home

secured.atouristwest.us

Admonetizer Inc

Domain Information

The domain secured.atouristwest.us registered by Admonetizer Inc was initially registered in April of 2015 through GoDaddy.com, Inc.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Scottsdale, Arizona within the United States which resides on the GoDaddy.com, LLC network.
Registrar:
GODADDY.COM, INC.

Server location:
Arizona, United States (US)

Create date:
Monday, April 20, 2015

Expires date:
Tuesday, April 19, 2016

Updated date:
Monday, April 20, 2015

ASN:
AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC

Root domain:
atouristwest.us

Whois:
2 atouristwest.us records

Scanner detections:
Detections  (73% detected)

Scan engine
Details
Detections

Avira AntiVirus
PUA/Vittalia.Gen, PUA/InstallMonetizer.Gen
66.67%

Malwarebytes
PUP.Optional.Clara.A, PUP.Optional.CheckOffer
66.67%

herdProtect (fuzzy)
a variant of b436aa6cf7b27346e63a249b64200fcde3344fb2, a variant of 6b8036db5f96e735862e34159dc0165d0dfe36e5, a variant of c39047652a430c048b8ff963317b6eb9f1038e6e
55.56%

SUPERAntiSpyware
Adware.InstallMonetizer/Variant
55.56%

NANO AntiVirus
Trojan.Nsis.Downloader.djhpgw, Riskware.Win32.InstallMonetizer.dymuwe
55.56%

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF, NS:PUF.SilenceInstaller!1.9DDF[F1], PE:Malware.Generic/QRS!1.9E2D [F]
55.56%

Reason Heuristics
PUP.Installer.DuuquGroupOU.Q, PUP.ClaraLabSoftware.Installer (M), Threat.Win.Reputation.IMP, Adware.Bundler (M)
44.44%

Dr.Web
Trojan.DownLoad3.25843, Adware.Iminent.66, Adware.InstallMonetizer.1
33.33%

ESET NOD32
Win32/InstallMonetizer.BG potentially unwanted application, Win32/InstallMonetizer.BJ potentially unwanted application
33.33%

Baidu Antivirus
PUA.Win32.InstallMonetizer
33.33%

ESET NOD32
Win32/InstallMonetizer.BG potentially unwanted
22.22%

Qihoo 360 Security
HEUR/QVM42.1.Malware.Gen
22.22%

VIPRE Antivirus
Threat.4786532
11.11%

Trend Micro House Call
Suspici.1B63843A
11.11%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
11.11%

The domain secured.atouristwest.us has been seen to resolve to the following IP address.

184.168.221.43
ip-184-168-221-43.ip.secureserver.net
May 16, 2016

File downloads found at URLs served by secured.atouristwest.us.

15 / 68    (PUP)
http://secured.atouristwest.us/VuuPC_VO2_8907.exe  (nst828f.tmp)

9 / 68      (PUP)
http://secured.atouristwest.us/Bing_Real_Bar_195.exe  (installer_run.exe)

2 / 68      (Adware)
http://secured.atouristwest.us/.../duuqu.exe  (DuuquUpdateSetup.exe)

3 / 68      (inconclusive)
http://secured.atouristwest.us/.../WindeskWinsearch_silent_s3.exe  (c4a0af781fce9185c072793311a50bc3)

8 / 68      (PUP)
http://secured.atouristwest.us/New_Offer_10152.exe  (installer.exe)

0 / 68
http://secured.atouristwest.us/Mp3_Converter0313_7470.exe  (installmanager.exe)

0 / 68
http://secured.atouristwest.us/VuuPC_VO2_8907.exe  (nsff035.tmp)

1 / 68      (Malware)
http://secured.atouristwest.us/VuuPC_VO2_8907.exe  (b869c3eeb26fd0ae9fe701ab02f5707a)

5 / 68      (PUP)
http://secured.atouristwest.us/.../Bobrowser.exe  (15b994ee45a834eefd31c4f72411def2)

8 / 68      (PUP)
http://secured.atouristwest.us/VuuPC_VO2_8907.exe  (nsfe129.tmp)

8 / 68      (PUP)
http://secured.atouristwest.us/VuuPC_VO2_8907.exe  (nswf246.tmp)

The following 144 files have been seen to comunicate with secured.atouristwest.us in live environments.

TCP » 184.168.221.43:80
googleupdate.exe13d7b73 (globalUpdate Update by globalUpdate)

TCP » 184.168.221.43:80
b2e0fae2-7cef-450e-8ef7-0de243483f10-1-7.exe (CinemaP-1.8cV11.04 by Cinema PlusV11.04)

TCP » 184.168.221.43:80
206da5ff-1c37-4174-a468-774376dbcbb6-10.exe (CinemaPlus-3.2cV10.04 by Cinema PlusV10.04)

TCP » 184.168.221.43:80
9fbdbfea-3a64-4f48-8828-98caa5921c35-10.exe (CinemaPlus-3.2cV11.04 by Cinema PlusV11.04)

TCP » 184.168.221.43:80
4f3d6b11-6625-41c5-86c1-8ced8ad6159d-1-7.exe (SavePass 1.1 by OB)

TCP » 184.168.221.43:80
cinpl2.3c-codedownloader.exe (CinPl2.3c by CinPl)

TCP » 184.168.221.43:80
e36f6451-1eeb-4578-8da1-ab6415879aee-10.exe (Discount_Frenzy by DiscountFrenzy)

TCP » 184.168.221.43:80
7f2b68ab-6b5b-4727-8991-fadbbb21ac43-10.exe (CinemaPlus-3.2cV09.04 by Cinema PlusV09.04)

TCP » 184.168.221.43:80
1adc2624-11a7-41ce-bc29-0d3faaa8254a-10.exe (CinemaPlus-3.2cV06.04 by Cinema PlusV06.04)

TCP » 184.168.221.43:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.168.221.43:80
b2e0fae2-7cef-450e-8ef7-0de243483f10-10.exe (CinemaP-1.8cV11.04 by Cinema PlusV11.04)

TCP » 184.168.221.43:80
d28ee7aa-58af-44de-b0ce-c9db6caf266c-1-7.exe (Ge-Force by Webar)

TCP » 184.168.221.43:80
206da5ff-1c37-4174-a468-774376dbcbb6-1-7.exe (CinemaPlus-3.2cV10.04 by Cinema PlusV10.04)

TCP » 184.168.221.43:80
7e38d7bc-e120-425c-a1be-588dcd98bacf-1-7.exe (GoHDV11.04 by InstallMoonV11.04)

TCP » 184.168.221.43:80
6eb7e4e7-637f-4aaf-9319-46b4213a0e3b-7.exe (Ge-Force by Webar)

TCP » 184.168.221.43:80
1e4fc0d7-d5bd-404c-a6bf-96ac70b26f48-4.exe (CinPl2.3c by CinPl)

TCP » 184.168.221.43:80
4ae13859-92aa-4f07-a123-8804bfef6e86-1-7.exe (Ge-Force by Webar)

TCP » 184.168.221.43:80
hd-quality-v3-codedownloader.exe (HD-Quality-v3)

TCP » 184.168.221.43:443
spacesoundpro.exe (Space Sound Pro)

TCP » 184.168.221.43:80
6330e82a-2ee9-496a-9d86-aee7ba55dab4-7.exe (Sense by Sense+)

 
Latest 20 of 145 files

0107design.info

0109shop.info

0112app.info

0121b.info

0139a.info

controlmedium.info

ddlmediakat1002.info

download-repair.com

downloaddaub.com

downloaddesktop2.com

downward1212.info

dryinstall.com

everyday-families.com

exfilestransfer.com

file172desktop.info

hatcard.com

jotready.com

labsencode.info

mirror2.info

pagerage.com

sibilance.info

softohqimjjedf0jq.com

static1983cdn.com

tuneuplabs.com

video-media-download.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.