home

supportversion.how2safeupdate.net

Privacy Protection Service INC d/b/a PrivacyProtect.org  (Proxy Registrant)

Domain Information

The domain supportversion.how2safeupdate.net is registered by proxy through REGISTRAR OF DOMAIN NAMES REG.RU LLC and was originally registered in February of 2015. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Fort Lauderdale, Florida within the United States which resides on the Infolink Global Corporation network.
Registrar:
REGISTRAR OF DOMAIN NAMES REG.RU LLC

Server location:
Florida, United States (US)

Create date:
Friday, February 20, 2015

Expires date:
Saturday, February 20, 2016

Updated date:
Friday, April 1, 2016

ASN:
AS15083 INFOLINK-MIA-US - Infolink Global Corporation,US

Root domain:
how2safeupdate.net

Whois:
2 how2safeupdate.net records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.installCore.Installer, PUP.installCore.OOOProfitAdverts.Installer (M), PUP.installCore.NEXTPOIN.Installer (M)
100.00%

VIPRE Antivirus
Threat.4150696
66.67%

Dr.Web
Trojan.InstallCore.508
66.67%

avast!
Malware-gen
66.67%

Bkav FE
W32.HfsAdware
66.67%

K7 AntiVirus
Adware
66.67%

Avira AntiVirus
PUA/InstallCore.IH
66.67%

ESET NOD32
Win32/InstallCore.ZC potentially unwanted application
66.67%

AVG
Generic
66.67%

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
33.33%

The domain supportversion.how2safeupdate.net has been seen to resolve to the following 2 IP addresses.

185.53.179.12
May 19, 2016

65.111.162.137
mta8.helloresponse.com
May 21, 2015

File downloads found at URLs served by supportversion.how2safeupdate.net.

1 / 68      (Adware)
http://supportversion.how2safeupdate.net/dl.php?conversion_id=14284460365486&app_id=4&lp_id=733&v=icrs&stub_id=143&v_id= JgFYsfWv4ORSYO7YuGzUb7QMn 1v4QaFEI 7SVUM6U=&dist_id=571&channel=ac_nf7&cid=32119277401428446035&pubid=274850  (adobe_flash_setup.exe)

10 / 68    (Adware)
http://supportversion.how2safeupdate.net/.../gOa33PRUwP4gXwoliCgJecIJLIHGWOvKcHoq5o7Q=&dist_id=731&channel=mbu_csp_us_chr&s2=2926389149.447755.ddc9ae491a.8074.cbed151eb64d5f66183b071e86e94927  (adobe_flash_setup.exe)

9 / 68      (Adware)
http://supportversion.how2safeupdate.net/dl.php?conversion_id=14287260423626&app_id=63&lp_id=483&v=ico&stub_id=170&v_id=B875REIzv54YTRBy mE9sK6gIJvq1MWzdVEa0PoZO6A=&dist_id=332&channel=jovad&cid=epom_NzB8MTQ2fFVTfDN8MXx8&sid=70  (java_runtime_enviroment_setup.exe)

The following file have been seen to comunicate with supportversion.how2safeupdate.net in live environments.

TCP » 185.53.179.12:80
chrome.crx

bibleverser.com

broadpackagesea.com

check-live24.org

completeappuniverse.com

dashinstallerhouse.com

defiletake.com

directpackagesqueue.com

downloadcamp.com

downloadinator.com

forumerithostbundle.com

lpmxp1088.com

magnofive.com

megadownload.info

novatogames.org

perkyinstallersroom.com

perkyinstallpool.com

pureinstalllist.com

theupdateronline24.com

uploadfun.space

vaudix.com

wasdmr.com

whiteinstallerboard.com

wholeappsocean.com

zayatsdelivery.com

fixupdatesnow.org

freeupgradelive.com

newvideolive.com

theonlinelive.com

theonlinelive.net

theperfectupdate.org

30 of 35 related domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.