dl.downf468.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain dl.downf468.com is registered by proxy through GODADDY.COM, LLC and was originally registered in January of 2016. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Cambridge, Massachusetts within the United States which resides on the Akamai Technologies, Inc. network.
Remove Malware from dl.downf468.com - Powered by Reason Core Security
Registrar:
GODADDY.COM, LLC

Server location:
Massachusetts, United States (US)

Create date:
Monday, January 04, 2016

Expires date:
Wednesday, January 04, 2017

Updated date:
Thursday, January 14, 2016

ASN:
AS20940 AKAMAI-ASN1 Akamai International B.V.

Root domain:

Scanner detections:
Detections  (91% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.FIRSERIASL.V, PUP.FIRSERIASL.L, PUP.FIRSERIASL.I, PUP.FIRSERIASL.F, PUP.Installer.AppsInstallerSL.Z, PUP.RAPIDDOWN.O, PUP.FIRSERIASL.Q, PUP.Installer.FIRSERIASL.d, PUP.FIRSERIASL.N, PUP.FIRSERIASL.O, PUP.FIRSERIASL.G, PUP.Installer.AppsInstallerSL.L, PUP.Installer.AppsInstallerSL.M, PUP.Solimba.RAPIDDOWN.Bundler (M), PUP.Solimba.FIRSERIA.Bundler (M)
93.75%

Avira AntiVirus
W32/Sality.AT, TR/Dropper.Gen, APPL/Firseria.Gen, APPL/Firseria.A.12, TR/Crypt.ULPM.Gen
40.63%

Dr.Web
Win32.Sector.21, Trojan.DownLoader10.61289, Trojan.DownLoader11.3085, Adware.Downware.1433, Adware.Downware.2488, Trojan.DownLoader11.3206
37.50%

VIPRE Antivirus
Trojan.Win32.Generic, DownloadMR, Threat.4150696, Threat.4782980
37.50%

Malwarebytes
PUP.Optional.Firseria, PUP.Optional.AppsInstaller, PUP.Optional.BundleInstaller.A
37.50%

Rising Antivirus
PE:PUF.FirseriaInstaller@CV!1.9C54, PE:PUF.FirseriaInstaller@CV!1.5C42, PE:Malware.FirseriaInstaller!6.17AF, PE:Trojan.Win32.Generic.170006F8!385877752
37.50%

AVG
AdInstaller.Firseria, MalSign.Generic, BundleApp, Adware AdInstaller.Firseria
37.50%

Sophos
Solimba Installer
34.38%

Vba32 AntiVirus
Downloader.Morstar, Downware.Morstar
34.38%

Fortinet FortiGate
W32/AdkDLLWrapper.A, Adware/Firseria, Riskware/FirseriaInstaller, Adware/Sality.MO
31.25%

Comodo Security
Application.Win32.Solimba.J, UnclassifiedMalware, Application.Win32.Firseria.EA
31.25%

Kingsoft AntiVirus
Win32.Troj.Generic.a.(kcloud), Win32.Troj.DownMorstar.o.(kcloud), Win32.Troj.DownMorstar.q.(kcloud)
31.25%

Kaspersky
not-a-virus:Downloader.Win32.Morstar, not-a-virus:Downloader.Win32.Firser
28.13%

AhnLab V3 Security
PUP/Win32.Firseria, PUP/Win32.FirseriaInstaller
28.13%

G Data
Win32.Application.FirseriaInstaller, Adware.Agent.NUA, Win32.Application.Morstar, Gen:Application.Bundler.Firseria
28.13%

The domain dl.downf468.com has been seen to resolve to the following 35 IP addresses.

February 13, 2016

January 27, 2016

a23-62-7-59.deploy.static.akamaitechnologies.com
December 6, 2014

a23-62-7-50.deploy.static.akamaitechnologies.com
December 6, 2014

a23-62-6-89.deploy.static.akamaitechnologies.com
October 20, 2014

a23-62-6-73.deploy.static.akamaitechnologies.com
October 20, 2014

a184-51-126-67.deploy.static.akamaitechnologies.com
September 5, 2014

a184-51-126-25.deploy.static.akamaitechnologies.com
September 5, 2014

a184-50-229-142.deploy.static.akamaitechnologies.com
September 4, 2014

a184-50-229-175.deploy.static.akamaitechnologies.com
September 4, 2014

a23-0-160-18.deploy.static.akamaitechnologies.com
September 4, 2014

a23-0-160-16.deploy.static.akamaitechnologies.com
September 4, 2014

a23-0-160-11.deploy.static.akamaitechnologies.com
September 4, 2014

August 1, 2014

May 1, 2014

a23-67-243-56.deploy.static.akamaitechnologies.com
May 1, 2014

May 1, 2014

a23-67-243-26.deploy.static.akamaitechnologies.com
May 1, 2014

April 11, 2014

April 11, 2014

a23-15-8-58.deploy.static.akamaitechnologies.com
December 28, 2013

a23-15-8-42.deploy.static.akamaitechnologies.com
December 28, 2013

a23-67-244-19.deploy.static.akamaitechnologies.com
December 26, 2013

a23-67-244-50.deploy.static.akamaitechnologies.com
December 26, 2013

a23-62-238-112.deploy.static.akamaitechnologies.com
December 26, 2013

a23-62-238-35.deploy.static.akamaitechnologies.com
December 26, 2013

a23-67-243-41.deploy.static.akamaitechnologies.com
December 22, 2013

a23-66-230-123.deploy.static.akamaitechnologies.com
December 22, 2013

a23-66-230-122.deploy.static.akamaitechnologies.com
December 22, 2013

a23-67-243-24.deploy.static.akamaitechnologies.com
December 13, 2013

 
Showing 30 of 35 IP Addresses

File downloads found at URLs served by dl.downf468.com.

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)
http://dl.downf468.com/n/.../uTorrent.exe  (590be73c518911fff3ba618d9b5626c0)

1 / 68      (Adware)
http://dl.downf468.com/n/.../AVS_Media_Player.exe  (cab1174d59586e65b0c8d343cfc16f39)

1 / 68      (Adware)
http://dl.downf468.com/n/.../FLV_Media_Player.exe  (679fb74ee09d3c7863b44134de1a232f)

1 / 68      (Adware)
http://dl.downf468.com/n/.../FLV_Media_Player.exe  (c81430675d1ae0982ce7f9661963dbb2)

39 / 68    (Adware)
http://dl.downf468.com/n/.../FLV_Media_Player.exe  (03f3d32a2c3c4a2def13ac0549624e35)

33 / 68    (Adware)
http://dl.downf468.com/n/.../Avast! Free Antivirus.exe  (90ccedb10ef8c76c04736626cda4c05d)

34 / 68    (Adware)
http://dl.downf468.com/n/.../Skype.exe  (9859d28a7b3f5446e264e8b0000029a2)

39 / 68    (Adware)
http://dl.downf468.com/n/3.0.25/.../FLV_Media_Player.exe  (03f3d32a2c3c4a2def13ac0549624e35)

33 / 68    (Adware)
http://dl.downf468.com/n/3.0.25/.../File_installer.exe  (7d07a2d448762eae6aebae7b60a1f4b0)

1 / 68      (Adware)

6 / 68      (false positives)
http://dl.downf468.com/n/3.0.26/.../uTorrent.exe  (22152430f5c578d1a62f102c556c0c01)

6 / 68      (false positives)
http://dl.downf468.com/n/.../uTorrent.exe  (22152430f5c578d1a62f102c556c0c01)

21 / 68    (Adware)

1 / 68      (Adware)

17 / 68    (Adware)
http://dl.downf468.com/n/.../Netcut.exe  (2c83fc04c0b44eb2ce505b92a76b058b)

1 / 68      (Adware)
http://dl.downf468.com/n/.../Express Files.exe  (ed3dacabc7fdb8ac1fafed036b4910ba)

20 / 68    (Adware)

1 / 68      (Adware)

1 / 68      (Adware)
http://dl.downf468.com/n/.../N5214.exe  (4a3a7b39cbf5f62e9a02a786183cb6a8)

1 / 68      (Adware)
http://dl.downf468.com/n/3.0.21/.../AutoCleaner.exe  (a34787a87b0230cd549d47ee8c8a93c3)

The following 244 files have been seen to comunicate with dl.downf468.com in live environments.

 
Latest 20 of 250 files

URL:
http://dl.downf468.com/

Title:
“Loading”

Web server:
nginx/1.8.0

Remove Malware from dl.downf468.com - Powered by Reason Core Security