home

cf.baixaki.com.br

Financeiro GrupoNZN

Domain Information

This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in San Jose, California within the United States which resides on the RIPE Network Coordination Centre network.
Server location:
California, United States (US)

ASN:
AS36351 SOFTLAYER - SoftLayer Technologies Inc.,US

Root domain:
baixaki.com.br

Whois:
2 baixaki.com.br records

Scanner detections:
Detections  (98% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.NOZEBRANETWORKA.w, PUP.InstallCore.g, PUP.InstallCore.?, PUP.Bundler.InstallCore, PUP.InstallCore.Bundler (M), PUP.InstallCore (M), PUP.installCore.NOZEBRANETWORKA (M), PUP.installCore.NOZEBRAN (M), PUP.installCore (M)
82.22%

F-Prot
W32/InstallCore.R2.gen, W32/InstallCore.R3.gen, W32/InstallCore.R4.gen, W32/InstallCore.R.gen
64.44%

SUPERAntiSpyware
Trojan.Agent/Gen-Hupigon, PUP.InstallCore/Variant
60.00%

Dr.Web
Adware.InstallCore.107, Adware.InstallCore.122, Adware.InstallCore.107, Adware.InstallCore.122
60.00%

ESET NOD32
Win32/InstallCore.BL, Win32/InstallCore.BL potentially unwanted
60.00%

IKARUS anti.virus
Backdoor.Hupigon, SoftwareBundler
57.78%

Comodo Security
Application.Win32.InstallCore.AB, ApplicUnwnt
55.56%

VIPRE Antivirus
InstallCore, Trojan.Win32.Generic
53.33%

Avira AntiVirus
Adware/Installco.AB, Adware/InstallBai.A, Adware/InstallCo.AB
53.33%

Trend Micro House Call
TROJ_GEN.RCBOHEM, TROJ_GEN.R0CBH01H613, TROJ_SPNV.03L313, TROJ_SPNR.3CJ313, TROJ_GEN.R0CCH01H313, TROJ_GEN.RCBOHEQ, TROJ_GEN.R0CBH01H513
51.11%

McAfee
Artemis!97062BF3C3EA, Artemis!1917384DE553, RDN/Generic PUP.x!bqs, Artemis!7CFBBAD8B62B, Artemis!16A40890B357, Artemis!A97203467EE7, Artemis!21F37AAC998E, Artemis!464D1EC78192, Artemis!D539F43C3204, Artemis!534D68F107C0, Artemis!A356CCA1887D, Artemis!C1D6FD5CE2E4
46.67%

Microsoft Security Essentials
SoftwareBundler:Win32/DealPly
44.44%

Sophos
Generic PUA AO, Generic PUA MM, Generic PUA MF, Generic PUA JD, Generic PUA HO, Generic PUA AE, Generic PUA MC, Generic PUA AK (PUA)
40.00%

Rising Antivirus
PE:Malware.InstallCore!6.4
40.00%

K7 AntiVirus
Unwanted-Program , Trojan
33.33%

The domain cf.baixaki.com.br has been seen to resolve to the following 3 IP addresses.

169.45.117.93
5d.75.2da9.ip4.static.sl-reverse.com
May 18, 2016

107.154.112.89
107.154.112.89.ip.incapdns.net
May 16, 2016

107.154.113.89
107.154.113.89.ip.incapdns.net
May 16, 2016

File downloads found at URLs served by cf.baixaki.com.br.

1 / 68      (Adware)
http://cf.baixaki.com.br/programas/.../megacubo-1026-baixaki-32-bits.exe  (6921b8bd9ec3a11157bfeaf015d31579)

15 / 68    (Adware)
http://cf.baixaki.com.br/programas/.../windows-movie-maker-2-creativity-fun-pack-baixaki-32-bits.exe  (icreinstall_photoscape-363-baixaki-32-bits.exe)

23 / 68    (PUP)
http://cf.baixaki.com.br/programas/.../free-youtube-to-mp3-converter-311371212-baixaki-32-bits.exe  (3e4a4f25521f18dfb103fcb038978e61)

19 / 68    (PUP)
http://cf.baixaki.com.br/programas/.../free-youtube-download-31411201-baixaki-32-bits.exe  (7bed2fb780e2e4e798e2dffb98384be8)

1 / 68      (Adware)
http://cf.baixaki.com.br/programas/.../android-studio-01-preview-baixaki-32-bits.exe  (4e7f604b00a16bf11a997fffcee93c8a)

25 / 68    (Adware)
http://cf.baixaki.com.br/programas/.../vlc-media-player-206-baixaki-32-bits.exe  (fa0f085935cd3cc7f9af8e2eb32d6f57)

10 / 68    (PUP)
http://cf.baixaki.com.br/programas/.../everest-ultimate-edition-550-baixaki-32-bits.exe  (864efdb3a2e6090ca82f7deba519081d)

1 / 68      (Adware)
http://cf.baixaki.com.br/programas/.../cartoon-yourself-14-baixaki-32-bits.exe  (4b262b20f3e78fbfe49f3ad75974662f)

23 / 68    (PUP)
http://cf.baixaki.com.br/programas/.../emule-050a-final-baixaki-32-bits.exe  (58bb941c210a34e65b968634b242181d)

1 / 68      (Adware)
http://cf.baixaki.com.br/programas/.../free-tube-finder-491-baixaki-32-bits.exe  (cd709ab58b8ae9b93702092d1767c3a2)

1 / 68      (Adware)
http://cf.baixaki.com.br/programas/.../mp3-cutter-111-baixaki-32-bits.exe  (d239621c7493c8d62e49bbfb80fde26b)

18 / 68    (PUP)
http://cf.baixaki.com.br/programas/.../minitool-power-data-recovery-free-edition-660-baixaki-32-bits.exe  (9f3529a355959e342da60d6b38ed4ecb)

14 / 68    (PUP)
http://cf.baixaki.com.br/programas/.../k-lite-codec-pack-full-990-baixaki-32-bits.exe  (d539f43c32049d0f09ea7e0f46ba49ea)

4 / 68      (PUP)
http://cf.baixaki.com.br/programas/.../messenger-plus--for-skype-180-baixaki-32-bits.exe  (22fdf74ed77739971ee7b3aeca8a9f2a)

1 / 68      (Adware)
http://cf.baixaki.com.br/programas/.../need-for-speed-underground-2-demo-baixaki-32-bits.exe  (icreinstall_need-for-speed-underground-2-demo-baixaki-32-bits.exe)

1 / 68      (Adware)
http://cf.baixaki.com.br/programas/.../deadly-race--baixaki-32-bits.exe  (f680ea14abc833aa25de23b9e236b4a5)

4 / 68      (Adware)
http://cf.baixaki.com.br/programas/.../dvd-x-studios-clonedvd-5612-baixaki-32-bits.exe  (297fd9d4c5fa37231aebd5198a6eb161)

1 / 68      (Adware)
http://cf.baixaki.com.br/programas/.../mp3-rocket-623-baixaki-32-bits.exe  (1101ecefc6fe70b83d70cb7be4a615f9)

6 / 68      (PUP)
http://cf.baixaki.com.br/programas/.../dosvox-44-baixaki-32-bits.exe  (e0244172367127f86275cb00333a8eb9)

1 / 68      (Adware)
http://cf.baixaki.com.br/programas/.../free-cd-to-mp3-converter-46-build-20130427-baixaki-32-bits.exe  (icreinstall_free-cd-to-mp3-converter-46-build-20130427-baixaki-32-bits.exe)

16 / 68    (PUP)
http://cf.baixaki.com.br/programas/.../media-player-classic--home-cinema-1677114-baixaki-32-bits.exe  (89a6e96708f381188041a5cc08f350c8)

19 / 68    (PUP)
http://cf.baixaki.com.br/programas/.../msn-messenger-2011-1543555308-baixaki-32-bits.exe  (99ee5cdc7333f21200b187375e007536)

18 / 68    (PUP)
http://cf.baixaki.com.br/programas/.../grand-theft-auto-san-andreas-patch-101-baixaki-32-bits.exe  (91535e752eed6b5b68cd5198144620b9)

17 / 68    (PUP)
http://cf.baixaki.com.br/programas/.../mozilla-firefox-210-baixaki-32-bits.exe  (ae64ff7a9602a67e09ce676baf688ee2)

1 / 68      (Adware)
http://cf.baixaki.com.br/programas/.../audio-recorder-for-free-2009-1196-baixaki-32-bits.exe  (6978e342074893df2030ec4bd5151a21)

22 / 68    (Adware)
http://cf.baixaki.com.br/programas/.../ares-galaxy-224-baixaki-32-bits.exe  (icreinstall_ares-galaxy-224-baixaki-32-bits.exe)

11 / 68    (PUP)
http://cf.baixaki.com.br/programas/.../nero-burning-rom-12501100-baixaki-32-bits.exe  (bd7c5056cff9910a583e5ec36a30424c)

22 / 68    (PUP)
http://cf.baixaki.com.br/programas/.../windows-media-player-11-final-baixaki-32-bits.exe  (464d1ec7819290f4adeb7b79b44ef587)

4 / 68      (Adware)
http://cf.baixaki.com.br/programas/.../mp3-to-wav-converter-26-baixaki-32-bits.exe  (2ded0c63d2872ab574a29e09e1604551)

11 / 68    (PUP)
http://cf.baixaki.com.br/programas/.../superantispyware-free-561016-baixaki-32-bits.exe  (534d68f107c0d0e6cb730eea52066d5b)

 
Latest 30 of 46 download URLs

The following 7 files have been seen to comunicate with cf.baixaki.com.br in live environments.

TCP » 107.154.113.89:443
citrio.exe (Citrio by CatalinaGroup)

TCP » 169.45.117.93:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 107.154.112.89:443
citrio.exe (Citrio by CatalinaGroup)

TCP » 169.45.117.93:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 169.45.117.93:80
browser.exe (Speed Browser by Smart Applications)

TCP » 169.45.117.93:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 169.45.117.93:80
webbrowser.exe (CrossBrowser by The CrossBrowser Authors)

TCP » 169.45.117.93:80
internetenhancer.exe (Internet Enhancer)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.