clic.hexaweb.net

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain clic.hexaweb.net is registered by proxy through ENOM, INC. and was originally registered in April of 2011. Currently this domain has been known to host various forms of malware. The hosted servers are located in Roubaix, Nord-Pas-De-Calais within France which resides on the RIPE Network Coordination Centre network.
Registrar:
ENOM, INC.

Server location:
Nord-Pas-De-Calais, France (FR)

Create date:
Saturday, April 02, 2011

Expires date:
Thursday, April 02, 2020

Updated date:
Thursday, October 17, 2013

ASN:
AS16276 OVH OVH SAS,FR

Root domain:

Scanner detections:
Malware distribution  (96% detected)

Scan engine
Details
Detections

Kaspersky
Trojan-Downloader.Win32.Genome, Trojan-Dropper.MSIL.Agent, HEUR:Trojan-Downloader.Win32.Generic, not-a-virus:Downloader.NSIS.Agent
83.33%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h, TrojanDropper.MSIL.Agent, Signed-Downware.Morstar.AppsInstallerSL
70.83%

McAfee
RDN/Generic Dropper!rk, RDN/Generic Downloader.x!iy, RDN/Generic Downloader.x!il, RDN/Generic Dropper!rm, Artemis!C1E086DDC311, Artemis!B9B3160B8BE0
58.33%

Antiy Labs AVL
Trojan/Win32.Generic, Trojan[Backdoor]/Win32.ZAccess, Trojan[Downloader:not-a-virus]/Win32.Solimba.a
54.17%

Trend Micro House Call
TROJ_GEN.F47V0923, TROJ_GEN.R0CBH06I913, TROJ_GEN.R0CBH06DU14, TROJ_SPNR.3AJE13, TROJ_GEN.F47V0615, TROJ_GEN.R0CBOH0IQ13, TROJ_GEN.R047H01H713
50.00%

VIPRE Antivirus
Trojan.Win32.Generic, Trojan-Downloader.NSIS.Agent.nom, DownloadMR, Threat.4150696
50.00%

McAfee Web Gateway
RDN/Generic Dropper!rk, RDN/Generic Downloader.x!iy, Heuristic.BehavesLike.Win32.Suspicious.H, RDN/Generic Dropper!rm, BehavesLike.Win32.Trojan.gm
45.83%

Baidu Antivirus
Trojan-Dropper.MSIL.Agent, Trojan.Win32.Downloader, Trojan.MSIL.Dropper, Trojan-Downloader.Win32.Generic, Trojan.Win32.Genome
41.67%

Kingsoft AntiVirus
Win32.TrojDownloader.Genome.es.(kcloud), Win32.Troj.Undef.(kcloud), VIRUS_UNKNOWN, Win32.TrojDownloader.Genome.fa.(kcloud)
41.67%

avast!
Win32:Rootkit-gen [Rtk], Win32:Dropper-gen [Drp], Win32:Solimba-C [PUP], Win32:Malware-gen
37.50%

Dr.Web
Trojan.DownLoader9.22070, Adware.Downware.1125, Trojan.DownLoader9.62979, Trojan.DownLoader10.50355, Trojan.DownLoader9.11848, Trojan.DownLoader10.10504
33.33%

Sophos
Mal/Generic-S, DownloadMR, Solimba Installer
29.17%

Reason Heuristics
(M), PUP.AppsInstallerSL.Q, PUP.Solimba.AppsInstaller.Installer (M), PUP.Solimba.AppsInst.Bundler (M)
25.00%

Panda Antivirus
Trj/CI.A, Trj/Chgt.A, Suspicious file
25.00%

ESET NOD32
Win32/Downloader.Agent.NAN, MSIL/Solimba, Win32/Downloader.Agent.NAN potentially unsafe
25.00%

The domain clic.hexaweb.net has been seen to resolve to the following 3 IP addresses.

ns366973.ip-94-23-21.eu
March 30, 2016

ns338802.ip-178-33-228.eu
February 23, 2016

ip-169-179-143-79.static.contabo.net
January 10, 2014

File downloads found at URLs served by clic.hexaweb.net.

12 / 68    (Malware)
http://clic.hexaweb.net/.../FLV-Media-Player.exe  (1b5d69b9a7f0f95535d1c4efda36159c)

URL:
http://clic.hexaweb.net/

Web server:
Apache (PHP/5.5.33)