home

dowcnloadboox.info

Whois Privacy Protection Service, Inc.  (Proxy Registrant)

Domain Information

The domain dowcnloadboox.info is registered by proxy through Name.com LLC (R279-LRMS). This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Portland, Oregon within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Oregon) region datacenter.
Registrar:
Name.com LLC (R279-LRMS)

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Whois:
1 dowcnloadboox.info record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

VIPRE Antivirus
Threat.4150696
100.00%

AhnLab V3 Security
PUP/Win32.TSULoader, PUP/Win32.InstallRex
100.00%

Reason Heuristics
Adware.WebPick.Installer.?, Adware.WebPick.Installer.I, PUP.SergeyPanov.m, Adware.WebPick.Installer.v, Adware.WebPick.Installer.T, PUP.SergeyPanov.b, PUP.Bundler.WebPick
100.00%

Dr.Web
Threat.Undefined, Trojan.WebPick.2620, Trojan.Crossrider.24065
100.00%

ESET NOD32
Win32/InstalleRex.M potentially unwanted application, Win32/AdWare.MultiPlug.R application, Win32/AdWare.MultiPlug.AB application
100.00%

McAfee
PUP-FHQ, PUP-FLT, Program.PUP-FHQ, Program.PUP-FLT
100.00%

Malwarebytes
PUP.Optional.InstalleRex, PUP.Optional.MultiPlug
100.00%

K7 AntiVirus
Trojan , Adware , Unwanted-Program
100.00%

NANO AntiVirus
Riskware.Win32.InfoLeak.cvgqot, Riskware.Win32.Agent.dbljwr
100.00%

Kaspersky
Trojan.Win32.AntiFW, not-a-virus:HEUR:AdWare.Win32.Agent, not-a-virus:HEUR:WebToolbar.Win32.Cossder
100.00%

Avira AntiVirus
TR/Kazy.324119.29, ADWARE/InstallRex.Gen, ADWARE/Adware.Gen7, TR/AntiFW.b.116
100.00%

G Data
Gen:Variant.Kazy.324119, Win32.Application.InstalleRex, Gen:Variant.Adware.Dropper.103, Trojan.Generic.11443730
100.00%

Clam AntiVirus
Win.Trojan.Installerex-85, Win.Adware.Agent-7393
100.00%

MicroWorld eScan
Gen:Variant.Kazy.324119, Trojan.Generic.11447185, Gen:Variant.Adware.Dropper.103, Trojan.Generic.11443730, Application.Generic.661710
92.31%

Bitdefender
Gen:Variant.Kazy.324119, Trojan.Generic.11447185, Gen:Variant.Adware.Dropper.103, Trojan.Generic.11443730, Application.Generic.661710
92.31%

The domain dowcnloadboox.info has been seen to resolve to the following 2 IP addresses.

54.186.53.99
ec2-54-186-53-99.us-west-2.compute.amazonaws.com
September 4, 2014

54.191.209.50
ec2-54-191-209-50.us-west-2.compute.amazonaws.com
August 19, 2014

File downloads found at URLs served by dowcnloadboox.info.

31 / 68    (Adware)
http://dowcnloadboox.info/.../?&q=The Americans 2013 S01 Season 1 Complete 1080p WEB-DL x264 anoXm&product_name=The Americans 2013 S01 Season 1 Complete 1080p WEB-DL x264 anoXm&installer_file_name=The Americans 2013 S01 Season 1 Complete 1080p WEB-DL x264 anoXm&cor=1&q=The Americans 2013 S01 Season 1 Complete 1080p WEB-DL x264 anoXm&external_id=1404213051383634327  (the americans 2013 s01 season 1 complete 1080p web-dl x264 anoxm.exe)

35 / 68    (Adware)
http://dowcnloadboox.info/.../?&q=Download&product_name=Download&installer_file_name=Download&cor=1&q=Download&external_id=1403973362950824623  (download.exe)

28 / 68    (Adware)
http://dowcnloadboox.info/.../?&q=pokemon_heartgold__fr__patched.zip&product_name=pokemon_heartgold__fr__patched.zip&installer_file_name=pokemon_heartgold__fr__patched.zip&cor=1&q=pokemon_heartgold__fr__patched.zip&external_id=1404306076865473926  (pokemon_heartgold__fr__patched.zip.exe)

26 / 68    (Adware)
http://dowcnloadboox.info/.../?&q=Harry Potter And The Goblet of Fire 2005 Full PC Game {Highly Compress} {Uploaded} @IGI&product_name=Harry Potter And The Goblet of Fire 2005 Full PC Game {Highly Compress} {Uploaded} @IGI&installer_file_name=Harry Potter And The Goblet of Fire 2005 Full PC Game {Highly Compress} {Uploaded} @IGI&cor=1&q=Harry Potter And The Goblet of Fire 2005 Full PC Game {Highly Compress} {Uploaded} @IGI&external_id=1404149039917272906  (harry potter and the goblet of fire 2005 full pc game {highly compress} {uploaded} @igi.exe)

30 / 68    (Adware)
http://dowcnloadboox.info/.../?&q=in the flesh s02e06&product_name=in the flesh s02e06&installer_file_name=in the flesh s02e06&cor=1&q=in the flesh s02e06&external_id=1404129028869613149  (in the flesh s02e06.exe)

30 / 68    (Adware)
http://dowcnloadboox.info/.../?&q=in the flesh s02e06&product_name=in the flesh s02e06&installer_file_name=in the flesh s02e06&cor=1&q=in the flesh s02e06&external_id=1404129014082303286  (in the flesh s02e06.exe)

30 / 68    (Adware)
http://dowcnloadboox.info/.../?&q=in the flesh s02e06&product_name=in the flesh s02e06&installer_file_name=in the flesh s02e06&cor=1&q=in the flesh s02e06&external_id=1404128253494775555  (in the flesh s02e06.exe)

26 / 68    (Adware)
http://dowcnloadboox.info/.../?&q=An Introduction to Human Services, 6 edition (repost)&product_name=An Introduction to Human Services, 6 edition (repost)&installer_file_name=An Introduction to Human Services, 6 edition (repost)&cor=1&affiliate_id=_i1&q=An Introduction to Human Services, 6 edition (repost)&external_id=1403728629780685769  (an introduction to human services, 6 edition (repost).exe)

23 / 68    (Adware)
http://dowcnloadboox.info/.../?&q=An Introduction to Human Services, 6 edition&product_name=An Introduction to Human Services, 6 edition&installer_file_name=An Introduction to Human Services, 6 edition&cor=1&installer_type=IX_2013&installer_version=4&affiliate_id=_i2&q=An Introduction to Human Services, 6 edition&external_id=1403728527452729917  (an introduction to human services, 6 edition.exe)

31 / 68    (Adware)
http://dowcnloadboox.info/.../?&q=Download&product_name=Download&installer_file_name=Download&cor=1&q=Download&external_id=1404262031602964171  (download.exe)

31 / 68    (Adware)
http://dowcnloadboox.info/.../?&q=Download&product_name=Download&installer_file_name=Download&cor=1&q=Download&external_id=1404262023134090807  (download.exe)

24 / 68    (Adware)
http://dowcnloadboox.info/.../?&q=Captain America The Winter Soldier 2014 HDTS NEWSOURCE x264 AC3-MiLLENiUM&product_name=Captain America The Winter Soldier 2014 HDTS NEWSOURCE x264 AC3-MiLLENiUM&installer_file_name=Captain America The Winter Soldier 2014 HDTS NEWSOURCE x264 AC3-MiLLENiUM&cor=1&q=Captain America The Winter Soldier 2014 HDTS NEWSOURCE x264 AC3-MiLLENiUM&external_id=1404119454005592823  (captain america the winter soldier 2014 hdts newsource x264 ac3-millenium.exe)

38 / 68    (Adware)
http://dowcnloadboox.info/.../?&q=Download&product_name=Download&installer_file_name=Download&cor=1&q=Download&external_id=1403714718643782557  (download.exe)

The following file have been seen to comunicate with dowcnloadboox.info in live environments.

TCP » 54.186.53.99:80
fl studio 11 producer edition registry crck.rar.exe (StarApp)

URL:
http://dowcnloadboox.info/

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
openresty

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.