home

dl.winfixprofessionals.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain dl.winfixprofessionals.com is registered by proxy through GODADDY.COM, LLC and was originally registered in December of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Phoenix, Arizona within the United States which resides on the Highwinds Network Group, Inc. network.
Registrar:
GODADDY.COM, LLC

Server location:
Arizona, United States (US)

Create date:
Thursday, December 4, 2014

Expires date:
Sunday, December 4, 2016

Updated date:
Saturday, April 18, 2015

ASN:
AS20446 HIGHWINDS3 - Highwinds Network Group, Inc.,US

Root domain:
winfixprofessionals.com

Whois:
1 winfixprofessionals.com record

Scanner detections:
Detections  (89% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Optional.IMALINIMEDIATD, PUP.Optional.Installer, Threat.IMALI.Installer, PUP.IMALI.Installer, PUP.IMALI.IMALINIMEDIATD.Installer (M)
77.78%

Baidu Antivirus
PUA.Win32.ReImageRepair, Adware.Win32.Genome
66.67%

Dr.Web
Program.Unwanted.228, riskware program Program.Unwanted.455, is riskware program Program.Unwanted.228
55.56%

ESET NOD32
Win32/ReImageRepair.F potentially unwanted
55.56%

McAfee
Artemis!5DD3394EFD0E, Artemis!E4B7D8DF7267, Artemis!597BA3183C0B, Artemis!65DD15B5F30E
55.56%

Trend Micro House Call
Suspicious_GEN.F47V0210
44.44%

IKARUS anti.virus
PUA.ReImageRepair
44.44%

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
44.44%

Vba32 AntiVirus
AdWare.MSIL.OutBrowse
44.44%

Bkav FE
W32.HfsAdware
44.44%

AVG
Generic
33.33%

ESET NOD32
Win32/ReImageRepair.F potentially unwanted application, Win32/Adware.WinFix.B application
22.22%

Fortinet FortiGate
Riskware/ReImageRepair
22.22%

Kaspersky
Trojan-Downloader.Win32.Genome
11.11%

ViRobot
Trojan.Win32.A.Downloader.411333[h]
11.11%

The domain dl.winfixprofessionals.com has been seen to resolve to the following IP address.

205.185.208.80
vip080.ssl.hwcdn.net
January 5, 2016

File downloads found at URLs served by dl.winfixprofessionals.com.

9 / 68      (PUP)
http://dl.winfixprofessionals.com/.../WinFixProSetup.exe  (adv_77.exe)

12 / 68    (Adware)
http://dl.winfixprofessionals.com/.../WinFixProPackage1816.exe  (WinFixProPackage.exe)

1 / 68      (inconclusive)
http://dl.winfixprofessionals.com/.../WinFixProSetup.exe  (02ce8133c59d3fd39108f241f3fa1100)

10 / 68    (Adware)
http://dl.winfixprofessionals.com/.../WinFixProPackage1811.exe  (WinFixProPackage.exe)

6 / 68      (Adware)
http://dl.winfixprofessionals.com/.../WinFixPro.exe  (winfixprotemp.exe)

12 / 68    (Adware)
http://dl.winfixprofessionals.com/.../WinFixProPackage1816x64.exe  (WinFixProPackage.exe)

1 / 68      (Adware)
http://dl.winfixprofessionals.com/.../WinFixPro.exe  (d399c9eb0c54a1423ae859dac42602b6)

9 / 68      (Adware)
http://dl.winfixprofessionals.com/.../WinFixProPackage1811x64.exe  (WinFixProPackage.exe)

1 / 68      (Adware)
http://dl.winfixprofessionals.com/.../WinFixProSetup.exe  (adv_77.exe)

The following 137 files have been seen to comunicate with dl.winfixprofessionals.com in live environments.

TCP » 205.185.208.80:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 205.185.208.80:80
bdsetup.exe

TCP » 205.185.208.80:80
kometa.exe (Kometa by @COMPANY_FULLNAME@)

TCP » 205.185.208.80:80
protectorpackagerr2016x64.exe (Reimage Protector by Reimage)

TCP » 205.185.208.80:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 205.185.208.80:80
UCBrowser.exe (by UCWeb)

TCP » 205.185.208.80:80
UCBrowser.exe (by UCWeb)

TCP » 205.185.208.80:80
UCBrowser.exe (by UCWeb)

TCP » 205.185.208.80:80
reimagerepair.exe (Reimage Repair by Reimage)

TCP » 205.185.208.80:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 205.185.208.80:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 205.185.208.80:80
reimagerepair.exe (Reimage Repair by Reimage)

TCP » 205.185.208.80:80
UCBrowser.exe (by UCWeb)

TCP » 205.185.208.80:80
crossbrowse.exe (Crossbrowse)

TCP » 205.185.208.80:80
UCBrowser.exe (by UCWeb)

TCP » 205.185.208.80:80
bobrowser.exe (BoBrowser by The BoBrowser Authors)

TCP » 205.185.208.80:80
reimagerepair.exe (Reimage Repair by Reimage)

TCP » 205.185.208.80:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 205.185.208.80:80
wikibrowser.exe (WikiBrowser by The WikiBrowser Authors)

TCP » 205.185.208.80:80
UCBrowser.exe (by UCWeb)

 
Latest 20 of 165 files

reimage.com

reimageplus.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.