home

minilua-miniluacom.netdna-ssl.com

NetDNA, LLC.

Domain Information

The domain minilua-miniluacom.netdna-ssl.com registered by NetDNA, LLC. was initially registered in February of 2011 through MARKMONITOR INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in San Jose, California within the United States which resides on the SoftLayer Technologies Inc. network.
Registrar:
MARKMONITOR INC.

Server location:
California, United States (US)

Create date:
Wednesday, February 2, 2011

Expires date:
Thursday, February 2, 2017

Updated date:
Wednesday, October 16, 2013

ASN:
AS36351 SOFTLAYER - SoftLayer Technologies Inc., US

Root domain:
netdna-ssl.com

Whois:
1 netdna-ssl.com record

Scanner detections:
Detections  (95% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.ExtendedSetup.O, PUP.Installer.MaxSetup.O, PUP.Installer.STMSetup.O, PUP.installCore.MaxSetup.Installer (M), PUP.installCore.WorldSetup.Installer (M), PUP.installCore.STMSetup.Installer (M), PUP.installCore.WorldSet.Installer (M), PUP.installCore.Extended.Installer (M)
92.31%

K7 AntiVirus
Unwanted-Program , Trojan
17.95%

Dr.Web
Trojan.Packed.24524, Adware.InstallCore.386, Trojan.DownLoader11.13453
17.95%

Sophos
Install Core Click run software
17.95%

VIPRE Antivirus
InstallCore, InstallCore.b, Threat.4786018
15.38%

Avira AntiVirus
ADWARE/InstallCore.A.9, ADWARE/InstallCore.Gen7, Adware/InstallCore.A.439, Adware/InstallCore.A.577, ADWARE/InstallCore.Gen9
15.38%

Vba32 AntiVirus
Downware.InstallCore, AdWare.InstallCore
12.82%

AVG
MalSign.InstallC, Generic
12.82%

Qihoo 360 Security
Malware.QVM20.Gen, Win32/Virus.Adware.f22
10.26%

ESET NOD32
Win32/InstallCore.OU potentially unwanted application, Win32/InstallCore.ON potentially unwanted application
10.26%

Baidu Antivirus
Trojan.Win32.InstallCore, Adware.Win32.Somoto
10.26%

ESET NOD32
Win32/InstallCore.IJ (variant), Win32/Kryptik.BWAM (variant), Win32/Somoto
7.69%

Norman
InstallCore.CERT
7.69%

Trend Micro House Call
Suspicious_GEN.F47V0721, Suspicious_GEN.F47V1115
7.69%

Kaspersky
not-a-virus:AdWare.Win32.InstallCore
7.69%

The domain minilua-miniluacom.netdna-ssl.com has been seen to resolve to the following 4 IP addresses.

50.23.99.148
94.63.1732.ip4.static.sl-reverse.com
May 16, 2016

94.31.29.227
94.31.29.227.IPYX-077437-ZYO.above.net
March 1, 2016

108.161.187.32
May 31, 2014

94.31.29.224
94.31.29.224.IPYX-077437-ZYO.above.net
February 8, 2014

File downloads found at URLs served by minilua-miniluacom.netdna-ssl.com.

1 / 68      (Adware)
https://minilua-miniluacom.netdna-ssl.com/megacubo/.../  (megacubo_setup.exe)

1 / 68      (Adware)
https://minilua-miniluacom.netdna-ssl.com/megacubo/.../?ver=10.9.1  (megacubo_setup.exe)

2 / 68      (false positives)
https://minilua-miniluacom.netdna-ssl.com/megacubo/.../Megacubo_10.9.9.exe  (wrar420.exe)

1 / 68      (inconclusive)
https://minilua-miniluacom.netdna-ssl.com/megacubo/.../?ver=10.9.0  (f_000a65)

The following 5 files have been seen to comunicate with minilua-miniluacom.netdna-ssl.com in live environments.

TCP » 50.23.99.148:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 50.23.99.148:80
megacubo.exe (Megacubo by www.megacubo.net)

TCP » 50.23.99.148:80
wikithemes.exe

TCP » 50.23.99.148:80
bobrowser.exe (BoBrowser by The BoBrowser Authors)

TCP » 94.31.29.224:80
client.exe

URL:
http://minilua-miniluacom.netdna-ssl.com/

Google Analytics:
UA-16008425

Title:
“X2 Network”

SSL certificate subject:
CN=*.netdna-ssl.com, OU=Domain Control Validated

SSL certificate issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc."

Web server:
NetDNA-cache/2.2

minilua.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.