www.upstaradown.com

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain www.upstaradown.com is registered by proxy through ENOM, INC. and was originally registered in May of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Miami Beach, Florida within the United States which resides on the Krypt Technologies network.
Registrar:
ENOM, INC.

Server location:
Florida, United States (US)

Create date:
Tuesday, May 06, 2014

Expires date:
Wednesday, May 06, 2015

Updated date:
Tuesday, May 06, 2014

ASN:
AS35908 VPLSNET - Krypt Technologies,US

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.ClovermediaSL.E, PUP.PaymentsInteractiveSL.E, PUP.Tuguu.Clovermedia.Bundler (M), PUP.Tuguu.Payments.Bundler (M), PUP.Tuguu.Cloverme.Bundler (M), PUP.Tuguu.Bundler, PUP.Tuguu (M)
100.00%

MicroWorld eScan
Gen:Variant.Adware.Kazy.374465, Gen:Variant.Application.Bundler.DomaIQ.8, Gen:Variant.Application.Bundler.DomaIQ.7
23.08%

McAfee
PUP-FJS!D8F20B08BE1A, PUP-FJV!1292BD0B45DB, PUP-FJV!30536FBB2EDB, PUP-FJV!410EDFC077AE, PUP-FJV!856CD5EB1CF7, PUP-FJV!B7C73AFE167C
23.08%

Malwarebytes
PUP.Optional.DomaIQ, PUP.Optional.BundleInstaller.A, PUP.Optional.Domalq
23.08%

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ, not-a-virus:AdWare.Win32.Lollipop
23.08%

Bitdefender
Gen:Variant.Adware.Kazy.374465, Gen:Variant.Application.Bundler.DomaIQ.8, Gen:Variant.Application.Bundler.DomaIQ.7
23.08%

Agnitum Outpost
PUA.Lollipop, PUA.DomaIQ
23.08%

F-Secure
Gen:Variant.Adware.Kazy.374465, Gen:Variant.Application.Bundler
23.08%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4150696, DomaIQ
23.08%

Avira AntiVirus
APPL/DomaIQ.Gen, Adware/Strictor.55983
23.08%

McAfee Web Gateway
Heuristic.BehavesLike.Win32.Suspicious.H, PUP-FJV!410EDFC077AE, PUP-FJV!856CD5EB1CF7, PUP-FJV!B7C73AFE167C, CryptDomaIQ
23.08%

Sophos
DomainIQ pay-per install, Generic PUA KD, Generic PUA FN, Generic PUA JB
23.08%

G Data
Gen:Variant.Adware.Kazy.374465, Gen:Variant.Application.Bundler.DomaIQ
23.08%

Panda Antivirus
Trj/Genetic.gen, PUP/MultiToolbar.A
23.08%

AVG
DomaIQ_r.K, Win.Threat.Medium, Adware DomaIQ.DI
23.08%

The domain www.upstaradown.com has been seen to resolve to the following 2 IP addresses.

May 13, 2014

www.krypt.com
May 10, 2014

File downloads found at URLs served by www.upstaradown.com.

1 / 68      (Adware)
http://www.upstaradown.com/.../Java.exe  (9e055c74d0fc344d63db52b2ed68f033)

URL:
http://www.upstaradown.com/

Google Analytics:
UA-69192

Title:
“upstaradown.com - Registered at Namecheap.com”

Web server:
nginx (ASP.NET,ARR/2.5,ASP.NET) (Version: 4.0.30319)

30 of 36 related domains