home

offersrepo.com

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain offersrepo.com is registered by proxy through ENOM, INC. and was originally registered in May of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Provo, Utah within the United States which resides on the WEBSITEWELCOME.COM network.
Registrar:
ENOM, INC.

Server location:
Utah, United States (US)

Create date:
Wednesday, May 14, 2014

Expires date:
Sunday, May 14, 2017

Updated date:
Saturday, May 7, 2016

ASN:
AS46606 UNIFIEDLAYER-AS-1 - Unified Layer,US

Whois:
3 offersrepo.com records

Scanner detections:
Detections  (73% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.QUALITYSCORESL.I, PUP.Installer.QUALITYSCORESL.P, PUP.Installer.QUALITYSCORESL.T, PUP.Installer.QUALITYSCORESL.V
75.00%

Trend Micro House Call
Suspicious_GEN.F47V0118, Suspicious_GEN.F47V0123, Suspicious_GEN.F47V0130, Suspicious_GEN.F47V0414, Suspicious_GEN.F47V0516
50.00%

VIPRE Antivirus
Iminent
41.67%

Bkav FE
W32.HfsAdware
25.00%

Panda Antivirus
Generic Suspicious, PUP/iLivid, PUP/Multitoolbar
25.00%

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
25.00%

Avira AntiVirus
PCK/MSIL.Confuser, ADWARE/Colooader.354744
16.67%

Kaspersky
not-a-virus:Downloader.MSIL.Agent
16.67%

IKARUS anti.virus
AdWare.MSIL.Colooader
8.33%

NANO AntiVirus
Trojan.Win32.Click2.cxfbox
8.33%

Malwarebytes
PUP.Optional.QualityScore
8.33%

Sophos
QualityScore
8.33%

Quick Heal
Downloader.MSIL.r3 (Not a Virus)
8.33%

McAfee
Artemis!4AB59F2556CA
8.33%

Dr.Web
Adware.Colooader.7
8.33%

The domain offersrepo.com has been seen to resolve to the following IP address.

198.154.224.110
too.toolboox.com
August 19, 2014

File downloads found at URLs served by offersrepo.com.

2 / 68
http://offersrepo.com/download.php?__tc=1430436137242&downloadName=sony-vegas-pro.exe  (spybot.exe)

6 / 68      (PUP)
http://offersrepo.com/download.php?__tc=1434431986198&downloadName=atube-catcher.exe  (google-toolbar.exe)

3 / 68      (Adware)
http://offersrepo.com/download.php?__tc=1424551877442&downloadName=viber.exe  (spybot-free.exe)

5 / 68      (PUP)
http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=free-pdf-to-word-converter.exe  (adwcleaner.exe)

1 / 68      (Adware)
http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=cutepdf-free.exe  (360-internet-security.exe)

1 / 68      (Adware)
http://offersrepo.com/download.php?__tc=1416989800246&signature=qualityscore&downloadName=google-chrome-29.exe  (advanced-systemcare.exe)

3 / 68      (Adware)
http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=sopcast.exe  (spybot-free.exe)

3 / 68      (Adware)
http://offersrepo.com/downloads.php?__tc=1426282883575&signature=qualityscorei3&downloadName=google-chrome.exe  (spybot-free.exe)

4 / 68      (Adware)
http://offersrepo.com/download.php?__tc=1419026641897&signature=qualityscore&downloadName=google-chrome-29.exe  (i2Dyn.exe)

5 / 68      (PUP)
http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=malwarebytes-free.exe  (adwcleaner.exe)

6 / 68      (PUP)
http://offersrepo.com/download.php?__tc=1431785632308&downloadName=adwcleaner.exe&downloadName=adwcleaner.exe  (google-toolbar.exe)

7 / 68      (Adware)
http://offersrepo.com/download.php?__tc=1431785632308&downloadName=adwcleaner.exe  (ad-aware-11.exe)

2 / 68
http://offersrepo.com/download.php?__tc=1431647932857&downloadName=google-earth-7.exe  (spybot.exe)

1 / 68      (Adware)
http://offersrepo.com/download.php?signature=qualityscore&downloadName=winrar.exe  (advanced-systemcare.exe)

6 / 68      (PUP)
http://offersrepo.com/download.php?__tc=1434282343545&downloadName=atube-catcher.exe&downloadName=atube-catcher.exe  (google-toolbar.exe)

3 / 68      (Adware)
http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=daemon-tools.exe  (adblock-plus.exe)

1 / 68      (Adware)
http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=dvd-shrink.exe  (360-internet-security.exe)

6 / 68      (PUP)
http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=star-wars-battlefront.exe  (google-toolbar.exe)

6 / 68      (PUP)
http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=cheat-engine.exe  (google-toolbar.exe)

7 / 68      (Adware)
http://offersrepo.com/download.php?__tc=1435193927078&downloadName=minecraft-1-7-2.exe&downloadName=minecraft-1-7-2.exe  (ad-aware-11.exe)

6 / 68      (PUP)
http://offersrepo.com/downloads.php?__tc=1434178564536&signature=qualityscorei3&downloadName=adblock-plus.exe  (google-toolbar.exe)

0 / 68
http://offersrepo.com/download.php?signature=husreni3&downloadName=minecraft-es.exe  (2a264251ce864c772b82e00f6c939208)

0 / 68
http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=minecraft.exe  (f570517342a7727cf4e47e940aab249b)

6 / 68      (PUP)
http://offersrepo.com/download.php?__tc=1432145483276&downloadName=adobe-photoshop-free.exe  (google-toolbar.exe)

2 / 68
http://offersrepo.com/download.php?__tc=1431446425856&downloadName=atube-catcher.exe  (spybot.exe)

6 / 68      (PUP)
http://offersrepo.com/download.php?__tc=1434406329599&downloadName=atube-catcher.exe  (google-toolbar.exe)

6 / 68      (PUP)
http://offersrepo.com/download.php?__tc=1433182821104&downloadName=bluestacks-app-player.exe  (google-toolbar.exe)

6 / 68      (PUP)
http://offersrepo.com/download.php?__tc=1432919814278&downloadName=atube-catcher.exe  (google-toolbar.exe)

2 / 68
http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=skype-6.exe  (spybot.exe)

2 / 68      (Adware)
http://offersrepo.com/download.php?__tc=1412532072496&signature=qualityscore&downloadName=minecraft-forge.exe  (00000000)

 
Latest 30 of 555 download URLs

The following file have been seen to comunicate with offersrepo.com in live environments.

TCP » 198.154.224.110:80
Client.exe

URL:
http://offersrepo.com/

Web server:
Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips DAV/2 mod_bwlimited/1.4 (PHP/5.4.26)

develop2repo.com

developrepo.com

repo2develop.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.