home

catalinahub.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain catalinahub.com is registered by proxy through GODADDY.COM, LLC and was originally registered in March of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Tampa, Florida within the United States which resides on the NOC4Hosts Inc. network.
Registrar:
GODADDY.COM, LLC

Server location:
Florida, United States (US)

Create date:
Friday, March 15, 2013

Expires date:
Thursday, March 15, 2018

Updated date:
Friday, October 10, 2014

ASN:
AS29802 HVC-AS - HIVELOCITY VENTURES CORP

Whois:
3 catalinahub.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Catalina (M)
100.00%

The domain catalinahub.com has been seen to resolve to the following 3 IP addresses.

95.211.171.200
May 21, 2015

162.252.82.211
162-252-82-211.static.hvvc.us
May 1, 2014

199.193.116.231
199-193-116-231.static.hvvc.us
December 29, 2013

File downloads found at URLs served by catalinahub.com.

1 / 68      (PUP)
http://catalinahub.com/.../install?app=92F8A219-E740-49D5-B785-B962AD819724&placement=default_landing  (citriosetup.exe)

1 / 68      (PUP)
http://catalinahub.com/.../install?app=92F8A219-E740-49D5-B785-B962AD819724&subId=MTIzNTl8MzQ1NzB8TlB8M3wxfA|4462dc9a9aac8390060f73eb786ae6b4&channelId=1&placement=12359  (citriosetup.exe)

1 / 68      (PUP)
http://catalinahub.com/.../install?app=92F8A219-E740-49D5-B785-B962AD819724&subId=MTIzNTl8MzQ1NzF8VUF8M3wxfA|4462dc9a9aac8390060f73eb786ae6b4&channelId=1&placement=12359  (citriosetup.exe)

1 / 68      (PUP)
http://catalinahub.com/.../install?app=92F8A219-E740-49D5-B785-B962AD819724&channelId=1&placement=4sh_paid  (citriosetup.exe)

1 / 68      (PUP)
http://catalinahub.com/.../install?app=92F8A219-E740-49D5-B785-B962AD819724&subId=MjE3IzEzNDUjMTA2IzM5NjN8MTA5NjF8Tkx8fHx8&channelId=1&placement=citrio_website  (citriosetup.exe)

1 / 68      (PUP)
http://catalinahub.com/.../install?app=92F8A219-E740-49D5-B785-B962AD819724&subId=MjE3IzEzNDUjMTA2IzM5NjN8MTA5NjF8Tkx8fHx8fA&channelId=1&placement=citrio_website  (citriosetup.exe)

1 / 68      (PUP)
http://catalinahub.com/.../H2A8H5F1?redirect=false  (citriosetup.exe)

1 / 68      (PUP)
http://catalinahub.com/.../install?app=92F8A219-E740-49D5-B785-B962AD819724&subId=MTIzNTl8OTEwNTF8SVF8MXwxfHw|14e934e7013c33478dcd571a583e5778-9118-34884|5d35c530-0b12-11e5-9c67-f8bc12538e48&channelId=1&placement=4sh_outdate  (citriosetup.exe)

The following 2 files have been seen to comunicate with catalinahub.com in live environments.

TCP » 162.252.82.211:443
catalinacrashhandler.exe (CatalinaGroup Update by Catalina Group)

TCP » 199.193.116.231:80
catalinacrashhandler.exe (CatalinaGroup Update by Catalina Group)

TCP » 199.193.116.231:443
catalinacrashhandler.exe (CatalinaGroup Update by Catalina Group)

URL:
http://catalinahub.com/

Title:
“Catalina group”

SSL certificate subject:
E=webmaster@catalinahub.com, CN=www.catalinahub.com, C=UA

SSL certificate issuer:
CN=StartCom Class 1 Primary Intermediate Server CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Web server:
Apache/2.2.17 (CentOS)

elearnsecurity.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.