69.39.236.56

ip-69.39.236.56.hosted.by.gigenet.com

IP Address Information

The Internet Service Provider (ISP) that owns the network address of 69.39.236.56 is GigeNET and located in Illinois within the United States. The IP Address resolves to the DNS record of ip-69.39.236.56.hosted.by.gigenet.com. Currently there are 149 domain names that utilize this address. The primary domain hosted by this IP is www.hd-plugins.com along with 148 other domains which are known adware distribution web sites.
Scanner detections:
Detections  (82% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Optional.FiorentinoMedia.W, PUP.Optional.Installer.T, PUP.Installer.Wishapp.F, PUP.ExtremeWhite.Installer, PUP.ExtremeWhite.DigitNetworkExtremeWhiteLimited.Installer (M), PUP.ExtremeWhite.CityRoadlabsExtremeWhiteLimited.Installer (M), Win32.Generic, PUP.InnovativeSystems.Installer (M), PUP.ExtremeWhite.DigitNet.Installer (M), PUP.TerraFir.Installer (M), PUP.Outbrowse.AppSMarK.Bundler (M), PUP.Outbrowse.ClickYes.Bundler (M), PUP (M)
88.37%

NANO AntiVirus
Trojan.Win32.Kryptik.cqhovd, Trojan.Win32.MLW.dpnylv, Trojan.Win32.Agent.dvtooz, Trojan.Win32.OpenCandy.dlsdxl
32.56%

Dr.Web
infected with BackDoor.Infector.133, infected with Trojan.Crossrider1.28205, infected with Trojan.Lyrics.645, Trojan.Crossrider1.42769
32.56%

Malwarebytes
PUP.Optional.Bundlore, PUP.Optional.SavePass.A, PUP.Optional.CrossRider.A, PUP.Optional.GoHD.A, PUP.Optional.AppLid, PUP.Optional.OpenCandy
32.56%

Clam AntiVirus
Win.Trojan.12424573, Win.Trojan.Crossrider-36, Win.Trojan.Scramblewrapper, Win.Adware.Scramblewrapper, Win.Trojan.14824974
32.56%

AhnLab V3 Security
PUP/Win32.Bundlore, PUP/Win32.CrossRider, PUP/Win32.OpenCandy
32.56%

Agnitum Outpost
Riskware.ScrambleWrapper, Riskware.Agent
30.23%

K7 AntiVirus
Riskware , Unwanted-Program , Adware
27.91%

Avira AntiVirus
TR/Dropper.Gen, ADWARE/Agent.81920.132, TR/Agent.81920.650, TR/Rogue.81920.143, ADWARE/Agent.81920.140, ADWARE/CrossRider.Gen7
27.91%

AVG
Generic, Crossrider, AdLoad, ScrambleWrapper.A, OpenCandy
25.58%

The following domains resolved to the IP address 69.39.236.56.

Latest 50 of 149 domains

File URLs download from 69.39.236.56.

0 / 68

1 / 68      (Adware)
http://dl.devopenrack.com/47/all/hqv/.../setup.exe  (609d4f766a28fa1411d7e83414013e8e)

1 / 68      (Adware)
http://dl.devopenrack.com/60/all/cp/.../setup.exe  (de0a48e2878a35f9188d8aabdef70841)

12 / 68    (PUP)

1 / 68
http://regcleaners.info/ccsetup317.exe  (4c694cc02a97e422ee3498527121161a)

0 / 68
http://www.iovsoft.com/.../iov-MP3-Cutter-Joiner.exe  (a72156ebf9b5bf8fb3ddc7f63409c205)

0 / 68
http://download.coinbeez.com/Win_CoinBeez_64.exe  (d89e7969109c225eb5eba9cf3b33a49b)

20 / 68    (Adware)
http://dl.pspvideosdownload.com/.../setup.exe  (2539b7c899779384d79e00616749aa61)

4 / 68      (inconclusive)
http://download.coinbeez.com/CoinBeez.exe  (847f09d978a0a8a2f0d7bcc7e05b7fb9)

The following 313 files have been seen to comunicate with this IP address in live environments.

TCP port 80

TCP port 80

TCP port 80

 
Latest 20 of 322 files

The geographical location of this IP address.

Country:
United States (US)

Region:
Illinois

City:
Chicago

Coordinates:
41.85, -87.65

The ARIN network assigned organization for IP address 69.39.236.56.

Org name:
GigeNET

Org identifier:
DMPL

Org country:
United States (US)

Org region:
Illinois

Org city:
Arlington Heights

Org address:
545 E Algonquin Rd

Org website:
www.gigenet.com

ARIN WHOIS:

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/public/whoisinaccuracy/index.xhtml
#


#
# The following results may also be obtained via:
# https://whois.arin.net/rest/nets;q=69.39.236.56?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
#

NetRange: 69.39.224.0 - 69.39.239.255
CIDR: 69.39.224.0/20
NetName: IPNAP
NetHandle: NET-69-39-224-0-1
Parent: NET69 (NET-69-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS32181
Organization: GigeNET (DMPL)
RegDate: 2003-04-18
Updated: 2012-03-02
Comment: www.gigenet.com
Ref: https://whois.arin.net/rest/net/NET-69-39-224-0-1


OrgName: GigeNET
OrgId: DMPL
Address: 545 E Algonquin Rd
Address: Suite D
City: Arlington Heights
StateProv: IL
PostalCode: 60005
Country: US
RegDate: 2011-03-04
Updated: 2011-06-23
Comment: http://www.gigenet.com
Ref: https://whois.arin.net/rest/org/DMPL

ReferralServer: rwhois://rwhois.servernap.net:4321

OrgNOCHandle: IPADM152-ARIN
OrgNOCName: IP Administrator
OrgNOCPhone: +1-800-561-2656
OrgNOCEmail: ip-admin@coloquest.com
OrgNOCRef: https://whois.arin.net/rest/poc/IPADM152-ARIN

OrgTechHandle: IPADM152-ARIN
OrgTechName: IP Administrator
OrgTechPhone: +1-800-561-2656
OrgTechEmail: ip-admin@coloquest.com
OrgTechRef: https://whois.arin.net/rest/poc/IPADM152-ARIN

OrgAbuseHandle: ABUSE2935-ARIN
OrgAbuseName: Abuse Department
OrgAbusePhone: +1-800-561-2656
OrgAbuseEmail: abuse@gigenet.com
OrgAbuseRef: https://whois.arin.net/rest/poc/ABUSE2935-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/public/whoisinaccuracy/index.xhtml
#


Remove Malware from 69.39.236.56 - Powered by Reason Core Security