2.5.0.0_19215.exe  (vaub36e.tmp.exe)

3 / 68      (PUP)
http://x.safe431demo.com/.../IM_US_P_SL_US_2.4.1.4_040815.exe  (awh3a44.tmp)

1 / 68      (Adware)
http://x.safe431demo.com/.../Web_Bar_Setup_2.0.5872.24386.exe  (webbar_1292015.exe)

4 / 68      (Adware)
http://x.safe431demo.com/.../Web_Bar_Setup_2.0.5582.15558_3e16a056d.exe  (web_bar_setup.exe)

7 / 68      (PUP)
http://x.safe431demo.com/.../IM_P_SL_US_2.5.0.0_150615.exe  (vaub36e.tmp.exe)

3 / 68      (PUP)
http://x.safe431demo.com/.../Rapid.exe  (setup.exe)

6 / 68      (PUP)
http://x.safe431demo.com/.../IM_US_P_SL_2.6.0.0_101015.exe  (ir_us_p_sl_2.6.0.0_101015.exe)

1 / 68      (Adware)
http://x.safe431demo.com/.../Web_Bar_Setup_2.0.5659.26749_3e16a056d.exe  (web_bar_setup.exe)

8 / 68      (PUP)
http://x.safe431demo.com/.../compete_092315003341.exe  (ba519532af9254a05d6670550e213448)

8 / 68      (PUP)
http://x.safe431demo.com/.../Bob.exe  (f3074e2a-b970-49c5-9c03-c410986d50d6.exe)

6 / 68      (PUP)
http://x.safe431demo.com/.../compete_052715230602.exe  (consumerinput19.exe)

9 / 68      (PUP)
http://x.safe431demo.com/.../RapidMedia.exe  (480.exe)

The following 14 files have been seen to comunicate with x.safe431demo.com in live environments.

TCP » 198.232.125.3:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 198.232.125.3:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 198.232.125.3:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 198.232.125.3:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 198.232.125.3:80
whatsapptime.exe

TCP » 198.232.125.3:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 198.232.125.3:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 198.232.125.3:80
browser.exe (Speed Browser by Smart Applications)

TCP » 198.232.125.3:80
browser.exe (speed browser by Smart Applications)

TCP » 198.232.125.3:80
whatsapptime.exe

TCP » 198.232.125.3:80
whatsapptime.exe

TCP » 198.232.125.3:80
internetenhancer.exe (Internet Enhancer)

TCP » 198.232.125.3:80
updatetask.exe

TCP » 198.232.125.3:80
stormwatchapp.exe

TCP » 198.232.125.3:80
ContentSinder.exe (ContentSinder by ContentSinder Company)

URL:
http://x.safe431demo.com/

Web server:
NetDNA-cache/2.2

ahlabahla97.com

brtsekure10.com

cropbrb.com

maritzcx.com

messynessychic.com

nidmag.com

nola.se

pressdisplay.com

themepunch.com

tooxclusive.com

wemearequenche.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.