home

ttb.grabsofts.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
grabsofts.com

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.VolvanPremiumSL.L, PUP.SmartSecureSoftwareSl.G, PUP.SmartSecureSoftwareSl.M, PUP.Softpulse, PUP.Softpulse.VolvanPr.Bundler (M), PUP.Softpulse.SmartSec.Bundler (M)
100.00%

Dr.Web
Adware.SoftPules.3, Trojan.Domaiq.33, Trojan.DownLoader11.60009, Trojan.Domaiq.115
66.67%

Lavasoft Ad-Aware
Application.Bundler.SoftPulse.L, Gen:Variant.Symmi.49537, Application.Bundler.DomaIQ.V, Gen:Variant.Adware.Mikey.2334
66.67%

ESET NOD32
Win32/SoftPulse.S potentially unwanted application, Win32/SoftPulse.W potentially unwanted application
66.67%

Emsisoft Anti-Malware
Application.Bundler.SoftPulse.L, Gen:Variant.Symmi.49537, Application.Bundler.DomaIQ.V, Gen:Variant.Adware.Mikey.2334
66.67%

F-Secure
Riskware.Application.Bundler.SoftPulse, Gen:Variant.Symmi.49537, Riskware.Application.Bundler.DomaIQ, Gen:Variant.Adware.Mikey.2334
66.67%

VIPRE Antivirus
Threat.5064683, Threat.4783235, Trojan.Win32.Generic, Threat.4150696
66.67%

McAfee
Program.SoftPulse
66.67%

MicroWorld eScan
Application.Bundler.SoftPulse.L, Gen:Variant.Symmi.49537, Application.Bundler.DomaIQ.V, Gen:Variant.Adware.Mikey.2334
66.67%

Malwarebytes
PUP.Optional.DomaIQ, PUP.Optional.SoftPulse
66.67%

Bitdefender
Application.Bundler.SoftPulse.L, Gen:Variant.Symmi.49537, Application.Bundler.DomaIQ.V, Gen:Variant.Adware.Mikey.2334
66.67%

Agnitum Outpost
PUA.Downloader, Packed/PECompact, Trojan.Agent
66.67%

Comodo Security
Application.Win32.SoftPulse.D
66.67%

Avira AntiVirus
APPL/Softpulse.oang, APPL/Softpulse.oanf, APPL/Softpulse.rtfa
66.67%

G Data
Application.Bundler.SoftPulse, Gen:Variant.Symmi.49537, Application.Bundler.DomaIQ, Gen:Variant.Adware.Mikey.2334
66.67%

The domain ttb.grabsofts.com has been seen to resolve to the following 4 IP addresses.

54.149.159.30
ec2-54-149-159-30.us-west-2.compute.amazonaws.com
May 21, 2016

52.10.156.255
ec2-52-10-156-255.us-west-2.compute.amazonaws.com
May 21, 2016

50.112.177.75
ec2-50-112-177-75.us-west-2.compute.amazonaws.com
January 12, 2015

54.201.201.245
ec2-54-201-201-245.us-west-2.compute.amazonaws.com
January 12, 2015

File downloads found at URLs served by ttb.grabsofts.com.

1 / 68      (Adware)
http://ttb.grabsofts.com/download/request/google-chrome/MO9DGQbU?__tc=1419594978.011&keyword=Google-Chrome_google.com/.../&fileName=google-chrome  (google chrome.exe)

1 / 68      (Adware)
http://ttb.grabsofts.com/download/request/.../MO9DGQbU?__tc=1418477549.495&keyword=FR_openoffice_openoffice&fileName=openoffice  (openoffice.exe)

26 / 68    (Adware)
http://ttb.grabsofts.com/download/request/google-chrome/.../chrome&fileName=google-chrome  (google chrome.exe)

26 / 68    (Adware)
http://ttb.grabsofts.com/download/request/.../MO9DGQbU?__tc=1420052166.739&keyword=MalwareBytes_malwarebytes&fileName=malwarebytes  (malwarebytes.exe)

22 / 68    (Adware)
http://ttb.grabsofts.com/download/request/.../MO9DGQbU?__tc=1419393962.479&keyword=UK_WinZip_winzip&fileName=winzip  (winzip.exe)

28 / 68    (Adware)
http://ttb.grabsofts.com/download/request/.../MO9DGQbU?__tc=1418378465.619&keyword=UK_TomTom-Home_tomtom&fileName=tomtom-home  (tomtom home.exe)

The following 2 files have been seen to comunicate with ttb.grabsofts.com in live environments.

TCP » 54.149.159.30:80
HostSecure.exe (ExtFirefox by Microsoft)

TCP » 52.10.156.255:80
HostSecure.exe (ExtFirefox by Microsoft)

TCP » 54.149.159.30:80
browser.exe (speed browser by Smart Applications)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.