home

www.ftparaby.com

Miro Shona

Domain Information

The domain www.ftparaby.com registered by Miro Shona was initially registered in June of 2008 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Nuremberg, Bayern within Germany which resides on the RIPE Network Coordination Centre network.
Registrar:
GODADDY.COM, LLC

Server location:
Bayern, Germany (DE)

Create date:
Wednesday, June 25, 2008

Expires date:
Saturday, June 25, 2016

Updated date:
Tuesday, May 5, 2015

ASN:
AS24940 HETZNER-AS Hetzner Online GmbH, DE

Root domain:
ftparaby.com

Whois:
2 ftparaby.com records

Scanner detections:
Detections  (75% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.VOLARO.Installer (M)
75.00%

Microsoft Security Essentials
Worm:Win32/NeksMiner.A
25.00%

F-Secure
Application:W32/Generic.70053c248f!Online
25.00%

The domain www.ftparaby.com has been seen to resolve to the following 2 IP addresses.

213.239.220.70
static.213-239-220-70.clients.your-server.de
April 10, 2016

77.77.150.92
reverse-77-77-150-92.icnhost.net
April 11, 2014

File downloads found at URLs served by www.ftparaby.com.

1 / 68      (Adware)
http://www.ftparaby.com/.../download.php?wti=106&src=106&sta=000117ae04a74747d4175add2ae2c4caabbf1  (setup.exe)

1 / 68      (Adware)
http://www.ftparaby.com/.../download.php?wti=101&src=101&sta=00011111aff29214d4e18b2800c87071c5314  (setup.exe)

1 / 68      (Adware)
http://www.ftparaby.com/.../download.php?wti=101&src=101&sta=00009c1051c1ea6bc4105a638b938eed1d479  (setup.exe)

2 / 68      (false positives)
http://www.ftparaby.com/.../download.php?wti=101&src=101&sta=00011f58c66f71f7d4750b375a29086354523  (wrar420.exe)

2 / 68      (false positives)
http://www.ftparaby.com/.../download.php?wti=101&src=101&sta=00011926d99032685462e9e8b4e4b5b7245cb  (wrar420.exe)

2 / 68      (false positives)
http://www.ftparaby.com/.../download.php?wti=101&src=101&sta=000117948ba453ddd49b6ba3459f8f66c6af7  (wrar420.exe)

2 / 68      (false positives)
http://www.ftparaby.com/.../download.php?wti=101&src=101&sta=00009310676b617574dbdbf151cb64683d1bf  (wrar420.exe)

The following 12 files have been seen to comunicate with www.ftparaby.com in live environments.

TCP » 213.239.220.70:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 213.239.220.70:80
autochr.exe

TCP » 213.239.220.70:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 213.239.220.70:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 213.239.220.70:80
Updater.exe (Volaro Updater by Volaro)

TCP » 213.239.220.70:80
browserair.exe (BrowserAir by Goobzo)

TCP » 213.239.220.70:80
bigapp.exe (7-Zip by Igor Pavlov)

TCP » 213.239.220.70:80
Updater.exe (Volaro Updater by Volaro)

TCP » 213.239.220.70:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 213.239.220.70:80
Updater.exe (NoVooIT Updater by NoVooIT)

TCP » 213.239.220.70:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 213.239.220.70:80
gup.exe (Updater by DreamLair)

URL:
http://www.ftparaby.com/

Web server:
nginx/1.1.19 (PHP/5.3.10-1ubuntu3.14)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.