home

www.safefiles.com

MP3 Rocket Inc

Domain Information

The domain www.safefiles.com registered by MP3 Rocket Inc was initially registered in June of 2004 through Network Solutions, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Montreal, Quebec within Canada which resides on the iWeb Technologies Inc. network.
Registrar:
Network Solutions, LLC

Server location:
Quebec, Canada (CA)

Create date:
Wednesday, June 23, 2004

Expires date:
Wednesday, June 23, 2021

Updated date:
Wednesday, April 16, 2014

ASN:
AS32613 IWEB-AS - iWeb Technologies Inc.,CA

Root domain:
safefiles.com

Whois:
3 safefiles.com records

Scanner detections:
Detections  (98% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.MP3Support.K, PUP.MP3Support.L, Adware.MP3Support.N, PUP.MP3Support.Q, PUP.MP3Support.J, PUP.MP3Support.N, PUP.Installer.MP3Support.N, PUP.Optional.Installer.SCCE, PUP.MP3Support.Installer (M), PUP.installCore.MP3TechSupport.Installer (M), PUP.installCore.MP3TechS.Installer (M), PUP.OpenCandy.SCCE.Installer.Meta (M)
98.00%

ESET NOD32
Win32/OpenCandy, Win32/InstallCore.JE.gen (variant), Win32/Bundled.Toolbar.Ask (variant), Win32/OpenCandy (variant), Win32/InstallCore.PO (variant), Win32/OpenCandy.A potentially unsafe (variant)
64.00%

Trend Micro House Call
TROJ_GEN.F47V1114, TROJ_GEN.F47V0828, TROJ_GEN.F47V0123, TROJ_GEN.F47V0208, Suspicious_GEN.F47V0714, Suspicious_GEN.F47V0731
34.00%

Baidu Antivirus
Adware.Win32.OpenCandy, Adware.Win32.InstallCore
32.00%

K7 AntiVirus
Unwanted-Program
28.00%

McAfee
Artemis!3BEFAC0D397B, Artemis!E2CAC0C06901, Artemis!54AF8CE7CE54, Artemis!7189732064BB, Artemis!ACC7CAA5F5E5, Artemis!A1462ABB9F46, Artemis!B124DE6B6AD1, Artemis!E4CF69217FFB, Artemis!26F4F093AD68
26.00%

Rising Antivirus
PE:PUF.OpenCandy!1.9DE5, PE:Malware.XPACK/RDM!5.1, PE:Malware.XPACK-LNR/Heur!1.5594, PE:Malware.Gamevance!6.5B4, PE:Malware.RDM.37!5.2B[F1]
20.00%

Avira AntiVirus
Adware/InstallCore.A.433, ADWARE/InstallCore.Gen9, ADWARE/InstallCore.Gen7, PUA/OpenCandy.Gen
20.00%

Fortinet FortiGate
Riskware/OpenCandy, Riskware/InstallCore
18.00%

Qihoo 360 Security
HEUR/Malware.QVM20.Gen, Win32/Virus.Adware.f22, Win32/Trojan.8c6, Win32/Virus.Adware.94c, HEUR/QVM41.2.Malware.Gen
18.00%

Sophos
Generic PUA KD, Generic PUA HN, Generic PUA NJ, Generic PUA HF, Generic PUA LH, Generic PUA JB
18.00%

Dr.Web
Trojan.Packed.25266, Adware.OpenCandy.4, Adware.Downware.1417, Adware.OpenCandy.139, Adware.OpenCandy.154, Adware.OpenCandy.171
16.00%

Malwarebytes
PUP.Optional.Spigot.A, PUP.Optional.OpenCandy, PUP.Optional.InstallCore, PUP.Optional.Mp3Rocket
14.00%

VIPRE Antivirus
Opencandy, Trojan.Win32.Generic
14.00%

Bkav FE
W32.Clod284.Trojan, W32.HfsAdware
14.00%

The domain www.safefiles.com has been seen to resolve to the following 2 IP addresses.

174.142.161.27
November 29, 2014

96.125.183.234
February 5, 2014

File downloads found at URLs served by www.safefiles.com.

1 / 68      (Adware)
http://www.safefiles.com/.../mp3rocket.exe  (a05020291cee4ac6b866b23b27c71bea)

2 / 68      (PUP)
http://www.safefiles.com/downloads/.../mp3rocket-pro.exe  (Setup.exe)

URL:
http://www.safefiles.com/

Web server:
Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4

imusicsearch.com

mp3rocket.com

mp3rocket.me

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.