The domain d.webshieldonline.com is registered by proxy through GODADDY.COM, LLC and was originally registered in September of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dulles, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).
Registrant:
Domains By Proxy, LLC
Registrar:
GODADDY.COM, LLC
Server location:
Virginia, United States (US)
Create date:
Tuesday, September 10, 2013
Expires date:
Saturday, September 10, 2016
Updated date:
Thursday, September 10, 2015
ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US
Scanner detections:
Detections (91% detected)
Scan engine
Details
Detections
Reason Heuristics
PUP.Softdelu.Installer (M), PUP.Installer.ParallelLinesDevelopment.F, PUP.Installer.ParallelLinesDevelopment.CC, PUP.Installer.Outbrowse, PUP.Injekt.ParallelLinesDevelopment.Installer (M), PUP.Injekt.Parallel.Installer (M)
100.00%
Dr.Web
Adware.Plugin.128, Adware.Downware.2081
57.14%
Malwarebytes
PUP.Optional.InternetUpdater.A, PUP.Optional.WebShield, PUP.Optional.MultiExtension.A, PUP.Optional.OutBrowse
52.38%
Agnitum Outpost
PUA.PullUpdate, PUA.OutBrowse
42.86%
VIPRE Antivirus
Adware.Win32.SaMon, Threat.4872425, Threat.4784459
33.33%
ESET NOD32
MSIL/Adware.PullUpdate
33.33%
McAfee
Artemis!E788D6465D51, Artemis!20CA9FC162BC, Artemis!ECA82EE1E581, Artemis!5390E987C579, Artemis!E1A777A98AC3, Program.Adware-OutBrowse.a
28.57%
Vba32 AntiVirus
TScope.Trojan.MSIL
28.57%
Kaspersky
not-a-virus:AdWare.Win32.SaMon, not-a-virus:AdWare.Win32.OutBrowse
28.57%
Trend Micro House Call
TROJ_GEN.F47V1225, TROJ_GE.0C72B010, TROJ_GEN.F47V0325, TROJ_GE.05C4FC3B
23.81%
K7 AntiVirus
Unwanted-Program , Adware
23.81%
Comodo Security
ApplicUnwnt
23.81%
Sophos
Generic PUA JF, Generic PUA LL, PUA 'OutBrowse Revenyou'
23.81%
Fortinet FortiGate
Adware/SaMon
19.05%
Qihoo 360 Security
Win32/Trojan.Adware.fb2, Win32/Trojan.Adware.988
14.29%
The domain d.webshieldonline.com has been seen to resolve to the following 124 IP addresses.
server-52-85-131-216.iad53.r.cloudfront.net
August 8, 2016
server-52-85-131-171.iad53.r.cloudfront.net
August 8, 2016
server-52-85-131-141.iad53.r.cloudfront.net
August 8, 2016
server-52-85-131-75.iad53.r.cloudfront.net
August 8, 2016
server-52-85-131-38.iad53.r.cloudfront.net
August 3, 2016
server-52-85-131-28.iad53.r.cloudfront.net
August 3, 2016
server-52-85-131-14.iad53.r.cloudfront.net
August 3, 2016
server-52-85-131-211.iad53.r.cloudfront.net
August 3, 2016
server-52-85-131-174.iad53.r.cloudfront.net
August 3, 2016
server-52-85-131-159.iad53.r.cloudfront.net
August 3, 2016
server-52-85-131-154.iad53.r.cloudfront.net
August 3, 2016
server-52-85-131-145.iad53.r.cloudfront.net
August 3, 2016
server-52-85-131-196.iad53.r.cloudfront.net
July 14, 2016
server-52-85-131-136.iad53.r.cloudfront.net
July 14, 2016
server-52-85-131-20.iad53.r.cloudfront.net
July 14, 2016
server-52-85-131-237.iad53.r.cloudfront.net
July 14, 2016
server-52-85-131-212.iad53.r.cloudfront.net
July 14, 2016
server-52-85-131-208.iad53.r.cloudfront.net
July 14, 2016
server-52-85-131-113.iad53.r.cloudfront.net
June 19, 2016
server-52-85-131-110.iad53.r.cloudfront.net
June 19, 2016
server-52-85-131-90.iad53.r.cloudfront.net
June 19, 2016
server-52-85-131-8.iad53.r.cloudfront.net
June 19, 2016
server-52-85-131-222.iad53.r.cloudfront.net
June 19, 2016
server-52-85-131-189.iad53.r.cloudfront.net
June 19, 2016
server-52-85-131-29.iad53.r.cloudfront.net
May 20, 2016
server-52-85-131-23.iad53.r.cloudfront.net
May 20, 2016
server-52-85-131-19.iad53.r.cloudfront.net
May 20, 2016
server-52-85-131-15.iad53.r.cloudfront.net
May 20, 2016
server-52-85-131-249.iad53.r.cloudfront.net
May 20, 2016
server-52-85-131-102.iad53.r.cloudfront.net
May 20, 2016
Showing 30 of 124 IP Addresses
File downloads found at URLs served by d.webshieldonline.com.
The following 54 files have been seen to comunicate with d.webshieldonline.com in live environments.
URL:
http://d.webshieldonline.com/
Network:
Amazon Cloudfront