home

playnow.chaseswing.eu

NOT DISCLOSED!  (Proxy Registrant)

Domain Information

The domain playnow.chaseswing.eu is registered by proxy through Internet.bs Corp.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Redwood City, California within the United States which resides on the SKYE network.
Registrar:
Internet.bs Corp.

Server location:
California, United States (US)

ASN:
AS26008 NOMINUM-SKYE1 - SKYE

Root domain:
chaseswing.eu

Whois:
1 chaseswing.eu record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
DownloadManager.AirSoftware.F, PUP.Air Software.AirSoftware.Bundler (M), PUP.Softpulse.DigitalPlugin.Bundler (M), PUP.Outbrowse.Bundler (M), PUP.Outbrowse.Outborwse.Installer (M), PUP.InstallCore.AVSoftware.Installer (M), PUP.Tuguu.Bundler (M), PUP.Softpulse.Softforc.Bundler (M), PUP.Bundlore.Installer.Installer (M), PUP.Air Software.AirSoftw.Bundler (M), PUP.Air Software (M)
100.00%

Malwarebytes
PUP.Optional.AirInstaller, PUP.Optional.AirAdInstaller
24.32%

avast!
Win32:Installer-L [PUP], Malware-gen, Win32:Adware-gen [Adw]
24.32%

Comodo Security
Application.Win32.AirAdInstaller.A, Application.Win32.AirAdInstaller.B
24.32%

Dr.Web
Adware.Downware.2035, Trojan.SMSSend.4881, Trojan.SMSSend.4953
24.32%

VIPRE Antivirus
Iminent, Threat.4150696
24.32%

Sophos
AirInstaller
24.32%

Rising Antivirus
PE:PUF.Airinstall!1.9C4C
24.32%

Qihoo 360 Security
HEUR/Malware.QVM01.Gen
24.32%

Agnitum Outpost
PUA.AirAd, PUA.AirAdInstaller
24.32%

Avira AntiVirus
ADWARE/Adware.Gen, Adware/AgentCV.A.6255
24.32%

Vba32 AntiVirus
AdWare.AirAdInstaller.ajov
24.32%

AhnLab V3 Security
PUP/Win32.AirAdInstaller
24.32%

IKARUS anti.virus
Win32.Malware, Win32.AdWare, Win32.SuspectCrc
24.32%

AVG
Generic_r, Adware BundleApp_r.D, InstallCore
24.32%

The domain playnow.chaseswing.eu has been seen to resolve to the following 3 IP addresses.

195.22.26.248
anubisnetworks.com
February 10, 2016

185.12.118.2
February 6, 2016

199.101.28.20
search.dnsassist.verizon.net
May 30, 2014

File downloads found at URLs served by playnow.chaseswing.eu.

1 / 68      (Adware)
http://playnow.chaseswing.eu/AIRsoftwarecpaBR.html  (setup.exe)

1 / 68      (Adware)
http://playnow.chaseswing.eu/AIRsoftwareupdatercpaCA.html  (setup.exe)

1 / 68      (Adware)
http://playnow.chaseswing.eu/AIRmediaplayercpaBR.html  (setup.exe)

1 / 68      (Adware)
http://playnow.chaseswing.eu/AIRsoftwareupdatecpaFR.html  (setup.exe)

1 / 68      (Adware)
http://playnow.chaseswing.eu/AIRmediaplayerupdateALL.html  (media player update.exe)

1 / 68      (Adware)
http://playnow.chaseswing.eu/AIRdrivercpaFR.html  (setup.exe)

The following 199 files have been seen to comunicate with playnow.chaseswing.eu in live environments.

TCP » 195.22.26.248:80
wnz.exe

TCP » 195.22.26.248:80
feowyxczbl.exe

TCP » 195.22.26.248:8000
produpd.exe (produpd.exe by Vested Development, Inc)

TCP » 195.22.26.248:80
SoftwareUpdate.exe (TopShape.me by Keen Internet Technologies)

TCP » 195.22.26.248:80
masterupdater.exe

TCP » 195.22.26.248:80
monhost.exe (monhost.exe by Vested Development, Inc)

TCP » 195.22.26.248:80
monhost.exe (monhost.exe by Vested Development, Inc)

TCP » 195.22.26.248:80
SoftwareUpdate.exe (Software Updater by Auto-Update.me)

TCP » 195.22.26.248:81
traymgr.exe (Windows Update AutoUpdate Client by Microsoft)

TCP » 195.22.26.248:80
plus-hd-1.8-updater.exe (Plus-HD-1.8 by Plus HD)

TCP » 195.22.26.248:8000
produpd.exe (produpd.exe by Vested Development, Inc)

TCP » 195.22.26.248:80
vcredistx86.exe

TCP » 195.22.26.248:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 195.22.26.248:80
uninst_.exe (Stereo Panel App by Stereo Panel)

TCP » 195.22.26.248:80
netutils2016.exe

TCP » 195.22.26.248:80
monhost.exe (monhost.exe by Vested Development, Inc)

TCP » 195.22.26.248:80
monhost.exe (monhost.exe by Vested Development, Inc)

TCP » 195.22.26.248:80
monhost.exe (monhost.exe by Vested Development, Inc)

TCP » 195.22.26.248:80
cqnoxqucxl.exe

TCP » 195.22.26.248:80
monhost.exe (monhost.exe by Vested Development, Inc)

 
Latest 20 of 219 files

URL:
http://playnow.chaseswing.eu/

Web server:
nginx

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.