downloads.updatesoftnow.com

PERFECT PRIVACY, LLC  (Proxy Registrant)

Domain Information

The domain downloads.updatesoftnow.com is registered by proxy through DUCKBILLEDDOMAINS.COM LLC and was originally registered in November of 2015. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in New York City, New York within the United States which resides on the Digital Ocean, Inc. network.
Remove Malware from downloads.updatesoftnow.com - Powered by Reason Core Security
Registrar:
DUCKBILLEDDOMAINS.COM LLC

Server location:
New York, United States (US)

Create date:
Tuesday, November 10, 2015

Expires date:
Thursday, November 10, 2016

Updated date:
Tuesday, November 10, 2015

ASN:
AS14061 DIGITALOCEAN-ASN - Digital Ocean, Inc.

Root domain:

Scanner detections:
Detections  (98% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Air Software.DownloadManager.Bundler (M), PUP.Air Software.AirSoftware.Bundler (M), PUP.Adknowledge.InstallManager.Installer (M), PUP.Vittalia.InstallAssistant.Installer (M), PUP.Softpulse.DigitalPlugin.Bundler (M), PUP.Softpulse.Appsecure.Bundler (M)
97.96%

VIPRE Antivirus
Threat.4784938, Iminent, Threat.4150696, Threat.4782985
91.84%

Malwarebytes
PUP.Optional.AirAdInstaller, PUP.Optional.AirInstaller, PUP.Optional.Bundle
89.80%

K7 Gateway Antivirus
Unwanted-Program
89.80%

K7 AntiVirus
Unwanted-Program
89.80%

avast!
PUP-gen [PUP], Win32:Installer-L [PUP], Malware-gen, Win32:Adware-CAH [PUP], Win32:Adware-gen [Adw], Win32:Malware-gen
89.80%

NANO AntiVirus
Riskware.Win32.AirAdInstaller.cwjiid, Riskware.Win32.AirAdInstaller.cwbkcs, Riskware.Win32.AirAdInstaller.cwanhi, Riskware.Win32.AirAdInstaller.dafqnz
89.80%

Dr.Web
Trojan.SMSSend.4979, Adware.Downware.2035, Trojan.SMSSend.4790, Trojan.SMSSend.5326, Adware.Downware.10718, Trojan.SMSSend.4953
89.80%

Avira AntiVirus
ADWARE/Adware.Gen, Adware/AgentCV.A.6399, Adware/AirAdInstaller.aldw.4, Adware/AgentCV.A.6255, Adware/AirAdInstaller.aldw.6
89.80%

AVG
Adware BundleApp, Generic_r, Adware InstallCore, Potentially harmful program Skodna.Downloader
89.80%

Agnitum Outpost
PUA.AirAdInstaller
87.76%

Sophos
AirInstaller, PUA 'AirInstaller'
87.76%

Antiy Labs AVL
Trojan[:HEUR]/Win32.AGeneric, GrayWare[AdWare:not-a-virus]/Win32.AirAdInstaller, Riskware[:not-a-virus]/Win32.AirAdInstaller.aldw
87.76%

Vba32 AntiVirus
AdWare.AirAdInstaller, AdWare.AirAdInstaller.ajov
87.76%

Rising Antivirus
PE:PUF.Airinstall!1.9C4C
87.76%

The domain downloads.updatesoftnow.com has been seen to resolve to the following 16 IP addresses.

December 7, 2015

November 23, 2015

November 18, 2015

ns513839.ip-167-114-156.net
November 12, 2015

November 12, 2015

August 27, 2015

173.192.195.228-static.reverse.softlayer.com
May 16, 2014

empire.airinstaller.com
May 13, 2014

108.168.218.35-static.reverse.softlayer.com
May 1, 2014

chicago.airinstaller.com
April 23, 2014

justice.airinstaller.com
April 23, 2014

uswestmeganode1.airinstaller.com
April 16, 2014

50.23.68.85-static.reverse.softlayer.com
April 14, 2014

173.192.195.226-static.reverse.softlayer.com
April 13, 2014

babar.airinstaller.com
March 6, 2014

108.168.218.34-static.reverse.softlayer.com
February 24, 2014

File downloads found at URLs served by downloads.updatesoftnow.com.

 
Latest 30 of 406 download URLs

The following 4 files have been seen to comunicate with downloads.updatesoftnow.com in live environments.

URL:
http://downloads.updatesoftnow.com/

Google Analytics:
UA-19309218

Title:
“updatesoftnow.com - This website is for sale! - updatesoftnow Resources and Information.”

Title (2/24/2014):
“Air Installer ™”

Title (8/27/2015):
“Updatesoftnow.com”

Description:
“This website is for sale! updatesoftnow.com is your first and best source for information about updatesoftnow . Here you will also find topics relating to issues of general interest. We hope you find what you are looking for!”

Web server:
Apache (PHP/5.3.3-7+squeeze28)

30 of 34 related domains

Remove Malware from downloads.updatesoftnow.com - Powered by Reason Core Security