home

d.exfriendalert.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain d.exfriendalert.com is registered by proxy through GODADDY.COM, LLC and was originally registered in November of 2012. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Scottsdale, Arizona within the United States which resides on the GoDaddy.com, LLC network.
Registrar:
GODADDY.COM, LLC

Server location:
Arizona, United States (US)

Create date:
Saturday, November 17, 2012

Expires date:
Thursday, November 17, 2016

Updated date:
Wednesday, November 18, 2015

ASN:
AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC,US

Root domain:
exfriendalert.com

Whois:
2 exfriendalert.com records

Scanner detections:
Detections  (94% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.CloudCanvas.F, PUP.Installer.GenTechnologiesApps.F, PUP.CloudCanvas.Installer (M), PUP.Bundlore.Bundler (M)
100.00%

Comodo Security
Heur.Suspicious
56.25%

Dr.Web
Adware.Plugin.36, Threat.Undefined, Adware.Yontoo.55
50.00%

Trend Micro House Call
TROJ_GEN.F47V0725, TROJ_GEN.F47V0205, TROJ_GEN.F47V0726, TROJ_GEN.F47V0925, TROJ_GE.3630F48E, TROJ_GEN.F47V0329
37.50%

ESET NOD32
Win32/InstallMonetizer.AN, Win32/ExFriendAlert
37.50%

VIPRE Antivirus
Conduit, Threat.4784449, Threat.4150696
25.00%

avast!
Win32:BHO-AMO [PUP]
18.75%

McAfee
Artemis!3BDE17284F11, Artemis!93B26FE36BB8
12.50%

Malwarebytes
PUP.Optional.ExFriendAlert.A
12.50%

ESET NOD32
Win32/ExFriendAlert.B potentially unwanted application, Win32/ExFriendAlert.A potentially unwanted application
12.50%

K7 AntiVirus
Unwanted-Program , Trojan
12.50%

IKARUS anti.virus
AdWare.Win32.ExFriendAlert, PUA.ExFriendAlert
12.50%

Bkav FE
W32.Clode71.Trojan
6.25%

Panda Antivirus
PUP/Conduit.A
6.25%

NANO AntiVirus
Trojan.Win32.ExFriendAlert.deiobm
6.25%

The domain d.exfriendalert.com has been seen to resolve to the following IP address.

184.168.221.72
ip-184-168-221-72.ip.secureserver.net
April 14, 2014

File downloads found at URLs served by d.exfriendalert.com.

1 / 68      (Adware)
http://d.exfriendalert.com/ExFriendAlert/452/.../Setup.exe  (8e7eeb6566dddc8dbd2b62e5ce2f92b2)

5 / 68      (Adware)
http://d.exfriendalert.com/ExFriendAlert/451/.../Setup.exe  (bc089646237706b1cfecacf9b3efb07f)

1 / 68      (Adware)
http://d.exfriendalert.com/ExFriendAlert/449/.../Setup.exe  (6879e80e0484017b4e7a46d5c7e696f5)

1 / 68      (Adware)
http://d.exfriendalert.com/ExFriendAlert/447/.../Setup.exe  (0e8280bb9925a2f0b703e8e023231408)

6 / 68      (Adware)
http://d.exfriendalert.com/ExFriendAlert/451/.../Setup.exe  (18ac825ca3626b2174fe2109bfaf89e2)

1 / 68      (Adware)
http://d.exfriendalert.com/ExFriendAlert/455/.../Setup.exe  (6ba3fe94844b98c991c84bbb2d17a664)

2 / 68      (Adware)
http://d.exfriendalert.com/ExFriendAlert/446/.../Setup.exe  (d2edb346507ac43da5075020a37e11d7)

11 / 68    (Adware)
http://d.exfriendalert.com/ExFriendAlert/453/.../Setup.exe  (3ed2319faca0fb839be574e21dcec44f)

2 / 68      (Adware)
http://d.exfriendalert.com/ExFriendAlert/451/.../Setup.exe  (1bf80462ea672b88f06753f847ec0769)

5 / 68      (Adware)
http://d.exfriendalert.com/ExFriendAlert/451/.../Setup.exe  (0f02fe5f92205fe114d5a473d84f9c5d)

9 / 68      (PUP)
http://d.exfriendalert.com/ExFriendAlert/446/.../Setup.exe  (5461afed60ff50acd34cde68140fda28)

2 / 68      (Adware)
http://d.exfriendalert.com/ExFriendAlert/300/.../Setup.exe  (32d25f61c4606446b3403715abd968c4)

2 / 68      (Adware)
http://d.exfriendalert.com/ExFriendAlert/446/.../Setup.exe  (843ccc6d38aced1125a41f4facd829a6)

10 / 68    (Adware)
http://d.exfriendalert.com/ExFriendAlert/447/.../Setup.exe  (93b26fe36bb896aaa533c132c7286ce8)

7 / 68      (Adware)
http://d.exfriendalert.com/ExFriendAlert/452/.../Setup.exe  (3bde17284f11296cb341d06e749937c3)

4 / 68      (Adware)
http://d.exfriendalert.com/ExFriendAlert/447/.../Setup.exe  (61ddee675d2ec15fc6dfd6269bf15ff1)

0 / 68
http://d.exfriendalert.com/ExFriendAlert/451/.../Setup.exe  (b256d97fbb697428b7a1286ea33539c0)

0 / 68
http://d.exfriendalert.com/ExFriendAlert/451/.../Setup.exe  (b256d97fbb697428b7a1286ea33539c0)

0 / 68
http://d.exfriendalert.com/ExFriendAlert/447/.../Setup.exe  (b256d97fbb697428b7a1286ea33539c0)

The following 6 files have been seen to comunicate with d.exfriendalert.com in live environments.

TCP » 184.168.221.72:80
produpd.exe (produpd.exe by Vested Development, Inc)

TCP » 184.168.221.72:443
translategenius.crx

TCP » 184.168.221.72:443
translategenius.crx

TCP » 184.168.221.72:443
translategenius.crx

TCP » 184.168.221.72:443
translategenius.crx

TCP » 184.168.221.72:80
UCBrowser.exe (UC Browser by UCWeb)

URL:
http://d.exfriendalert.com/

Web server:
Microsoft-IIS/7.5 (ASP.NET) (Version: 4.0.30319)

evprczn.com

photoriga.com

quickbrowser.net

ultimate-torrent.com

ussool.info

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.