www.vir.us.com

CentralNic Ltd

Domain Information

The domain www.vir.us.com registered by CentralNic Ltd was initially registered in January of 1993 through Moniker Online Services. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Maidenhead, England within United Kingdom which resides on the RIPE Network Coordination Centre network.
Registrar:
DEMYS LIMITED

Server location:
England, United Kingdom (GB)

Create date:
Tuesday, January 05, 1993

Expires date:
Saturday, January 04, 2025

Updated date:
Wednesday, January 06, 2016

ASN:
AS29550 SIMPLYTRANSIT Simply Transit Ltd

Root domain:

Scanner detections:
Detections  (79% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Optional.ReimageLimited.N, PUP.Optional.ReimageLimited.R, PUP.Reimage (L)
90.91%

Dr.Web
Adware.Plugin.171, riskware program Program.Unwanted.493, Trojan.KillProc.36496
81.82%

McAfee
Artemis!D566201EF927, Artemis!0C70FAEC04E3, Artemis!72CB31555DA5, W32/HLLP.41472.e
54.55%

Bkav FE
W32.Clod547.Trojan, W32.HfsAdware, W32.NeshtaB.PE
45.45%

Trend Micro House Call
TROJ_GEN.F47V0122, TROJ_GEN.F47V0214, Suspicious_GEN.F47V0520
45.45%

McAfee Web Gateway
Artemis!D566201EF927, Artemis!0C70FAEC04E3
45.45%

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
36.36%

ESET NOD32
Win32/Toolbar.Babylon
36.36%

NANO AntiVirus
Riskware.Nsis.Babylon.cvvuwk, Virus.Win32.Neshta.cdby
36.36%

nProtect
Joke/W32.ArchSMS.286720, Virus/W32.Neshta
36.36%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
27.27%

Antiy Labs AVL
GrayWare[AdWare:not-a-virus]/Win32.Inffinity
27.27%

G Data
Win32.Application.VMDetect
27.27%

herdProtect (fuzzy)
a variant of 9bfd12ed19eb26ea461f9221316feff8a0a795a8
9.09%

Malwarebytes
PUP.Optional.ReImageRepair.A
9.09%

The domain www.vir.us.com has been seen to resolve to the following 3 IP addresses.

April 13, 2016

April 13, 2016

leeds.eukhosting.net
February 2, 2014

File downloads found at URLs served by www.vir.us.com.

0 / 68
http://www.vir.us.com/scannow  (spyhunter-installer.exe)

11 / 68    (PUP)

14 / 68    (Malware)
http://www.vir.us.com/scannow  (spyhunter-installer.exe)

0 / 68
http://www.vir.us.com/scannow  (spyhunter-installer.exe)

0 / 68

3 / 68      (PUP)

3 / 68      (PUP)

1 / 68      (PUP)
http://www.vir.us.com/downloadsoftware  (reimagerepairtemp.exe)

3 / 68      (PUP)

2 / 68      (PUP)
http://www.vir.us.com/downloadsoftware  (reimagerepairtemp.exe)

12 / 68    (PUP)

6 / 68      (PUP)
http://www.vir.us.com/downloadsoftware  (reimagerepairtemp.exe)

12 / 68    (PUP)

13 / 68    (PUP)

URL:
http://www.vir.us.com/

Title:
“Virus Removal - Remove Virus Immediately”

Description:
“Virus Removal Software Immediately Remove Virus Backdoor Rootkit Trojan Worm and other security threats from windows PC”

SSL certificate subject:
CN=sni170283.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
cloudflare-nginx (PHP/5.2.17)

Facebook:
Likes:  1
Shares:  2

Statistics are for the previous month.