www.baixarmidia.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain www.baixarmidia.com is registered by proxy through GODADDY.COM, LLC and was originally registered in January of 2016. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Montreal, Quebec within Canada which resides on the OVH Hosting, Inc. network.
Remove Malware from www.baixarmidia.com - Powered by Reason Core Security
Registrar:
GODADDY.COM, LLC

Server location:
Quebec, Canada (CA)

Create date:
Monday, January 04, 2016

Expires date:
Wednesday, January 04, 2017

Updated date:
Thursday, January 14, 2016

ASN:
AS16276 OVH OVH SAS,FR

Root domain:

Scanner detections:
Detections  (95% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.BRSOFTWARE.I, PUP.MidiaTechnologies.I, PUP.MidiaTechnologies.S, PUP.MidiaTechnologies.E, PUP.BRSOFTWARE.H, Threat.Win.Reputation.IMP, PUP.MidiaTechnologies.L, PUP.MidiaTechnologies.F, PUP.Midia Technologies.MidiaTechnologies.Bundler (M), PUP.BR Software.BRSOFTWARE (M)
85.71%

avast!
Win32:Downloader-RHC [Adw], Win32:Downloader-UHJ [PUP], Win32:Downloader-SCT [Adw], Win32:Adware-AON [PUP], Win32:Downloader-UDY [PUP]
57.14%

McAfee Web Gateway
Artemis!E20B24EC26D3, Artemis!CFAE1836C20E, Trojan-FASA!F2F1F210A23B, Artemis!AFC1E581A1EC, Artemis!5A007864B1EC, BehavesLike.Win32.Downloader.fc
57.14%

Fortinet FortiGate
Adware/PCMega.J, Adware/Fam.NB, Adware/DownloadWare
57.14%

Dr.Web
Adware.Downware.376, Trojan.DownLoader7.51517, Trojan.DownLoader7.49131, Trojan.WebPick.6306
57.14%

NANO AntiVirus
Riskware.Win32.Downware.vqyze, Riskware.Win32.Agent.cinaww, Trojan.Win32..bejuqj, Trojan.Win32.Agent.beoqkb, Riskware.Win32.Agent.czmlms
52.38%

Panda Antivirus
Trj/Ransom.AB, Trj/Downloader.VPT, Trj/Dtcontx.C, Trj/Agent.MIZ, Adware/Downloader, Generic Suspicious, Trj/Dtcontx.D
52.38%

Comodo Security
Application.Win32.PCMega.L, UnclassifiedMalware
52.38%

VIPRE Antivirus
Trojan.Win32.Generic, MSIL.Adware.PCMega, Threat.4150696
52.38%

McAfee
Artemis!E20B24EC26D3, Artemis!CFAE1836C20E, Trojan-FASA!F2F1F210A23B, Downloader-FMJ, Artemis!5A007864B1EC, Program.MultiPlug-FWZ
47.62%

Bitdefender
Trojan.Generic.8514411, Gen:Variant.Adware.PCMega.4, Trojan.Generic.8572200, Trojan.Generic.KDV.907577, Trojan.Generic.8543522
47.62%

ViRobot
Backdoor.Win32.A.ZAccess.394869[UPX]
47.62%

Sophos
Generic PUA NE, Generic PUA JF, Generic PUA OJ, PCMega, PUA 'MultiPlug' (of type Adware)
47.62%

Trend Micro House Call
TROJ_GEN.FCBCBK9, TROJ_GEN.F47V1127, TROJ_GEN.R0CBH01FG13, TROJ_SPNR.08CM13, ADW_PCMEGA
42.86%

G Data
Trojan.Generic.8514411, Gen:Variant.Adware.PCMega, Trojan.Generic.8572200, Trojan.Generic.KDV.907577, Trojan.Generic.8543522
42.86%

The domain www.baixarmidia.com has been seen to resolve to the following 6 IP addresses.

February 14, 2016

January 31, 2016

May 4, 2015

onlinemidia.com
August 10, 2014

June 20, 2014

web01.onlinemidia.com
December 23, 2013

File downloads found at URLs served by www.baixarmidia.com.

7 / 68      (PUP)
http://www.baixarmidia.com/ids/.../brasfoot2013.exe  (431084c3646cbf0fd99bddc2065a9f9a)

4 / 68      (inconclusive)

1 / 68      (Adware)

1 / 68      (Adware)
http://www.baixarmidia.com/ids/.../filme.exe  (d7a0ebffec38ec61065f402c4efa8f56)

1 / 68      (Adware)

1 / 68      (Adware)
http://www.baixarmidia.com/ids/.../cdcompleto.exe  (8cda96b95abb56d2dfe129026d01da8f)

1 / 68      (Adware)
http://www.baixarmidia.com/ids/id77/.../download.exe  (4fd99c165e15eee4f4426f969ca135f1)

13 / 68    (PUP)
http://www.baixarmidia.com/ids/id72/.../download.exe  (f83ac99418b68044d22015245f224421)

27 / 68    (PUP)
http://www.baixarmidia.com/ids/.../download.exe  (7634f246b48f75c2ee23f37abf77daa3)

42 / 68    (Adware)

27 / 68    (Adware)
http://www.baixarmidia.com/ids/id57/.../filme.exe  (22ad2cc6b51e3f4a5d9e29cd28ffdaed)

28 / 68    (Adware)

24 / 68    (PUP)

31 / 68    (PUP)
http://www.baixarmidia.com/ids/.../cd.exe  (afc1e581a1ec5acf98b08b8635bee8fb)

24 / 68    (Adware)
http://www.baixarmidia.com/ids/id51/.../arquivo.exe  (f2f1f210a23b28e3c7459e2d0ee33be8)

31 / 68    (Adware)
http://www.baixarmidia.com/ids/.../download.exe  (38f32fbde2cea9389e66599dd9a5f42f)

23 / 68    (Adware)
http://www.baixarmidia.com/ids/.../jogo.exe  (b598e3817b9e6d76f2610dbd89885a2c)

19 / 68    (Adware)

19 / 68    (Adware)
http://www.baixarmidia.com/ids/.../download.exe  (c5d7fb2f56b8e64fd692aeb23fe02262)

20 / 68    (Adware)
http://www.baixarmidia.com/ids/.../download.exe  (84fc9ed0b88a0a170d141234635bd2f2)

1 / 68      (Adware)
http://www.baixarmidia.com/ids/.../download.exe  (a92bf74b4658f0ce0b6c57c153b18a61)

The following file have been seen to comunicate with www.baixarmidia.com in live environments.

URL:
http://www.baixarmidia.com/

Title:
“Loading”

Web server:
nginx/1.8.0

Remove Malware from www.baixarmidia.com - Powered by Reason Core Security