www.anyprotect.com

AnyProtect

Domain Information

The domain www.anyprotect.com registered by ClickMeIn Limited was initially registered in September of 2012 through DOMAIN.COM, LLC. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Providence, Utah within the United States which resides on the Hosting Services, Inc. network. The domain is associated with the publisher AnyProtect who is located in Tel-Aviv, Israel.
Remove Malware from www.anyprotect.com - Powered by Reason Core Security
Registrar:
DOMAIN.COM, LLC

Server location:
Utah, United States (US)

Create date:
Monday, September 17, 2012

Expires date:
Saturday, September 17, 2016

Updated date:
Saturday, September 05, 2015

ASN:
AS36351 SOFTLAYER - SoftLayer Technologies Inc.

Root domain:

Scanner detections:
Detections  (94% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Optional.Task.K, PUP.Optional.AnyProtectbyCMI.K, Threat.Win.Reputation.IMP, PUP.Optional.AnyProtect.K, PUP.Installer.TrafficSpace, PUP.Installer.Bundler.Installer.Meta (M), PUP.installCore.ClickMeIn.Installer (M), Win32.Generic, PUP.Softpulse.DigitalPlugin.Bundler (M), PUP.Softpulse.DigitalPluginSl.Bundler (M), PUP.Softpulse.SmartSecuresoftware.Bundler (M), PUP.Air Software.AirSoftware.Bundler (M), PUP.Outbrowse.Bundler (M), PUP.Bundlore.Wishapp.Bundler (M)
93.88%

Sophos
AnyProtect, PUA 'AnyProtect', AirInstaller
30.61%

Baidu Antivirus
Adware.Win32.AnyProtect, Trojan.Win32.AnyProtect
10.20%

ESET NOD32
Win32/AnyProtect.H potentially unwanted application, Detection.Undefined, Win32/AirAdInstaller.A potentially unwanted application
8.16%

AVG
Generic_s, Generic_r, InstallCore
6.12%

avast!
Win32:Dropper-gen [Drp], Win32:Malware-gen, Win32:Adware-gen [Adw]
6.12%

F-Secure
Riskware.Gen:Variant.Application.Strictor, Win32.Ramnit.N
6.12%

Dr.Web
Adware.Downware.12031, Adware.Downware.11292, Trojan.SMSSend.4953
6.12%

Malwarebytes
PUP.Optional.AnyProtect.A, PUP.Optional.AirAdInstaller
6.12%

G Data
Gen:Variant.Application.Strictor.89411, Win32.Adware.Airadinstaller
6.12%

Trend Micro House Call
TROJ_GEN.F47V0319, Suspicious_GEN.F47V1028
4.08%

K7 Gateway Antivirus
Unwanted-File , Unwanted-Program
4.08%

Emsisoft Anti-Malware
Gen:Variant.Application.Strictor.89411
4.08%

Lavasoft Ad-Aware
Gen:Variant.Application.Strictor.89411
4.08%

Norman
Gen:Variant.Application.Strictor.89411
4.08%

The domain www.anyprotect.com has been seen to resolve to the following 11 IP addresses.

dl2.clickmein.com
April 15, 2015

dl5.clickmein.com
April 15, 2015

dl4.clickmein.com
April 15, 2015

May 13, 2014

May 13, 2014

199.189.107.165.static.midphase.com
January 17, 2014

198.105.215.132.static.midphase.com
January 17, 2014

174.127.80.220.static.midphase.com
January 17, 2014

69-4-239-168.upx.net.br
January 17, 2014

tile1.ticedorans.com
January 17, 2014

anyprotect.com
January 17, 2014

File downloads found at URLs served by www.anyprotect.com.

2 / 68      (PUP)
http://www.anyprotect.com/ui/.../AnyProtect.exe  (efe3316382fd53ec6d9ea9466ecf5deb)

 
Latest 30 of 516 download URLs

The following 13 files have been seen to comunicate with www.anyprotect.com in live environments.

URL:
http://www.anyprotect.com/

Google Analytics:
UA-35255210

Title:
“Online Backup, Secure & Unlimited for Home Business | AnyProtect”

SSL certificate subject:
CN=*.anyprotect.com, OU=Domain Control Validated

SSL certificate issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc."

Web server:
nginx

Facebook:
Likes:  127
Shares:  28
Comments:  89

Statistics are for the previous month.

Remove Malware from www.anyprotect.com - Powered by Reason Core Security