home

member.20dollars2surf.com

ITWEB Domain Protection

Domain Information

The domain member.20dollars2surf.com registered by ITWEB Domain Protection was initially registered in December of 2015 through OVH. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Beaumaris, Victoria within Australia which resides on the Asia Pacific Network Information Centre network.
Registrar:
TOP PICK NAMES LLC

Server location:
Victoria, Australia (AU)

Create date:
Friday, December 25, 2015

Expires date:
Sunday, December 25, 2016

Updated date:
Wednesday, January 20, 2016

ASN:
AS133618 TRELLIAN-AS-AP Trellian Pty. Limited,AU

Root domain:
20dollars2surf.com

Whois:
3 20dollars2surf.com records

Scanner detections:
Detections  (87% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.GalacticBros.2Surf.Installer.Meta (M), PUP.Installer.ClickMeInLimited.F, PUP.GalacticBros.2Surf (M)
81.48%

Dr.Web
Adware.Toolbar.149, Trojan.Packed.24524, Threat.Undefined, - infected container c:\users\test\appdata\local\temp\b2f90e5b837a90194ca68a39f324aaaf06f63d2b Troj
25.93%

ESET NOD32
Win32/D2Surf, Win32/InstallCore.HZ, Win32/InstallCore.IE (variant)
14.81%

Bkav FE
W32.Clod253.Trojan
11.11%

NANO AntiVirus
Trojan.Win32.Toolbar.cqtnbo
11.11%

ESET NOD32
Win32/D2Surf.A potentially unsafe application
11.11%

McAfee
Artemis!201F7E3DD4D1, Artemis!AB5030686456
7.41%

Malwarebytes
PUP.Optional.InstallCore
7.41%

Trend Micro House Call
TROJ_GEN.F47V1220, TROJ_GEN.F47V0120
7.41%

Vba32 AntiVirus
Downware.InstallCore
7.41%

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
7.41%

Fortinet FortiGate
Riskware/InstallCore
7.41%

herdProtect (fuzzy)
a variant of 9ffde2fc6398c5f9f14c2fc5301b470cca563c4c
3.70%

The domain member.20dollars2surf.com has been seen to resolve to the following 2 IP addresses.

103.224.182.252
lb-182-252.above.com
February 1, 2016

62.210.162.44
62-210-162-44.rev.poneytelecom.eu
January 10, 2014

File downloads found at URLs served by member.20dollars2surf.com.

1 / 68      (PUP)
http://member.20dollars2surf.com/innosetup_88804295.exe  (setup.exe)

1 / 68      (PUP)
http://member.20dollars2surf.com/innosetup_11573942.exe  (setup.exe)

1 / 68      (PUP)
http://member.20dollars2surf.com/innosetup_55164565.exe  (setup.exe)

1 / 68      (PUP)
http://member.20dollars2surf.com/innosetup_69262815.exe  (setup.exe)

1 / 68      (PUP)
http://member.20dollars2surf.com/innosetup_77784984.exe  (setup.exe)

1 / 68      (PUP)
http://member.20dollars2surf.com/innosetup_32498251.exe  (setup.exe)

1 / 68      (PUP)
http://member.20dollars2surf.com/innosetup_43511134.exe  (setup.exe)

9 / 68      (Adware)
http://member.20dollars2surf.com/innosetup_17713836.exe  (setup.exe)

1 / 68      (PUP)
http://member.20dollars2surf.com/innosetup_87331022.exe  (setup.exe)

1 / 68      (PUP)
http://member.20dollars2surf.com/innosetup_19336987.exe  (setup.exe)

1 / 68      (PUP)
http://member.20dollars2surf.com/innosetup_33182670.exe  (setup.exe)

1 / 68      (PUP)
http://member.20dollars2surf.com/innosetup_37731208.exe  (setup.exe)

1 / 68      (PUP)
http://member.20dollars2surf.com/innosetup_83147426.exe  (setup.exe)

1 / 68      (PUP)
http://member.20dollars2surf.com/innosetup_72062217.exe  (setup.exe)

1 / 68      (PUP)
http://member.20dollars2surf.com/innosetup_32349954.exe  (setup.exe)

0 / 68
http://member.20dollars2surf.com/innosetup_96987432.exe  (setup.exe)

1 / 68      (PUP)
http://member.20dollars2surf.com/innosetup_89076179.exe  (setup.exe)

1 / 68      (PUP)
http://member.20dollars2surf.com/innosetup_53579561.exe  (setup.exe)

1 / 68      (PUP)
http://member.20dollars2surf.com/innosetup_77828558.exe  (setup.exe)

1 / 68      (PUP)
http://member.20dollars2surf.com/innosetup_36309936.exe  (setup.exe)

2 / 68      (Malware)
http://member.20dollars2surf.com/innosetup_75299098.exe  (setup.exe)

0 / 68
http://member.20dollars2surf.com/innosetup_19468150.exe  (setup.exe)

2 / 68      (Malware)
http://member.20dollars2surf.com/innosetup_21134476.exe  (setup.exe)

5 / 68      (PUP)
http://member.20dollars2surf.com/innosetup_93615175.exe  (setup 20dollars2surf.exe)

4 / 68      (Malware)
http://member.20dollars2surf.com/innosetup_34742236.exe  (setup.exe)

0 / 68
http://member.20dollars2surf.com/innosetup_91022437.exe  (bd44283e00c74772a8be20571f08e3b8)

4 / 68      (PUP)
http://member.20dollars2surf.com/innosetup_61089875.exe  (setup.exe)

0 / 68
http://member.20dollars2surf.com/innosetup_59681653.exe  (setup.exe)

1 / 68      (PUP)
http://member.20dollars2surf.com/innosetup_50447194.exe  (setup.exe)

The following 33 files have been seen to comunicate with member.20dollars2surf.com in live environments.

TCP » 103.224.182.252:80
crossbrowse.exe (Crossbrowse)

TCP » 103.224.182.252:80
2799.exe

TCP » 103.224.182.252:80
crossbrowse.exe (Crossbrowse)

TCP » 103.224.182.252:80
crossbrowse.exe (Crossbrowse)

TCP » 103.224.182.252:80
crossbrowse.exe (Crossbrowse)

TCP » 103.224.182.252:80
3016.exe

TCP » 103.224.182.252:80
crossbrowse.exe (Crossbrowse)

TCP » 103.224.182.252:80
utility.exe

TCP » 103.224.182.252:80
9096.exe

TCP » 103.224.182.252:80
nshc7dd.tmp

TCP » 103.224.182.252:80
1057.exe

TCP » 103.224.182.252:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 103.224.182.252:80
utility.exe

TCP » 103.224.182.252:80
2014.exe

TCP » 103.224.182.252:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 103.224.182.252:80
3862.exe

TCP » 103.224.182.252:80
utility.exe

TCP » 103.224.182.252:80
utility.exe

TCP » 103.224.182.252:80
3919.exe

TCP » 103.224.182.252:80
crossbrowse.exe (Crossbrowse)

 
Latest 20 of 33 files

URL:
http://member.20dollars2surf.com/

Web server:
Apache

4shared.net

ewebdomrec.com

iomega.com

linksysbycisco.com

loaderus.com

madeenacall9.net

stairbucks.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.