home

lmw.safedownloads.co

Systweak Software

Domain Information

The domain lmw.safedownloads.co registered by Systweak Software was initially registered in August of 2013 through PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dulles, Virginia within the United States which resides on the Limelight Networks, Inc. network.
Registrar:
PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

Server location:
Virginia, United States (US)

Create date:
Thursday, August 22, 2013

Expires date:
Sunday, August 21, 2016

Updated date:
Thursday, October 1, 2015

ASN:
AS22822 LLNW-AS Limelight Networks, INC. proxy AS object

Root domain:
safedownloads.co

Whois:
4 safedownloads.co records

Google Safe Browsing:
unwanted

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Systweak.Installer.Meta (L), PUP.installCore.NewSoftw.Installer (M)
100.00%

The domain lmw.safedownloads.co has been seen to resolve to the following 4 IP addresses.

208.111.160.6
cdn-208-111-160-6.iad.llnw.net
March 15, 2014

208.111.161.254
cdn-208-111-161-254.iad.llnw.net
March 15, 2014

208.111.128.6
February 7, 2014

208.111.128.7
February 7, 2014

File downloads found at URLs served by lmw.safedownloads.co.

1 / 68      (PUP)
http://lmw.safedownloads.co/downloads/.../rcpsetup_softonic_new_de_ros_new.exe  (c07feafcc1a9e0320b4ee5ceff62aa9a)

1 / 68      (Adware)
http://lmw.safedownloads.co/.../sysrc_trial.exe  (pobierz_regclean_pro_v7.exe)

1 / 68      (PUP)
http://lmw.safedownloads.co/downloads/.../rcpsetup_dcomnewros728_dcomnewros728.exe  (69747a5d1b4f63cc452a9e779ad825da)

1 / 68      (PUP)
http://lmw.safedownloads.co/downloads/.../rcpsetup_cpx_cpx.exe  (ccf4b367c1a7fe667e558a334b6dd257)

1 / 68      (PUP)
http://lmw.safedownloads.co/downloads/.../rcpsetup_softonic_new_es_pd_new.exe  (8f855d41d59fe4ce74a8a431595065b3)

1 / 68      (PUP)
http://lmw.safedownloads.co/downloads/.../rcpsetup_softonic_englobal.exe  (3cf81999418ee96d99479b7dff769e5b)

1 / 68      (PUP)
http://lmw.safedownloads.co/.../sysrc_trial.exe  (9aee087324db35c74ca2c8464110b538)

1 / 68      (PUP)
http://lmw.safedownloads.co/downloads/.../rcpsetup_2005_file.net_ab_EN-iCh.exe  (30e851807189d1a24ac242b7fa219810)

1 / 68      (PUP)
http://lmw.safedownloads.co/downloads/.../rcpsetup_dcomnew_sec_728_dcomnew_sec_728.exe  (rcpsetup1_dcomnew_sec_728_dcomnew_sec_728.exe)

1 / 68      (PUP)
http://lmw.safedownloads.co/downloads/.../rcpsetup_2005_file.net_ab_EN-iChHint.exe  (cc597fe1bef5f0aab0d5e9021b133f0f)

1 / 68      (PUP)
http://lmw.safedownloads.co/downloads/.../rcpsetup_2005_neub_EN-RegPro.exe  (4c54b46382338c2a1ca884c6b5b09b62)

1 / 68      (PUP)
http://lmw.safedownloads.co/downloads/.../adusetup_ashampoo.exe  (f82be065bc9af68ffcdc14d01dff81dc)

1 / 68      (PUP)
http://lmw.safedownloads.co/downloads/.../rcpsetup_2005.exe  (6389a2ebb2ae7cbed34289a35adfadf0)

The following 150 files have been seen to comunicate with lmw.safedownloads.co in live environments.

TCP » 208.111.161.254:80
AppVerifierapc.exe (AppApcVerifier)

TCP » 208.111.160.6:80
AppVerifierapc.exe (AppApcVerifier)

TCP » 208.111.128.6:80
AppVerifierapc.exe (AppApcVerifier)

TCP » 208.111.128.7:80
AppVerifierapc.exe (AppApcVerifier)

TCP » 208.111.128.7:80
k9pcp.exe (k9pcp by K9Tools)

TCP » 208.111.161.254:80
crossbrowse.exe (Crossbrowse)

TCP » 208.111.128.7:80
Patcher.exe (Audition Patcher by Axeso5.com)

TCP » 208.111.160.6:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 208.111.128.6:80
sysmon.exe (SysMon)

TCP » 208.111.128.6:80
pcsp.exe (PC Speedup Pro by pcspeeduppro.com)

TCP » 208.111.161.254:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 208.111.128.7:80
sysmon.exe (SysMon)

TCP » 208.111.128.6:80
asc.exe (Advance-System Care by advancedpctools.com)

TCP » 208.111.128.7:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 208.111.161.254:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 208.111.128.6:80
Patcher.exe (Audition Patcher by Axeso5.com)

TCP » 208.111.160.6:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 208.111.160.6:80
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

TCP » 208.111.128.7:80
AdvancedSystemProtector.exe (ASP)

TCP » 208.111.160.6:80
UCBrowser.exe (UC Browser by UCWeb)

 
Latest 20 of 292 files

URL:
http://lmw.safedownloads.co/

Web server:
nginx/1.6.2

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.