home

dl.airdwnlds.com

Air Software  (via a Proxy Registrant)

Domain Information

The domain dl.airdwnlds.com is registered by proxy through ENOM, INC. and was originally registered in September of 2012. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in New York City, New York within the United States which resides on the Digital Ocean, Inc. network. The domain is associated with the publisher Air Software who is located in Victoria, British Columbia in Canada.
Registrar:
ENOM, INC.

Server location:
New York, United States (US)

Create date:
Tuesday, September 11, 2012

Expires date:
Sunday, September 11, 2016

Updated date:
Wednesday, August 12, 2015

ASN:
AS14061 DIGITALOCEAN-ASN - Digital Ocean, Inc.

Root domain:
airdwnlds.com

Whois:
3 airdwnlds.com records

Scanner detections:
Detections  (98% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Air Software.AirSoftw.Bundler (M), PUP.Outbrowse.Bundler (M), PUP.Air Software (M)
100.00%

The domain dl.airdwnlds.com has been seen to resolve to the following 9 IP addresses.

108.168.218.35
108.168.218.35-static.reverse.softlayer.com
October 9, 2014

108.168.218.34
108.168.218.34-static.reverse.softlayer.com
May 28, 2014

50.23.68.85
50.23.68.85-static.reverse.softlayer.com
May 5, 2014

184.154.116.114
chicago.airinstaller.com
April 13, 2014

192.241.139.115
justice.airinstaller.com
February 7, 2014

173.192.195.226
173.192.195.226-static.reverse.softlayer.com
February 7, 2014

162.243.2.91
empire.airinstaller.com
February 7, 2014

173.192.195.228
173.192.195.228-static.reverse.softlayer.com
February 6, 2014

192.241.237.97
uswestmeganode1.airinstaller.com
February 5, 2014

File downloads found at URLs served by dl.airdwnlds.com.

1 / 68      (Adware)
http://dl.airdwnlds.com/get/click/.../?sid=37&uid=147931742&filename=Flash_Update  (flash_update.exe)

1 / 68      (Adware)
http://dl.airdwnlds.com/get/click/.../?filename=free_download  (free_download.exe)

1 / 68      (Adware)
http://dl.airdwnlds.com/get/.../?sid=D&b=84a16deb  (setup.exe)

1 / 68      (Adware)
http://dl.airdwnlds.com/get/click/.../?sid=37&uid=141139706&filename=Flash_Update  (flash_update.exe)

1 / 68      (Adware)
http://dl.airdwnlds.com/get/click/.../?sid=618-&uid=117903119&filename=FPP_Setup  (fpp_setup.exe)

1 / 68      (Adware)
http://dl.airdwnlds.com/get/click/.../?sid=939&uid=177618671&filename=Flash_Update  (flash_update.exe)

1 / 68      (Adware)
http://dl.airdwnlds.com/get/click/.../?sid=37&uid=148757124&filename=Flash_Update  (flash_update.exe)

1 / 68      (Adware)
http://dl.airdwnlds.com/get/click/.../?sid=674-&uid=115187157&filename=FPP_Setup  (fpp_setup.exe)

1 / 68      (Adware)
http://dl.airdwnlds.com/get/.../?sid=no202&b=9436321a  (setup.exe)

1 / 68      (Adware)
http://dl.airdwnlds.com/get/click/.../?sid=37&uid=161356065&filename=Flash_Update  (flash_update.exe)

1 / 68      (Adware)
http://dl.airdwnlds.com/get/click/.../?filename=Setup  (setup.exe)

1 / 68      (Adware)
http://dl.airdwnlds.com/get/click/.../?sid=37&uid=145865817&filename=Flash_Update  (flash_update.exe)

1 / 68      (Adware)
http://dl.airdwnlds.com/get/click/.../?sid=1082&uid=186325483&filename=Flash_Update  (flash_update.exe)

1 / 68      (Adware)
http://dl.airdwnlds.com/get/click/.../  (setup.exe)

1 / 68      (Adware)
http://dl.airdwnlds.com/get/click/.../?sid=37&uid=144036619&filename=Flash_Update  (flash_update.exe)

1 / 68      (Adware)
http://dl.airdwnlds.com/get/click/.../?sid=674-&uid=113816276&filename=FPP_Setup  (fpp_setup.exe)

1 / 68      (Adware)
http://dl.airdwnlds.com/get/click/.../?sid=674-p.ndumjmynjdimtkyy&uid=142482914&filename=FPP_Setup  (fpp_setup.exe)

1 / 68      (Adware)
http://dl.airdwnlds.com/get/click/.../?sid=674-p.nzzjzjfiztcztmnd&uid=181786071&filename=FPP_Setup  (fpp_setup.exe)

0 / 68
http://dl.airdwnlds.com/get/.../?sid=202&b=9436321a  (79e9.tmp)

1 / 68      (Adware)
http://dl.airdwnlds.com/.../click.php?sid=D&b=84a16deb  (setup.exe)

1 / 68      (Adware)
http://dl.airdwnlds.com/get/click/.../?ram=true&sid=ram  (setup.exe)

1 / 68      (Adware)
http://dl.airdwnlds.com/get/click/.../?sid=674-p.nzzjzjfiztcztmnd&uid=122807373&filename=FPP_Setup  (fpp_setup.exe)

1 / 68      (Adware)
http://dl.airdwnlds.com/get/click/.../?uid=Ri10IJAdOV  (setup.exe)

1 / 68      (Adware)
http://dl.airdwnlds.com/get/click/.../?sid=dynamic7  (setup.exe)

1 / 68      (Adware)
http://dl.airdwnlds.com/get/click/.../?sid=618&uid=116444285&filename=Flash_Update  (flash_update.exe)

1 / 68      (Adware)
http://dl.airdwnlds.com/get/click/.../?sid=777-&uid=115727427&filename=FPP_Setup  (fpp_setup.exe)

1 / 68      (Adware)
http://dl.airdwnlds.com/get/click/.../?sid=Java-MT&filename=Java  (java.exe)

1 / 68      (Adware)
http://dl.airdwnlds.com/get/click/.../?sid=618&uid=177322180&filename=Flash_Update  (flash_update.exe)

1 / 68      (Adware)
http://dl.airdwnlds.com/get/click/.../?filename=FlashPlayerPro  (flashplayerpro.exe)

1 / 68      (Adware)
http://dl.airdwnlds.com/get/.../?b=cbca4800  (setup.exe)

 
Latest 30 of 176 download URLs

The following 2 files have been seen to comunicate with dl.airdwnlds.com in live environments.

TCP » 108.168.218.34:80
15ba9f94.exe (Google Talk by AirInstaller)

TCP » 173.192.195.228:80
setup.exe (Software Updater by AirInstaller)

airinstaller.com

getsoftfree.com

downloadverse.com

downloadwiz.com

updatersoft.com

yesdownloads.com

zipdownloader.com

fastdownloaders.com

dlsoftware.org

update14.com

realfreedownloads.com

trustydownloads.com

software-updater.com

updaterspro.com

thanksfordownloading.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.