home

up.br.bav.baidu.com

Beijing Baidu Netcom Science Technology Co., Ltd.

Domain Information

The domain up.br.bav.baidu.com registered by Beijing Baidu Netcom Science Technology Co., Ltd. was initially registered in October of 1999 through MARKMONITOR INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Los Angeles, California within the United States which resides on the Beyond The Network America, Inc. network.
Registrar:
MARKMONITOR INC.

Server location:
California, United States (US)

Create date:
Monday, October 11, 1999

Expires date:
Wednesday, October 11, 2017

Updated date:
Thursday, September 10, 2015

ASN:
AS3491 BTN-ASN - Beyond The Network America, Inc.,US

Root domain:
baidu.com

Whois:
2 baidu.com records

Scanner detections:
Detections  (54% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Ammyy.F, PUP.Installer.BonjoySoftware.O, PUP.OpenCandy.Installer (L), PUP.Atube.Optional.Installer.Meta (M), PUP.Solimba.DelimaxC (M), PUP.Sien.SIENSA.Installer (M), PUP.Freemake.Bundle.Installer.Meta (L), PUP.Bandoo.BandooMe.Installer (M), Adware.Bundler.YeYizhou.Installer.Meta (M), PUP.Solimba.Vetaform (M), PUP.Outbrowse.runappsf.Bundler (M), PUP.Sien.SIENSA.Bundler (M), PUP.Midia Technologies.MIDIATEC.Bundler (M), PUP.BR Software.GENCOLAB.Installer (M), PUP.Sien (M)
80.00%

Dr.Web
Trojan.OutBrowse.92, Adware.OpenCandy.137, Adware.Toolbar.665, Adware.Toolbar.276, c:\users\test\appdata\local\temp\3015a6656393586e011358262f78dcb13d97349c c:\users\test\appdata\loca
23.33%

ESET NOD32
Win32/RemoteAdmin.Ammyy (variant), Win32/OpenCandy (variant), Win32/OutBrowse.BT potentially unwanted, Win32/OpenCandy.C potentially unsafe (variant)
20.00%

Baidu Antivirus
Hacktool.Win32.Ammyy, Adware.Win32.OpenCandy, PUA.Win32.OutBrowse
16.67%

McAfee
Artemis!2CBF5657FFD8, Artemis!FD2F7DD0058B, Artemis!B3CA238F0A6E, Artemis!857FB8F2E2E5
13.33%

VIPRE Antivirus
Opencandy, Trojan.Win32.Generic
13.33%

G Data
Win32.Application.OpenCandy, Win64.Application.Agent.QX43TM
13.33%

Trend Micro House Call
Suspicious_GEN.F47V0104, Suspici.5DB26E85, Suspicious_GEN.F47V0610
10.00%

ESET NOD32
Detection.Undefined, Win32/OpenCandy.C potentially unsafe application, Win32/OpenCandy.A potentially unsafe application
10.00%

Agnitum Outpost
PUA.OutBrowse, Riskware.Agent
10.00%

Kaspersky
not-a-virus:RemoteAdmin.Win32.Ammyy, not-a-virus:NetTool.Win64.NetFilter
6.67%

NANO AntiVirus
Trojan.Nsis.OutBrowse.dnosmc, Riskware.Win32.OpenCandy.dzfvgw
6.67%

Avira AntiVirus
APPL/Outbrowse.Gen, PUA/OpenCandy.Gen
6.67%

Fortinet FortiGate
Riskware/OutBrowse, Riskware/OpenCandy
6.67%

AhnLab V3 Security
Unwanted/Win32.RemoteAdmin
3.33%

The domain up.br.bav.baidu.com has been seen to resolve to the following 3 IP addresses.

200.229.203.81
July 2, 2016

103.235.46.12
October 13, 2015

63.217.158.78
63-217-158-78.static.pccwglobal.net
May 3, 2015

File downloads found at URLs served by up.br.bav.baidu.com.

1 / 68      (PUP)
http://up.br.bav.baidu.com/?rh=634CB33A2E73011FA2E853C0C51E0716&baidusign=26170333&baidurand=14208  (1stbrowser.exe)

0 / 68
http://up.br.bav.baidu.com/?rh=CD4B35D29B7DC38360AE554808202F57&baidusign=23854654&baidurand=11513  (realtek 64bit_win7_win8_win81_win10_r279.exe)

10 / 68    (false positives)
http://up.br.bav.baidu.com/?rh=3D3DFC9173AEF128A78A037C8268A087&baidusign=21849323&baidurand=20342  (freemakeaudioconvertersetup.exe)

0 / 68
http://up.br.bav.baidu.com/?rh=C4DE09E99656C0F59F61F28308BCDD9A&baidusign=22116337&baidurand=21609  (freemakevideoconvertersetup.exe)

1 / 68      (inconclusive)
http://up.br.bav.baidu.com/?rh=4F3FD157E9939D5188E0C879AEB47CDF&baidusign=22751517&baidurand=11175  (showmypc3161.exe)

1 / 68      (PUP)
http://up.br.bav.baidu.com/?rh=2D5A3172646E4B479805F1AAFCB112BE&baidusign=26170333&baidurand=15901  (1stbrowser.exe)

1 / 68      (PUP)
http://up.br.bav.baidu.com/?rh=0EB31F8667DEE15505A131A0A565C022&baidusign=26170333&baidurand=4952  (1stbrowser.exe)

1 / 68      (PUP)
http://up.br.bav.baidu.com/?rh=AFDE8B1B1FBC9B830A443A1923182524&baidusign=26170333&baidurand=20051  (1stbrowser.exe)

1 / 68      (Adware)
http://up.br.bav.baidu.com/?rh=90CB7EF9C8D493AA41291429113729F6&baidusign=12826027&baidurand=13360  (filme.exebaidusign=12826027baidurand=13360)

1 / 68      (Adware)
http://up.br.bav.baidu.com/?rh=759C2F19009DAB6EFD3F3718D0C21536&baidusign=12233657&baidurand=29249  (iniciar-filme.exebaidusign=12233657baidurand=29249)

1 / 68      (Adware)
http://up.br.bav.baidu.com/?rh=759C2F19009DAB6EFD3F3718D0C21536&baidusign=12233657&baidurand=2513  (iniciar-filme.exebaidusign=12233657baidurand=2513)

1 / 68      (inconclusive)
http://up.br.bav.baidu.com/?rh=C4DE09E99656C0F59F61F28308BCDD9A&baidusign=22116337&baidurand=2551  (freemakevideoconvertersetup.exe)

1 / 68      (PUP)
http://up.br.bav.baidu.com/?rh=C63D4C4B7CA896365F63D1C0FC317EB1&baidusign=26015814&baidurand=10686  (videoconverter_setup.exe)

0 / 68
http://up.br.bav.baidu.com/?rh=AFC2E311CB39C9B50D8547267EF92E0D&baidusign=28541096&baidurand=31751  (fast-video-converter-3.8.0.4.exe)

0 / 68
http://up.br.bav.baidu.com/?rh=C4DE09E99656C0F59F61F28308BCDD9A&baidusign=22116337&baidurand=2631  (videoconverter.exe)

1 / 68      (PUP)
http://up.br.bav.baidu.com/?rh=E9C1A740F40643F50D06FDC4AB94F4B2&baidusign=21835833&baidurand=5447  (freemakevideodownloadersetup.exe)

0 / 68
http://up.br.bav.baidu.com/?rh=C18AF31F31AC1E5CD2E233FF0C213CF3&baidusign=23348197&baidurand=7141  (produkey_setup.exe)

0 / 68
http://up.br.bav.baidu.com/?rh=C4DE09E99656C0F59F61F28308BCDD9A&baidusign=22116337&baidurand=17533  (freemakevideoconvertersetup.exe)

0 / 68
http://up.br.bav.baidu.com/?rh=052308E65703D7F6420EE29A559FACD4&baidusign=21274456&baidurand=6843  (adwcleaner_5.110.exe)

1 / 68      (PUP)
http://up.br.bav.baidu.com/?rh=42ACCFA8FC6AE56EF7177A4696DD10D8&baidusign=26170333&baidurand=27843  (1stbrowser.exe)

1 / 68      (PUP)
http://up.br.bav.baidu.com/?rh=E9C1A740F40643F50D06FDC4AB94F4B2&baidusign=21835833&baidurand=5236  (freemakevideodownloadersetup.exe)

6 / 68      (Adware)
http://up.br.bav.baidu.com/?rh=5C2C6A3EB78470010B5C276C69187DFD&baidusign=15385872&baidurand=30998  (aa_v3.exe)

1 / 68      (Adware)
http://up.br.bav.baidu.com/?rh=82ACA928BD12C1829275350EA3C170CE&baidusign=19870722&baidurand=10684  (setup.exe)

1 / 68      (Adware)
http://up.br.bav.baidu.com/?rh=0DFC9677D9CB5CEA71137A4396A6F252&baidusign=19864136&baidurand=3580  (ares galaxy.exe)

0 / 68
http://up.br.bav.baidu.com/?rh=2266224F87126D8B836ADBD940DED5EA&baidusign=16210575&baidurand=23010  (cool-android-sms-contacts-recovery.exe)

0 / 68
http://up.br.bav.baidu.com/?rh=304AA038FD5B4CED7B969132D29C021C&baidusign=23294803&baidurand=6015  (vlc-2.2.1-win32.exe)

1 / 68      (PUP)
http://up.br.bav.baidu.com/?rh=E9C1A740F40643F50D06FDC4AB94F4B2&baidusign=21835833&baidurand=30031  (freemakevideodownloadersetup.exe)

0 / 68
http://up.br.bav.baidu.com/?rh=CD4B35D29B7DC38360AE554808202F57&baidusign=23854654&baidurand=30036  (realtek 64bit_win7_win8_win81_win10_r279.exe)

0 / 68
http://up.br.bav.baidu.com/?rh=C4DE09E99656C0F59F61F28308BCDD9A&baidusign=22116337&baidurand=627  (freemakevideoconvertersetup.exe)

1 / 68      (inconclusive)
http://up.br.bav.baidu.com/?rh=E440BD43B83760182DC10908B5864834&baidusign=22145100&baidurand=10922  (local1file.exe)

 
Latest 30 of 113 download URLs

URL:
http://up.br.bav.baidu.com/

Web server:
Apache

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.