www.vuupc.com

ClickMeIn Limited  (via a Proxy Registrant)

Domain Information

The domain www.vuupc.com is registered by proxy through DOMAIN.COM, LLC and was originally registered in February of 2013. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Salt Lake City, Utah within the United States which resides on the Hosting Services, Inc. network. The domain is associated with the publisher ClickMeIn Limited who is located in Nicosia, CY.
Registrar:
DOMAIN.COM, LLC

Server location:
Utah, United States (US)

Create date:
Wednesday, February 20, 2013

Expires date:
Monday, February 20, 2017

Updated date:
Friday, February 05, 2016

ASN:
AS29854 WESTHOST - WestHost, Inc.

Root domain:

Scanner detections:
Detections  (83% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.InstallX.Bundle, PUP.Installer.ClickMeInLimited.X, PUP.Installer.ClickMeInLimited.O, PUP.Installer.ClickMeInLimited.R, PUP.Installer.ClickMeIn.P, PUP.VuuPC (M), PUP.installCore.Installer, PUP.installCore.ClickMeIn.Installer (M), PUP.Linkular.Company.Installer (M), PUP.Orbitum.Bergariu.Installer.Meta (L), PUP.installCore.ClickMeI.Installer (M), PUP.Outbrowse.SaFeSoft.Bundler (M), PUP.Tuguu.tuguusl.Bundler (M), PUP.InstallCore.Internet.Installer.Meta (M)
97.50%

Dr.Web
Adware.InstallCore.110, Adware.Downware.1411, Adware.Downware.2258, Adware.InstallCore.122, Trojan.Packed.24524, Adware.ClickMeIn.494, Adware.Downware.1411, Adware.ClickMeIn.494, Trojan.Packed.30000
67.50%

Kingsoft AntiVirus
Win32.Troj.Generic.a.(kcloud), Win32.Troj.Undef.(kcloud), VIRUS_UNKNOWN
62.50%

Trend Micro House Call
TROJ_GEN.R0CBH06L713, TROJ_GEN.F47V1215, TROJ_GEN.F47V1223, TROJ_GE.21F04DFD, TROJ_GEN.F47V0820, TROJ_GEN.F47V0318, TROJ_GEN.F47V0412, TROJ_GE.089BA067, TROJ_GEN.F47V0107, TROJ_GEN.F47V0508, TROJ_GE.168939FA, TROJ_GEN.F47V0113, TROJ_GEN.F47V0607
57.50%

ESET NOD32
Win32/InstallCore.EC, Win32/InstallCore.FS, Win32/InstallCore.CF (variant), Win32/VuuPc, Win32/InstallCore.BL, Win32/InstallCore.FJ (variant)
32.50%

McAfee
Artemis!75C4F607F177, Artemis!F752DE22FDDF, Artemis!9511D8BBDDF3, Artemis!CE2C586D6C29, Artemis!161D08470F5C, Artemis!EF3A85DDB76B, Artemis!5A548C1E542C
27.50%

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594, NS:Malware.Install!1.9F62, PE:Malware.InstallCore!6.4, PE:Trojan.Win32.Generic.14B78831!347572273
27.50%

McAfee Web Gateway
Artemis!75C4F607F177, Artemis!9511D8BBDDF3, Artemis!161D08470F5C, Artemis!EF3A85DDB76B, Artemis!5A548C1E542C, BehavesLike.Win32.Suspicious.gh
25.00%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h, Trojan.Midhos, Downware.InstallCore
22.50%

Norman
Downloader, Suspicious_Gen4.GKATD, Win32.Parite.B
22.50%

Qihoo 360 Security
HEUR/Malware.QVM06.Gen, Win32/Virus.Adware.bf7
22.50%

Sophos
AnyProtect, Install Core ClickMeIn Limited, Generic PUA AK, PUA 'AnyProtect'
22.50%

AVG
Clickmein, ClickMeIn Limited, Adware Vopackage.D, Generic_c, Win32/Parite
20.00%

Bkav FE
W32.Clod966.Trojan, W32.Clod9be.Trojan, W32.Clodac9.Trojan, W32.Clodd86.Trojan, W32.HfsAdware
17.50%

F-Prot
W32/InstallCore.R4.gen, W32/InstallCore.R.gen, W32/InstallCore.R3.gen, W32/InstallCore.W.gen, W32/Parite.B
17.50%

The domain www.vuupc.com has been seen to resolve to the following 6 IP addresses.

dl2.clickmein.com
January 14, 2014

dl6.clickmein.com
January 14, 2014

dl4.clickmein.com
January 14, 2014

dl3.clickmein.com
January 14, 2014

dl1.clickmein.com
January 14, 2014

dl5.clickmein.com
January 14, 2014

File downloads found at URLs served by www.vuupc.com.

7 / 68      (Adware)
http://www.vuupc.com/ver/.../VuuPCSetup.exe  (latestvuupcsetup1.0.0.256.exe)

1 / 68      (Adware)

1 / 68      (PUP)
http://www.vuupc.com/lps/.../Setup.exe  (53f5c9899f7c755e4f1485542e2784f9)

5 / 68      (Adware)

8 / 68      (Adware)

5 / 68      (Adware)

5 / 68      (Adware)
http://www.vuupc.com/ver/.../VuuPCBaseSetup.exe  (e558b1be7e3616c33626fc2560eea31c)

1 / 68      (Adware)
http://www.vuupc.com/.../download.php?r=3  (icreinstall_vuupc_setup.exe)

4 / 68      (Adware)

5 / 68      (Adware)
http://www.vuupc.com/ver/.../VuuPCBaseSetup.exe  (1c7a5a7f71b694db60ea8195dd39772b)

14 / 68    (Adware)
http://www.vuupc.com/ver/.../VuuPCBaseSetup.exe  (90b952e30cbd8fbfd2f0715cd90d94cf)

10 / 68    (Adware)

12 / 68    (Adware)

1 / 68      (PUP)

5 / 68      (Adware)
http://www.vuupc.com/ver/.../VuuPCBaseSetup.exe  (082df210b705e5e4a8a63069b27af652)

The following 12 files have been seen to comunicate with www.vuupc.com in live environments.

URL:
http://www.vuupc.com/

Google Analytics:
UA-42018641

Title:
“Remote Desktop & Remote Access to your PC from Anywhere | ClickMeIn - Home Page”

Description:
“Remote Access to your PC from anywhere. Remote Desktop, Remote Access, Broadcast, Access all your files easily from any browser & from iPhone/ iPad. Make your work schedule more flexible using your home PC to login to your office remotely.”

Web server:
nginx

Facebook:
Likes:  2
Shares:  11

Statistics are for the previous month.