cf.baixaki.com.br

Financeiro GrupoNZN

Domain Information

This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in San Jose, California within the United States which resides on the RIPE Network Coordination Centre network.
Server location:
California, United States (US)

ASN:
AS36351 SOFTLAYER - SoftLayer Technologies Inc.,US

Root domain:

Scanner detections:
Detections  (98% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.NOZEBRANETWORKA.w, PUP.InstallCore.g, PUP.InstallCore.?, PUP.Bundler.InstallCore, PUP.InstallCore.Bundler (M), PUP.InstallCore (M), PUP.installCore.NOZEBRANETWORKA (M), PUP.installCore.NOZEBRAN (M), PUP.installCore (M)
82.22%

F-Prot
W32/InstallCore.R2.gen, W32/InstallCore.R3.gen, W32/InstallCore.R4.gen, W32/InstallCore.R.gen
64.44%

SUPERAntiSpyware
Trojan.Agent/Gen-Hupigon, PUP.InstallCore/Variant
60.00%

Dr.Web
Adware.InstallCore.107, Adware.InstallCore.122, Adware.InstallCore.107, Adware.InstallCore.122
60.00%

ESET NOD32
Win32/InstallCore.BL, Win32/InstallCore.BL potentially unwanted
60.00%

IKARUS anti.virus
Backdoor.Hupigon, SoftwareBundler
57.78%

Comodo Security
Application.Win32.InstallCore.AB, ApplicUnwnt
55.56%

VIPRE Antivirus
InstallCore, Trojan.Win32.Generic
53.33%

Avira AntiVirus
Adware/Installco.AB, Adware/InstallBai.A, Adware/InstallCo.AB
53.33%

Trend Micro House Call
TROJ_GEN.RCBOHEM, TROJ_GEN.R0CBH01H613, TROJ_SPNV.03L313, TROJ_SPNR.3CJ313, TROJ_GEN.R0CCH01H313, TROJ_GEN.RCBOHEQ, TROJ_GEN.R0CBH01H513
51.11%

McAfee
Artemis!97062BF3C3EA, Artemis!1917384DE553, RDN/Generic PUP.x!bqs, Artemis!7CFBBAD8B62B, Artemis!16A40890B357, Artemis!A97203467EE7, Artemis!21F37AAC998E, Artemis!464D1EC78192, Artemis!D539F43C3204, Artemis!534D68F107C0, Artemis!A356CCA1887D, Artemis!C1D6FD5CE2E4
46.67%

Microsoft Security Essentials
SoftwareBundler:Win32/DealPly
44.44%

McAfee Web Gateway
Artemis!97062BF3C3EA, Artemis!1917384DE553, RDN/Generic PUP.x!bqs, Artemis!7CFBBAD8B62B, Artemis!16A40890B357, Artemis!PUP
44.44%

Sophos
Generic PUA AO, Generic PUA MM, Generic PUA MF, Generic PUA JD, Generic PUA HO, Generic PUA AE, Generic PUA MC, Generic PUA AK (PUA)
40.00%

Rising Antivirus
PE:Malware.InstallCore!6.4
40.00%

The domain cf.baixaki.com.br has been seen to resolve to the following 3 IP addresses.

5d.75.2da9.ip4.static.sl-reverse.com
May 18, 2016

107.154.112.89.ip.incapdns.net
May 16, 2016

107.154.113.89.ip.incapdns.net
May 16, 2016

File downloads found at URLs served by cf.baixaki.com.br.

1 / 68      (Adware)

17 / 68    (Adware)

1 / 68      (Adware)

28 / 68    (Adware)

10 / 68    (PUP)

1 / 68      (Adware)

26 / 68    (PUP)

1 / 68      (Adware)

1 / 68      (Adware)

16 / 68    (PUP)

4 / 68      (PUP)

1 / 68      (Adware)
http://cf.baixaki.com.br/programas/.../need-for-speed-underground-2-demo-baixaki-32-bits.exe  (icreinstall_need-for-speed-underground-2-demo-baixaki-32-bits.exe)

1 / 68      (Adware)

4 / 68      (Adware)

1 / 68      (Adware)

6 / 68      (PUP)

1 / 68      (Adware)
http://cf.baixaki.com.br/programas/.../free-cd-to-mp3-converter-46-build-20130427-baixaki-32-bits.exe  (icreinstall_free-cd-to-mp3-converter-46-build-20130427-baixaki-32-bits.exe)

20 / 68    (PUP)

1 / 68      (Adware)

24 / 68    (Adware)
http://cf.baixaki.com.br/programas/.../ares-galaxy-224-baixaki-32-bits.exe  (icreinstall_ares-galaxy-224-baixaki-32-bits.exe)

11 / 68    (PUP)

4 / 68      (Adware)

12 / 68    (PUP)

 
Latest 30 of 46 download URLs

The following 7 files have been seen to comunicate with cf.baixaki.com.br in live environments.