www.bit89.com

Moniker Privacy Services BIT89.COM@monikerprivacy.net  (Proxy Registrant)

Domain Information

The domain www.bit89.com is registered by proxy through Moniker Online Services and was originally registered in May of 2010. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Reston, Virginia within the United States which resides on the Tiggee LLC network. The domain is part of a DNS service that utilizes a number of reverse proxy IP Addresses (see below).
Remove Malware from www.bit89.com - Powered by Reason Core Security
Registrar:
Moniker Online Services

Server location:
Virginia, United States (US)

Create date:
Sunday, May 30, 2010

Expires date:
Friday, May 30, 2014

Updated date:
Wednesday, September 11, 2013

ASN:
AS16552 TIGGEE - Tiggee LLC

Root domain:

Scanner detections:
Detections  (80% detected)

Scan engine
Details
Detections

ESET NOD32
Win32/InstallBrain (variant), Win32/Toolbar.Zugo, Win32/bProtector (variant)
80.00%

Reason Heuristics
PUP.Installer.Performersoft.R, PUP.Zugo.E, PUP.Installer.Performersoft.L, PUP.Bit89.L
80.00%

Fortinet FortiGate
Adware/InstallBrain, Riskware/Zugo, W32/BProtector.A, Adware/Bprotect
80.00%

Malwarebytes
Adware.InstallBrain, PUP.Zugo, PUP.Optional.PerformerSoft.A
60.00%

K7 AntiVirus
Unwanted-Program , Trojan
60.00%

Trend Micro House Call
TROJ_SPNR.14FD13, TROJ_GEN.RCBH2B7, TROJ_SPNV.03A114
60.00%

Sophos
InstallBrain, Mal/Generic-S, BProtector
60.00%

Comodo Security
ApplicUnwnt.Win32.AdWare.IBrain.B, UnclassifiedMalware
60.00%

VIPRE Antivirus
InstallBrain, Bprotector
60.00%

Avira AntiVirus
APPL/InstallBrain.Gen5, APPL/InstallBrain.JU, TR/BProtector.Gen
60.00%

Kingsoft AntiVirus
Win32.HeurC.KVM019.a.(kcloud), VIRUS_UNKNOWN, Win32.Troj.Undef.(kcloud)
60.00%

Boost by Reason
Adware.Bundler.InstallBrain.iBario, Trojan.Adw.Zugo.E, Adware.Installer.Performersoft.L
60.00%

Microsoft Security Essentials
TrojanDownloader:Win32/Brantall.E, TrojanDropper:Win32/Rotbrow.B, TrojanDropper:Win32/Rotbrow.A
60.00%

K7 Gateway Antivirus
Unwanted-Program , Trojan
60.00%

Bkav FE
W32.Clod86c.Trojan, W32.Clod053.Trojan, W32.Clod04d.Trojan
60.00%

The domain www.bit89.com has been seen to resolve to the following 6 IP addresses.

http-redirection-c1.dnsmadeeasy.com
April 11, 2014

http-redirection-b1.dnsmadeeasy.com
April 11, 2014

http-redirection-a1.dnsmadeeasy.com
April 11, 2014

http-redirection-d1.dnsmadeeasy.com
April 11, 2014

July 25, 2013

July 22, 2013

File downloads found at URLs served by www.bit89.com.

25 / 68    (Adware)
http://www.bit89.com/uninstaller.exe  (9a04fa3a72706559493a61a804806801)

9 / 68      (Adware)
http://www.bit89.com/download/.../ibdp.exe  (fa5a9e9af5f677b0fd675442439fa1e4)

32 / 68    (PUP)
http://www.bit89.com/download/.../PCperformer_Setup.exe  (c73979282f0b3e3b07475771e12f4ce6)

The following 2 files have been seen to comunicate with www.bit89.com in live environments.

URL:
http://www.bit89.com/

Title:
“MediaTechSoft - Home”

Web server:
AmazonS3

Remove Malware from www.bit89.com - Powered by Reason Core Security