home

tools.safezone.cc

Private person  (Proxy Registrant)

Domain Information

The domain tools.safezone.cc is registered by proxy through REGTIME LTD. and was originally registered in January of 2011. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Kiev, Kyyiv within Ukraine which resides on the RIPE Network Coordination Centre network.
Registrar:
REGTIME LTD.

Server location:
Kyyiv, Ukraine (UA)

Create date:
Monday, January 31, 2011

Updated date:
Wednesday, October 29, 2014

ASN:
AS42331 FREEHOST PE Freehost,UA

Root domain:
safezone.cc

Whois:
3 safezone.cc records

Scanner detections:
Detections  (70% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.SafeZone.glax24safezonecc.Meta, PUP.SecurityCheck.glax24safezonecc.Meta, PUP.SafeZone.glax24safezonecc.Meta (M), PUP.SafeZone.glax24sa.Meta (M)
100.00%

Vba32 AntiVirus
Trojan-Downloader.Autoit.gen, Trojan.Autoit.F
71.43%

Trend Micro House Call
TROJ_GEN.F47V0322, Suspicious_GEN.F47V1229, Suspicious_GEN.F47V0415
42.86%

Qihoo 360 Security
Malware.QVM10.Gen, HEUR/Malware.QVM11.Gen, HEUR/QVM11.1.Malware.Gen
42.86%

AegisLab AV Signature
Troj.FakeAV.W32.Agent
14.29%

McAfee
Artemis!21773ACB5B0F
14.29%

Rising Antivirus
PE:Trojan.Win32.Sprejy.a!1075357081
14.29%

herdProtect (fuzzy)
a variant of 9ffd66bafe0ac545f5d46d45800551db810f2013
14.29%

The domain tools.safezone.cc has been seen to resolve to the following 4 IP addresses.

40.87.150.243
April 12, 2016

173.245.60.143
cf-173-245-60-143.cloudflare.com
December 6, 2014

173.245.61.143
cf-173-245-61-143.cloudflare.com
December 6, 2014

178.20.157.20
cf539791.freehost.com.ua
April 6, 2014

File downloads found at URLs served by tools.safezone.cc.

2 / 68      (PUP)
http://tools.safezone.cc/glax24/.../SecurityCheck.exe  (2ce2ca693e648cc451f979e89efe810b)

1 / 68      (PUP)
http://tools.safezone.cc/glax24/.../SecurityCheck.exe  (519b06a6f4cb77e8c6fc1d9d006fb1bf)

0 / 68
http://tools.safezone.cc/drongo/.../AutoLogger.zip  (7494586a869dc7b1630797646c54b7ad)

0 / 68
http://tools.safezone.cc/drongo/.../AutoLogger.zip  (55ff0d0e589e62614433abcdaca727e2)

0 / 68
http://tools.safezone.cc/drongo/.../AutoLogger.zip  (c5e831aad5271f38cf3aa02b12c48976)

2 / 68      (PUP)
http://tools.safezone.cc/glax24/.../SecurityCheck.exe  (afa67ca98888aac2d1b453afd5fb0347)

5 / 68      (PUP)
http://tools.safezone.cc/glax24/.../SecurityCheck.exe  (67e356ed298c3b22b283b6a0ca5af7cf)

4 / 68      (PUP)
http://tools.safezone.cc/glax24/.../SecurityCheck.exe  (21773acb5b0f5ec91434df59293b9a65)

4 / 68      (PUP)
http://tools.safezone.cc/glax24/.../SecurityCheck.exe  (41781ae2daef6f40bec311ef4ef5bdda)

4 / 68      (PUP)
http://tools.safezone.cc/glax24/.../SecurityCheck.exe  (4a2403bcefb0adf1c3cc1be829ba2e35)

URL:
http://tools.safezone.cc/

Web server:
nginx/1.8.1

superfilesdatay.asia

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.