» 68174.get-wn.net
Overview
Analysis
IPs Addresses (1)
Downloads (3)
Website Detail
Related Domains (5)

68174.get-wn.net

Starline Alliance LTD.

Domain Information

The domain 68174.get-wn.net registered by Starline Alliance LTD. was initially registered in September of 2014 through PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Amsterdam, Noord-Holland within Netherlands which resides on the DFW Internet Services, Inc. network.

Registrant:

Starline Alliance LTD.

Registrar:

PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

Server location:

Noord-Holland, Netherlands (NL)

Create date:

Monday, September 22, 2014

Expires date:

Tuesday, September 22, 2015

Updated date:

Monday, September 22, 2014

ASN:

AS35415 WEBAZILLA Webazilla B.V.,NL

Root domain:

get-wn.net

Whois:

1 get-wn.net record

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

Dr.Web

Trojan.Packed.29217

100.00%

VIPRE Antivirus

Trojan.Win32.Generic, Threat.4150696, Winner Solutions

100.00%

Bitdefender

Gen:Variant.Graftor.162037, Gen:Variant.Kazy.473220

100.00%

F-Secure

Gen:Variant.Graftor.162037, Gen:Variant.Kazy.473220

100.00%

Avira AntiVirus

APPL/Downloader.Gen4, TR/Kazy.2297856

100.00%

G Data

Gen:Variant.Graftor.162037, Gen:Variant.Kazy.473220

100.00%

ESET NOD32

Win32/bmMedia.DN (variant), Win32/bmMedia.EI

100.00%

AVG

Downloader, Win.Threat.Medium, Generic

100.00%

Reason Heuristics

PUP.SOFTON.h, PUP.Installer.SAASMIKRO.N

100.00%

avast!

Win32:Dropper-gen [Drp]

66.67%

Lavasoft Ad-Aware

Gen:Variant.Graftor.162037

66.67%

Emsisoft Anti-Malware

Gen:Variant.Graftor.162037

66.67%

F-Prot

W32/A-f5ab4d7a

66.67%

Qihoo 360 Security

Malware.QVM20.Gen

33.33%

MicroWorld eScan

Gen:Variant.Kazy.473220

33.33%

The domain 68174.get-wn.net has been seen to resolve to the following IP address.

206.54.164.237

November 2, 2014

File downloads found at URLs served by 68174.get-wn.net.

16 / 68 (Adware)

http://68174.get-wn.net/?id=tfe04&nor=1&sub=10446&name=UltraIS (ultrais_85rru.exe)

13 / 68 (Adware)

http://68174.get-wn.net/?id=tfe04&nor=1&sub=10223&name=wolfteamkarakterhackveenvanterhac (wolfteamkarakterhackveenvanterhac_04x6h.exe)

13 / 68 (Adware)

http://68174.get-wn.net/?id=tfe04&nor=1&sub=10223&name=wolfteamkarakterhackveenvanterhac (wolfteamkarakterhackveenvanterhac_17alt.exe)

URL:

http://68174.get-wn.net/

Google Analytics:

UA-37292325

Title:

“DownloadFileSetup downloading...”

Web server:

nginx (PHP/5.3.10-1ubuntu3.9)

Related Domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.