www.safecanadapro.info

North East Technology

Domain Information

This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in San Francisco, California within the United States which resides on the CloudFlare, Inc. network. The domain uses the CloudFlare CDN, a distributed domain name server service which utilizes a number of reverse proxy IP Addresses (see below).
Registrar:
Dynadot, LLC (R259-LRMS)

Server location:
California, United States (US)

ASN:
AS13335 CLOUDFLARENET - CloudFlare, Inc.

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Adware.WebPick.Installer.U, PUP.Optional.Installer.T, PUP.Optional.Installer.U, Adware.WebPick.Installer.c, Adware.WebPick.Installer.d, Adware.WebPick.Installer.BB, Adware.WebPick.Installer (M), Adware (M)
100.00%

McAfee
PUP-FHQ!D6AAD1C6E22F
28.57%

Malwarebytes
PUP.Optional.InstalleRex, PUP.Optional.Installex, PUP.Optional.Installrex
28.57%

K7 Gateway Antivirus
Unwanted-File , Unwanted-Program
28.57%

Kaspersky
Trojan.Win32.AntiFW
28.57%

Comodo Security
Application.Win32.InstalleRex.KG
28.57%

McAfee Web Gateway
Heuristic.LooksLike.Win32.Suspicious.B, PUP-FHQ, BehavesLike.Win32.Downloader.fc
28.57%

Sophos
InstallRex
28.57%

Kingsoft AntiVirus
Win32.Troj.AntiFW.b.(kcloud), Win32.Troj.DownAdLoad.g.(kcloud), Win32.Troj.Undef.(kcloud)
28.57%

G Data
Gen:Variant.Kazy.348128, Trojan.Generic.11210459, Win32.Application.InstalleRex, Gen:Variant.Application.Strictor.55164
28.57%

AhnLab V3 Security
PUP/Win32.TSULoader
28.57%

Vba32 AntiVirus
Downloader.AdLoad, Downware.TSU
28.57%

MicroWorld eScan
Gen:Variant.Kazy.348128, Trojan.Generic.11210459, Gen:Variant.Application.Strictor.55164
21.43%

Bitdefender
Gen:Variant.Kazy.348128, Trojan.Generic.11210459, Gen:Variant.Application.Strictor.55164
21.43%

Lavasoft Ad-Aware
Gen:Variant.Kazy.348128, Trojan.Generic.11210459, Gen:Variant.Application.Strictor.55164
21.43%

The domain www.safecanadapro.info has been seen to resolve to the following 3 IP addresses.

September 5, 2014

(CloudFlare)
February 27, 2014

(CloudFlare)
February 27, 2014

File downloads found at URLs served by www.safecanadapro.info.

The following 2 files have been seen to comunicate with www.safecanadapro.info in live environments.

URL:
http://www.safecanadapro.info/

Web server:
nginx/1.7.5