» www.default-page.com
Overview
Analysis
IPs Addresses (2)
Downloads (464)
Network (15)
Website Detail
Related Domains (37)

www.default-page.com

wenjie chen

Domain Information

The domain www.default-page.com registered by wenjie chen was initially registered in May of 2016 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Beaumaris, Victoria within Australia which resides on the Asia Pacific Network Information Centre network.

Registrant:

wenjie chen

Registrar:

STRAIGHT 8 DOMAINS, LLC

Server location:

Victoria, Australia (AU)

Create date:

Saturday, May 7, 2016

Expires date:

Sunday, May 7, 2017

Updated date:

Sunday, May 8, 2016

ASN:

AS133618 TRELLIAN-AS-AP Trellian Pty. Limited, AU

Root domain:

default-page.com

Whois:

4 default-page.com records

Scanner detections:

Detections (75% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.Task.Mindadmedia.E, PUP.Installer.OutBrowse.F, PUP.Installer.Mindadmedia.F, PUP.Optional.Installer.F, PUP.Injekt.Installer, PUP.Solimba.Bechiro.Bundler (M), PUP.Air Software.AirSoftw.Bundler (M), PUP.Adknowledge.BuildInp.Bundler (M), Win32.Generic, PUP.Adknowledge.FusionIn.Bundler (M), PUP.InstallCore.AC.Installer (M), PUP.Softpulse.DigitalP.Bundler (M)

93.33%

Dr.Web

Adware.Downware.1676, Adware.Downware.1336, Program.Unwanted.79, Adware.Downware.1514

33.33%

ESET NOD32

Win32/OutBrowse (variant), Win32/ExFriendAlert (variant)

33.33%

McAfee

Artemis!AB02A4C594A4, Artemis!5BB01D73A88C, Artemis!FA9EB15DF83F, Artemis!99FB9BE8A5DA

26.67%

Malwarebytes

PUP.Optional.Smart, PUP.Optional.OutBrowse

26.67%

Trend Micro House Call

TROJ_GEN.F47V1211, TROJ_GEN.F47V1007, TROJ_GEN.F47V1013, TROJ_GEN.F47V1009

26.67%

VIPRE Antivirus

OutBrowse, SearchDonkey

26.67%

AVG

MalSign.Generic, Skodna.Downloader, LionSea Software co.

26.67%

K7 AntiVirus

Unwanted-Program

20.00%

Sophos

DomainIQ pay-per install, OutBrowse Revenyou

20.00%

Bkav FE

W32.Clod4f4.Trojan, W32.Clod8ba.Trojan, W32.Clod038.Trojan

20.00%

Vba32 AntiVirus

Downloader.OutBrowse, suspected of Trojan.Downloader.gen.h

13.33%

Agnitum Outpost

PUA.OutBrowse

13.33%

Fortinet FortiGate

Riskware/MultiPlug, Riskware/OutBrowse

13.33%

IKARUS anti.virus

not-a-virus:Downloader.NSIS

6.67%

The domain www.default-page.com has been seen to resolve to the following 2 IP addresses.

103.224.182.207

lb-182-207.above.com

May 15, 2016

50.19.236.133

ec2-50-19-236-133.compute-1.amazonaws.com

January 4, 2014

File downloads found at URLs served by www.default-page.com.

12 / 68 (Adware)

http://www.default-page.com/musicremote?d1=1&clickid=292--339--1381090192.2686 (setup.exe)

12 / 68 (Adware)

http://www.default-page.com/musicremote?d1=1&clickid=709--464--1383415336.2629--31c7d04606 (setup.exe)

1 / 68 (Adware)

http://www.default-page.com/musicremote?d1=1&clickid=224--486--1384816082.1316 (setup.exe)

12 / 68 (Adware)

http://www.default-page.com/musicremote?d1=1&clickid=184--428--1380729630.1643 (setup.exe)

1 / 68 (Adware)

http://www.default-page.com/musicremote?d1=1&clickid=232--412--1382648775.6821--4558e78e1a (setup.exe)

12 / 68 (Adware)

http://www.default-page.com/musicremote?d1=1&clickid=218--391--1381240004.0386 (setup.exe)

12 / 68 (Adware)

http://www.default-page.com/musicremote?d1=1&clickid=218--391--1381105419.8869 (setup.exe)

8 / 68 (Adware)

http://www.default-page.com/musicremote?d1=1&clickid=184--391--1381278324.4296 (setup.exe)

1 / 68 (PUP)

http://www.default-page.com/musicremote?d1=1&clickid=184--459--1383219377.543--f738de4d7c (setup.exe)

1 / 68 (Adware)

http://www.default-page.com/musicremote?d1=1&clickid=232--553--1381449489.5385 (setup.exe)

12 / 68 (Adware)

http://www.default-page.com/musicremote?d1=1&clickid=232--377--1386554794.564--723faa7591 (setup.exe)

12 / 68 (Adware)

http://www.default-page.com/musicremote?d1=1&clickid=232--943--1384984470.8852--22bde29fbc (setup.exe)

12 / 68 (Adware)

http://www.default-page.com/musicremote?d1=1&clickid=218--428--1382923972.5906--bcbd603c66 (setup.exe)

12 / 68 (Adware)

http://www.default-page.com/musicremote?d1=1&clickid=218--1118--1385390476.2751--2d17b64489 (setup.exe)

1 / 68 (PUP)

http://www.default-page.com/musicremote?d1=1&clickid=218--412--1382371323.3195--e2ebebc24e (setup.exe)

1 / 68 (Adware)

http://www.default-page.com/musicremote?d1=1&clickid=232--383--1380760243.5328 (setup.exe)

12 / 68 (Adware)

http://www.default-page.com/musicremote?d1=1&clickid=292--458--1381053540.3806 (setup.exe)

12 / 68 (Adware)

http://www.default-page.com/musicremote?d1=1&clickid=218--391--1380646575.8627 (setup.exe)

12 / 68 (Adware)

http://www.default-page.com/musicremote?d1=1&clickid=218--1118--1385099176.434--405a53fada (setup.exe)

12 / 68 (Adware)

http://www.default-page.com/musicremote?d1=1&clickid=184--436--1380340192.7847 (setup.exe)

12 / 68 (Adware)

http://www.default-page.com/musicremote?d1=1&clickid=224--391--1384836391.3063 (setup.exe)

0 / 68

http://www.default-page.com/musicremote?d1=1&clickid=218--412--1382974299.9916--6fd3155b89 (setup.exe)

1 / 68 (Adware)

http://www.default-page.com/musicremote?d1=1&clickid=218--412--1383267813.0025--c10cffbe42 (setup.exe)

0 / 68

http://www.default-page.com/musicremote?d1=1&clickid=218--937--1382905893.4888--bb4af29124 (setup.exe)

0 / 68

http://www.default-page.com/musicremote?d1=1&clickid=232--412--1382311275.7195--c97b33a6e0 (setup.exe)

12 / 68 (Adware)

http://www.default-page.com/musicremote?d1=1&clickid=184--341--1382574480.9176--4ebff4471f (setup.exe)

3 / 68 (PUP)

http://www.default-page.com/musicremote?d1=1&clickid=232--412--1382416369.3976--758f53b22f (setup.exe)

12 / 68 (Adware)

http://www.default-page.com/musicremote?d1=1&clickid=232--1014--1384988096.5429--0790f82333 (setup.exe)

14 / 68 (Adware)

http://www.default-page.com/majava?clickid=1497--1225--1390965533.5656--8caa4266a4&distid=3517 (java.exe)

12 / 68 (Adware)

http://www.default-page.com/musicremote?d1=1&clickid=232--1139--1385836131.9136--a0a93aa00c (setup.exe)

Latest 30 of 464 download URLs

The following 15 files have been seen to comunicate with www.default-page.com in live environments.

TCP » 103.224.182.207:80

googleupd.exe (Google Update by Google)

TCP » 103.224.182.207:80

pooface.exe (Ja)

TCP » 103.224.182.207:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 103.224.182.207:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 103.224.182.207:80

fuzezipsetup.exe (Fuze Zip by Koyote Soft)

TCP » 103.224.182.207:80

CureTraffic.exe (CureTraffic by Vitbian telecom S.L)

TCP » 103.224.182.207:80

emuletorrent.exe

TCP » 103.224.182.207:80

googleupd.exe (Google Update by Google)

TCP » 103.224.182.207:443

winsec.exe (winsec.exe by Security Verifier)

TCP » 103.224.182.207:80

BruteforceSaveData.exe (Bruteforce Save Data by 2014 by Aldo Vargas - http://www.aldostools.org)

TCP » 103.224.182.207:80

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 103.224.182.207:80

online-guardian.exe

TCP » 103.224.182.207:80

winsec.exe (winsec.exe by Security Verifier)

TCP » 103.224.182.207:80

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 103.224.182.207:80

googleupd.exe (Google Update by Google)

TCP » 103.224.182.207:80

cshpfaba.exe

URL:

http://www.default-page.com/

Title:

“default-page.com”

Web server:

Apache (PHP/5.4.45-0+deb7u2)

Related Domains

freedownloadshare.com

styleapplicationzillion.com

toolboox.com

ultimate-torrents.com

downloaddesktop3.info

file14desktop.com

file15desktop.com

30 of 37 related domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.