home

download1.file-mirror.org

Whois Privacy Protection Service, Inc.  (Proxy Registrant)

Domain Information

The domain download1.file-mirror.org is registered by proxy through Name.com, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in San Jose, California within the United States which resides on the SoftLayer Technologies Inc. network.
Registrar:
Name.com, LLC

Server location:
California, United States (US)

ASN:
AS36351 SOFTLAYER - SoftLayer Technologies Inc.,US

Root domain:
file-mirror.org

Whois:
2 file-mirror.org records

Scanner detections:
Detections  (73% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.JiangsuCN, PUP.DownloadAdmin.N, PUP.Zoobam.N, PUP.Tightrope.DownloadAdmin.Bundler (M), PUP.MicrosTools.Optimizer.Installer.Meta (L), PUP.Tightrope.Download.Bundler (M), PUP.Tightrope.Zoobam.Bundler (M), PUP.DownloadAdmin.Bundler.Meta (M), PUP.Tightrope (M)
85.71%

AVG
Generic, Luhe.MSIL.D, Generic14_c
28.57%

Avira AntiVirus
ADWARE/Adware.Gen, TR/Spy.Agent.3526656.2
23.81%

Dr.Web
Adware.DAdmin.151, Adware.Downware.2220
19.05%

VIPRE Antivirus
Threat.4783369
19.05%

Malwarebytes
PUP.Optional.DownloadAdmin
19.05%

Agnitum Outpost
Riskware.Agent
19.05%

Sophos
Download Admin, DownloadAdmin
19.05%

F-Secure
Adware:W32/WebInstallBundle
19.05%

ESET NOD32
Win32/DownloadAdmin.G potentially unwanted application, Win32/DownloadAdmin.H potentially unwanted application
14.29%

Zillya! Antivirus
Adware.Cduit.Win32.20
14.29%

K7 AntiVirus
Adware , Unwanted-Program
9.52%

herdProtect (fuzzy)
a variant of 59d1bf9a3f8f10638351a61157e571e75821ff65
9.52%

McAfee
Artemis!5726256FCFA7
9.52%

Trend Micro House Call
Suspicious_GEN.F47V0706
9.52%

The domain download1.file-mirror.org has been seen to resolve to the following 2 IP addresses.

50.97.235.139
50.97.235.139-static.reverse.softlayer.com
February 3, 2016

208.101.20.2
208.101.20.2-static.reverse.softlayer.com
September 18, 2014

File downloads found at URLs served by download1.file-mirror.org.

1 / 68      (Adware)
http://download1.file-mirror.org/.../chrome-popup.php  (chrome-update.exe)

1 / 68      (Adware)
http://download1.file-mirror.org/.../chrome-popup.php  (chrome-update.exe)

1 / 68      (Adware)
http://download1.file-mirror.org/.../chrome-popup.php  (chrome-update.exe)

1 / 68      (Adware)
http://download1.file-mirror.org/.../chrome-popup.php  (chrome-update.exe)

0 / 68
http://download1.file-mirror.org/download/.../youtube-download-trace.exe  (newapp_test002.exe)

1 / 68      (Adware)
http://download1.file-mirror.org/.../chrome-popup.php  (chrome-update.exe)

1 / 68      (PUP)
http://download1.file-mirror.org/.../chrome-popup.php  (chrome-update.exe)

0 / 68
http://download1.file-mirror.org/download/.../chrome-update.exe  (adad25682071aefde23dc9730d8fe3ae)

1 / 68      (Adware)
http://download1.file-mirror.org/.../chrome-popup.php  (chrome-update.exe)

1 / 68      (Adware)
http://download1.file-mirror.org/.../chrome-popup.php  (chrome-update.exe)

1 / 68      (Adware)
http://download1.file-mirror.org/.../chrome-popup.php  (chrome-update.exe)

1 / 68      (PUP)
http://download1.file-mirror.org/.../optimizer-setup-update.exe  (new_ver_1.5.4.0.exe)

1 / 68
http://download1.file-mirror.org/download/.../chrome-update.exe  (381b2d7ccafbdc40b000a2ab7ca32852)

1 / 68      (Adware)
http://download1.file-mirror.org/.../chrome-popup.php  (chrome-update.exe)

2 / 68      (PUP)
http://download1.file-mirror.org/.../optimizer-setup-update.exe  (new_ver_1.5.4.0.exe)

4 / 68      (PUP)
http://download1.file-mirror.org/download/.../ie-update.exe  (46.0.149.9.exe)

0 / 68
http://download1.file-mirror.org/download/.../chrome-update.exe  (46.0.149.6.exe)

1 / 68      (Adware)
http://download1.file-mirror.org/.../chrome-popup.php  (chrome-update.exe)

3 / 68
http://download1.file-mirror.org/download/.../chrome-update.exe  (46.0.149.9.exe)

0 / 68
http://download1.file-mirror.org/download/.../chrome-update.exe  (46.0.149.9.exe)

1 / 68      (Adware)
http://download1.file-mirror.org/.../chrome-popup.php  (chrome-update.exe)

0 / 68
http://download1.file-mirror.org/download/.../ie-setup-update.exe  (newver_47_11.29.1.8.exe)

12 / 68    (Adware)
http://download1.file-mirror.org/.../chrome-popup.php  (chrome-update.exe)

13 / 68    (Adware)
http://download1.file-mirror.org/.../chrome-popup.php  (chrome-update.exe)

15 / 68    (Adware)
http://download1.file-mirror.org/.../chrome-popup.php  (chrome-update.exe)

14 / 68    (Adware)
http://download1.file-mirror.org/.../chrome-popup.php  (chrome-update.exe)

The following 2 files have been seen to comunicate with download1.file-mirror.org in live environments.

TCP » 208.101.20.2:80
DonutLeadsService.exe (DonutLeadsService)

TCP » 208.101.20.2:80
ie-update.exe

URL:
http://download1.file-mirror.org/

Web server:
Microsoft-IIS/8.5

Facebook:
Shares:  3

Statistics are for the previous month.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.