home

snipli.com

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain snipli.com is registered by proxy through ENOM, INC. and was originally registered in June of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Newark, New Jersey within the United States which resides on the Linode network.
Registrar:
ENOM, INC.

Server location:
New Jersey, United States (US)

Create date:
Saturday, June 21, 2014

Expires date:
Tuesday, June 21, 2016

Updated date:
Sunday, May 24, 2015

ASN:
AS63949 LINODE-AP Linode, LLC, SG

Whois:
1 snipli.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.C4DLMedia (M), Adware.Amonetize, PUP.Amonetize.GoodTuesday (M), PUP.C4DLMedi (M), PUP.Amonetize.fjewNsisirMW (M), PUP.C4Media.SecureDownloadsX36 (M), Threat.Win.Reputation.IMP, PUP (M)
72.97%

Norman
Gen:Variant.Adware.Strictor.63623, Gen:Variant.Strictor.102331, Win32.Sality.3, Gen:Variant.Barys.977, Win32.SlugIn.A, Trojan.Generic.6753864
35.14%

Kaspersky
not-a-virus:AdWare.Win32.Agent, Trojan.Win32.Swisyn, Virus.Win32.Slugin
35.14%

Emsisoft Anti-Malware
Gen:Variant.Adware.Strictor.63623, Gen:Variant.Graftor.265455, Gen:Variant.Strictor.102331, Win32.Sality, Gen:Variant.Barys.977, Trojan.Generic.6753864
32.43%

Microsoft Security Essentials
Threat.Undefined
27.03%

ESET NOD32
Win32/Amonetize.OL potentially unwanted application, Win32/Sality.NBA virus, Win32/VB.OSK trojan, Win32/Agent.NAG virus
24.32%

Dr.Web
Win32.Sector.30, Trojan.Siggen6.54687, Win32.Wplugin.1
24.32%

VIPRE Antivirus
Threat.4725471, Adware.Agent, Threat.4721115, Threat.4763461
21.62%

McAfee
Trojan.Artemis!E9933A8D9507, Virus.W32/Swisyn.ag, Trojan.Artemis!493C83B7F6C2, Program.StartSurf-FAP, Program.PUP-RGTP
21.62%

F-Prot
W32/Virut.AI!Generic, W32/VB.AD.gen
18.92%

avast!
Win32:VB-OJQ [Wrm], Win32:Patched-JI
18.92%

F-Secure
Variant.Strictor.102331, Win32.SlugIn.A, Trojan.Generic.6753864
16.22%

AVG
Generic_r, Win32/Sality, Win32/Slugin.A
10.81%

MicroWorld eScan
Gen:Variant.Graftor.265455, Gen:Variant.Application.LoadMoney.78
5.41%

Bitdefender
Gen:Variant.Graftor.265455, Gen:Variant.Application.LoadMoney.78
5.41%

The domain snipli.com has been seen to resolve to the following 31 IP addresses.

69.164.223.50
nb-69-164-223-50.newark.nodebalancer.linode.com
September 16, 2016

54.174.27.64
ec2-54-174-27-64.compute-1.amazonaws.com
May 27, 2016

54.172.138.95
ec2-54-172-138-95.compute-1.amazonaws.com
May 27, 2016

107.21.58.229
ec2-107-21-58-229.compute-1.amazonaws.com
May 21, 2016

52.203.125.44
ec2-52-203-125-44.compute-1.amazonaws.com
May 21, 2016

52.71.230.105
ec2-52-71-230-105.compute-1.amazonaws.com
May 17, 2016

52.72.225.246
ec2-52-72-225-246.compute-1.amazonaws.com
May 17, 2016

54.210.211.167
ec2-54-210-211-167.compute-1.amazonaws.com
April 18, 2016

52.73.78.211
ec2-52-73-78-211.compute-1.amazonaws.com
April 18, 2016

52.72.159.252
ec2-52-72-159-252.compute-1.amazonaws.com
April 15, 2016

52.200.132.196
ec2-52-200-132-196.compute-1.amazonaws.com
April 15, 2016

52.87.75.19
ec2-52-87-75-19.compute-1.amazonaws.com
April 13, 2016

107.21.36.185
ec2-107-21-36-185.compute-1.amazonaws.com
April 13, 2016

54.165.56.245
ec2-54-165-56-245.compute-1.amazonaws.com
April 5, 2016

54.85.186.193
ec2-54-85-186-193.compute-1.amazonaws.com
April 5, 2016

52.4.118.107
ec2-52-4-118-107.compute-1.amazonaws.com
April 3, 2016

52.22.157.8
ec2-52-22-157-8.compute-1.amazonaws.com
April 3, 2016

54.209.20.245
ec2-54-209-20-245.compute-1.amazonaws.com
March 2, 2016

52.22.46.129
ec2-52-22-46-129.compute-1.amazonaws.com
March 2, 2016

52.20.174.214
ec2-52-20-174-214.compute-1.amazonaws.com
February 27, 2016

54.85.198.189
ec2-54-85-198-189.compute-1.amazonaws.com
February 27, 2016

52.86.29.237
ec2-52-86-29-237.compute-1.amazonaws.com
February 24, 2016

52.4.29.3
ec2-52-4-29-3.compute-1.amazonaws.com
February 24, 2016

52.22.113.178
ec2-52-22-113-178.compute-1.amazonaws.com
February 21, 2016

54.209.184.76
ec2-54-209-184-76.compute-1.amazonaws.com
February 21, 2016

52.73.60.242
ec2-52-73-60-242.compute-1.amazonaws.com
February 15, 2016

52.22.187.229
ec2-52-22-187-229.compute-1.amazonaws.com
February 15, 2016

52.1.216.152
ec2-52-1-216-152.compute-1.amazonaws.com
February 13, 2016

54.164.209.82
ec2-54-164-209-82.compute-1.amazonaws.com
February 13, 2016

54.88.242.117
ec2-54-88-242-117.compute-1.amazonaws.com
February 9, 2016

 
Showing 30 of 31 IP Addresses

File downloads found at URLs served by snipli.com.

1 / 68      (Malware)
http://snipli.com/qqq  (st719823.exe)

1 / 68      (Malware)
http://snipli.com/ggg  (st_091283.exe)

1 / 68      (PUP)
http://snipli.com/vvv  (st_091286.exe)

The following file have been seen to comunicate with snipli.com in live environments.

TCP » 52.1.216.152:443
citrio.exe (Citrio by CatalinaGroup)

URL:
http://snipli.com/

Google Analytics:
UA-63010812

Title:
“Snipli.com - Stable, secure and fast URL Shortener”

Description:
“Why compromise with a LONG URL when you can just SNIP IT?”

SSL certificate subject:
CN=*.snipli.com, OU=EssentialSSL Wildcard, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
nginx/1.6.3 (PHP/5.6.10)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.