sr2.systweak.com

SYSTWEAK INC

Domain Information

The domain sr2.systweak.com registered by SYSTWEAK INC was initially registered in September of 2001 through ENOM, INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dulles, Virginia within the United States which resides on the RIPE Network Coordination Centre network.
Remove Malware from sr2.systweak.com - Powered by Reason Core Security
Registrar:
ENOM, INC.

Server location:
Virginia, United States (US)

Create date:
Friday, September 28, 2001

Expires date:
Wednesday, September 28, 2022

Updated date:
Monday, July 29, 2013

ASN:
AS16265 LEASEWEB LeaseWeb B.V.

Root domain:

Scanner detections:
Detections  (96% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Optional.Installer.SystweakSoftware.CC, PUP.Installer.SystweakSoftware.e, PUP.SystweakSoftware.R, PUP.Optional.Installer.SystweakSoftware.g, PUP.Optional.SystweakSoftware.Q, PUP.Optional.SystweakSoftware.FF, PUP.Optional.Installer.b, PUP.Installer.ThePhoneSupportPvt.b
96.43%

ESET NOD32
Win32/Systweak, Win32/MyPCBackup
75.00%

Malwarebytes
PUP.Optional.RegCleanPro, PUP.Optional.RegCleanerPro
42.86%

Dr.Web
Program.Unwanted.31, Program.Unwanted.74, riskware program Program.Unwanted.74, riskware program Program.Unwanted.31
35.71%

Trend Micro House Call
TROJ_GEN.F47V1231, TROJ_GEN.F47V0123, TROJ_GEN.F47V0228, TROJ_GEN.F47V0321, TROJ_GEN.F47V0303
21.43%

G Data
Win32.Application.RegCleanPro
17.86%

McAfee
Artemis!A8ACB2012379, Artemis!D3E8275480A5, Artemis!EC2EDF135F90, Artemis!0951F65AB58C
14.29%

McAfee Web Gateway
Artemis!A8ACB2012379, Artemis!D3E8275480A5, Artemis!EC2EDF135F90, Artemis!0951F65AB58C
14.29%

Sophos
Registry Cleaner, PUA 'Install Core Click run software'
14.29%

AhnLab V3 Security
PUP/Win32.RegCleanPro
3.57%

Kaspersky
Packed.Win32.Krap
3.57%

VIPRE Antivirus
Backdoor.Win32.Bifrose.fsi
3.57%

ESET NOD32
Win32/Systweak.H potentially unwanted application
3.57%

K7 AntiVirus
Unwanted-Program
3.57%

K7 Gateway Antivirus
Unwanted-Program
3.57%

The domain sr2.systweak.com has been seen to resolve to the following IP address.

UPDATES3
December 27, 2013

File downloads found at URLs served by sr2.systweak.com.

3 / 68      (PUP)
https://sr2.systweak.com/.../?x-src=marm1&x-cam=marm1453041071es  (rcpsetupmarm1_marm1376194549be_adroi.exe)

3 / 68      (PUP)
https://sr2.systweak.com/.../?x-cam=apnnew2_2522428_es  (rcpsetupapnnew_apnnew2_2587041_jp.exe)

2 / 68      (PUP)

4 / 68      (PUP)
https://sr2.systweak.com/.../?x-cam=apnnew2_2228268_cl  (rcpsetupapnnew_apnnew2_1996961_tr.exe)

2 / 68      (PUP)
https://sr2.systweak.com/.../?x-src=apptvlatest&x-cam=apptvlatest_1946  (rcpsetupg_apptvlatest-apptvlatest_1946.exe)

3 / 68      (PUP)
https://sr2.systweak.com/.../?x-src=apptvlatest&x-cam=apptvlatest_1937  (rcpsetupg_apptvlatest-apptvlatest_2019.exe)

3 / 68      (PUP)
https://sr2.systweak.com/.../?x-src=marm1&x-cam=marm1203911984dk  (rcpsetupmarm1_marm1376194549be_adroi.exe)

7 / 68      (PUP)

7 / 68      (PUP)

2 / 68      (PUP)

7 / 68      (PUP)

4 / 68      (PUP)

3 / 68      (PUP)
https://sr2.systweak.com/.../?x-cam=apnnew2_1958946_us_bp  (rcpsetupapnnew_apnnew2_2587041_jp.exe)

3 / 68      (PUP)

2 / 68      (inconclusive)
https://sr2.systweak.com/.../?x-cam=apnnew2_1348202_ca_bp  (rcpsetupapnnew_apnnew2_1792085_au.exe)

5 / 68      (PUP)

3 / 68      (PUP)
https://sr2.systweak.com/.../?x-src=mapp1&x-cam=mapp11909212it  (rcpsetupmapp1_mapp11049808_ext_jp.exe)

4 / 68      (PUP)

3 / 68      (PUP)

3 / 68      (PUP)

7 / 68      (PUP)

2 / 68      (PUP)

6 / 68      (PUP)

4 / 68      (PUP)

7 / 68      (PUP)

3 / 68      (PUP)

5 / 68      (PUP)

3 / 68      (PUP)

3 / 68      (PUP)

3 / 68      (PUP)

 
Latest 30 of 470 download URLs

URL:
http://sr2.systweak.com/

SSL certificate subject:
CN=*.systweak.com, OU=PremiumSSL Wildcard, OU=Software, O=Systweak Software, STREET="572 & 573,Tower B-1, Village Kalwara,", STREET="IT/ITeS Mahindra World City,", STREET="Sanganer,", L=Jaipur, S=Rajasthan, PostalCode=302037, C=IN

SSL certificate issuer:
CN=COMODO High-Assurance Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
Microsoft-IIS/7.5 (ASP.NET)

Compete.com:
US visitors:  88,304

Statistics are for the previous month.

Remove Malware from sr2.systweak.com - Powered by Reason Core Security