home

rar-file-open-knife.en.softonic.com

Domain Information

This domain is owned and operated by Softonic International.
Server location:
Catalonia, Spain (ES)

ASN:
AS51773 SOFTONIC-AS SOFTONIC INTERNATIONAL S.L.

Root domain:
softonic.com

Registered by:
Softonic International

Scanner detections:
Detections  (75% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.PhilippBWinterberg.X, PUP.PhilippBWinterberg.Installer (M), PUP.Softonic.Bundler (M)
100.00%

Malwarebytes
PUP.Optional.OpenCandy
66.67%

Trend Micro House Call
TROJ_GEN.F47V1210
66.67%

ESET NOD32
Win32/OpenCandy potentially unsafe application
66.67%

Rising Antivirus
PE:PUF.OpenCandy!1.9DE5
66.67%

Dr.Web
Threat.Undefined
66.67%

Agnitum Outpost
Riskware.OpenCandy
66.67%

G Data
NSIS.Application.OpenCandy
66.67%

Fortinet FortiGate
Riskware/OpenCandy
66.67%

Sophos
PUA.OpenCandy
66.67%

The domain rar-file-open-knife.en.softonic.com has been seen to resolve to the following IP address.

46.28.209.13
December 17, 2014

File downloads found at URLs served by rar-file-open-knife.en.softonic.com.

0 / 68
http://rar-file-open-knife.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAO5GjYLt2FuXfL6tICKFThXytc260JfxvHi3fjIc9cmRUh9eqYQqISSx4Ly3c4JgzfzaZuGT5GdY9vtF /.../0N1WKRrZ4SC3NwvCp0GFE2CqBM9SOboRDewuQTNEDrIw3yGjfakXSGvFTeAS6j35ikg==  (InstallRARFileOpenKnife.exe)

10 / 68    (Adware)
http://rar-file-open-knife.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAO5GjYLt2FuXfL6tICKFThXytc260JfxvHi3fjIc9cmRUh9eqYQqISSx4Ly3c4JgzfzaZuGT5GdY9vtF /.../0N1WKRrZ4SC3NwvCp0GFE2CqBM9SOboRDewuQTNEDrIw3yGjfakXSGvFTeAS6j35ikg==  (InstallRARFileOpenKnife.exe)

1 / 68      (PUP)
http://rar-file-open-knife.en.softonic.com/universaldownloader-launch  (softonicdownloader_for_rar-file-open-knife.exe)

10 / 68    (Adware)
http://rar-file-open-knife.en.softonic.com/download-tracker?th=1/.../rB47IKfIros7bULEg8FzukOw8Jwn67pl9LbMvZi6MQkY=  (InstallRARFileOpenKnife.exe)

The following 4 files have been seen to comunicate with rar-file-open-knife.en.softonic.com in live environments.

TCP » 46.28.209.13:80
OrbitDM.exe (Orbit Downloader by Orbitdownloader.com)

TCP » 46.28.209.13:80
kmp_3.8.0.122.exe (Softonic Downloader by Softonic)

TCP » 46.28.209.13:80
Client.exe

TCP » 46.28.209.13:80
WajamInternetEnhancer.exe (Wajam Internet Enhancer by Wajam Internet Technologies)

softonic.com.br

softonic.com.it

softonic.com.fr

softonic.com.de

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.