dn.yourfiledownloader.com

Via Advertising Group Limited

Domain Information

The domain dn.yourfiledownloader.com registered by Whois Privacy Corp. was initially registered in April of 2012 through INTERNET.BS CORP.. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Dublin, Dublin City within Ireland which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the EU (Ireland) region datacenter. The domain is associated with the publisher Via Advertising Group Limited who is located in Nicosia, CY.
Remove Malware from dn.yourfiledownloader.com - Powered by Reason Core Security
Registrar:
INTERNET DOMAIN SERVICE BS CORP

Server location:
Dublin City, Ireland (IE)

Create date:
Thursday, April 26, 2012

Expires date:
Tuesday, April 26, 2016

Updated date:
Sunday, December 13, 2015

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.

Google Safe Browsing:
unwanted

Scanner detections:
Detections  (95% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.ViaAdvertisingGroupLimited.Q, PUP.ViaAdvertisingGroupLimited.R, PUP.ViaAdvertisingGroupLimited.J, PUP.ViaAdvertisingGroupLimited.w, PUP.Task.ViaAdvertisingGroupLimited.CC, PUP.Installer.ViaAdvertisingGroupLimited.N, PUP.Installer.ViaAdvertisingGroupLimited.u, PUP.Installer.Via Advertising, Threat.Via Advertising.Bundler, PUP.Via Advertising.Bundler, PUP.Via Advertising.ViaAdvertisingGroup.Bundler (M), Threat.Win.Reputation.IMP
97.67%

VIPRE Antivirus
Via Advertising, Threat.4758264
55.81%

avast!
Win32:Downloader-UBW [Adw], Win32:Downloader-UGW [PUP], Win32:Downloader-UEO [PUP], Win32:PUP-gen [PUP]
53.49%

Dr.Web
Adware.Downware.1140, Tool.DownLoader.42, Adware.Downware.1451, Adware.Downware.825, Adware.Babylon.4, Tool.DownLoader.45
53.49%

K7 AntiVirus
Riskware, Unwanted-Program , Riskware , Backdoor , Trojan
51.16%

K7 Gateway Antivirus
Riskware, Unwanted-Program , Riskware , Trojan
48.84%

AVG
BundleApp_r.B, Dropper.Generic7, Skodna.Generic_c, Skodna.Generic_r, Skodna.Bundle_r.E, Adware Generic_r.AFE, Adware Generic_r.AFC
46.51%

Sophos
YourFile Downloader, Generic PUA FO, Generic PUA KH, Generic PUA EE, Generic PUA OK, Generic PUA CN, Generic PUA CE, Mal/Generic-S
41.86%

McAfee
Artemis!BA792B193973, Artemis!F12E0521859D, Artemis!ACD966385438, Artemis!E35EA3EA7503, Artemis!DB1332B815F1, Artemis!CB29C630728E, Artemis!714272E314F5, Artemis!EA305050178D, Artemis!6664925590C5, Artemis!2B686DAB4FFB, Artemis!426A062DF57A, Artemis!2826F03DD082
37.21%

ESET NOD32
Win32/YourFileDownloader (variant), Win32/ExpressDownloader (variant), Win32/ExpressDownloader.K potentially unwanted (variant)
37.21%

McAfee Web Gateway
Artemis!BA792B193973, Artemis!F12E0521859D, Artemis!ACD966385438, Artemis!E35EA3EA7503, Artemis!DB1332B815F1, Artemis!CB29C630728E
34.88%

Fortinet FortiGate
Riskware/YourFileDownloader, W32/SPNR.28JG12!tr, Adware/Fam.NB, W32/SPNR.08LF12!tr, W32/SPNR.08K912!tr, W32/SPNR.08BP13!tr
32.56%

Trend Micro House Call
TROJ_GEN.F47V0623, TROJ_SPNR.28I112, TROJ_SPNV.03KD13, TROJ_GEN.F47V0607, TROJ_SPNR.08BD13, TROJ_GEN.F47V0827, TROJ_SPNR.08BP13, TROJ_GEN.F47V1217
30.23%

Avira AntiVirus
ADWARE/Adware.Gen2, Adware/Rogue.4157360, APPL/Downloader.Gen4, PUA/EDownloader.Gen
27.91%

Bkav FE
W32.Clod96c.Trojan, W32.Clodc26.Trojan, W32.Cloda77.Trojan, W32.Clod108.Trojan, W32.Clod566.Trojan, W32.HfsAdware
27.91%

The domain dn.yourfiledownloader.com has been seen to resolve to the following 5 IP addresses.

199.195.196.180.static.midphase.com
September 21, 2015

209.95.43.22.static.midphase.com
May 3, 2015

November 12, 2014

ec2-54-72-9-51.eu-west-1.compute.amazonaws.com
August 1, 2014

December 26, 2013

File downloads found at URLs served by dn.yourfiledownloader.com.

1 / 68      (Adware)
http://dn.yourfiledownloader.com/j5GBWHXepVRn0OZxZcqwaETTuyJh6/.../jRzcOY NRiqaDsUsRV9QP9bIx2sTGxI0wshUsYfRUo=  (download_nora_jones_-_collection_with_duets_torrent_-_kickasstorrents_downloader.exe)

1 / 68      (Adware)
http://dn.yourfiledownloader.com/j5GIfkHihmhJ8pkSS/uFClj5hh5cg/.../9nUA  (microsoft-activesync-download-windows-7_downloader.exe)

1 / 68      (Malware)

11 / 68    (Adware)

 
Latest 30 of 374 download URLs

The following 7 files have been seen to comunicate with dn.yourfiledownloader.com in live environments.

URL:
http://dn.yourfiledownloader.com/

Title:
“SmileFiles”

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
nginx/1.2.1 (PHP/5.3.3-7+squeeze19)

Facebook:
Shares:  1

Statistics are for the previous month.

Remove Malware from dn.yourfiledownloader.com - Powered by Reason Core Security