downloadserver3.wintoflash.com

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain downloadserver3.wintoflash.com is registered by proxy through ENOM, INC. and was originally registered in April of 2009. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Moscow, Moscow City within Russia which resides on the RIPE Network Coordination Centre network.
Registrar:
ENOM, INC.

Server location:
Moscow City, Russia (RU)

Create date:
Wednesday, April 29, 2009

Expires date:
Friday, April 29, 2016

Updated date:
Friday, December 18, 2015

ASN:
AS48614 ITSOFT-AS IT-Soft Ltd.,RU

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Dr.Web
Adware.Downware.1184, Adware.Somoto.17
100.00%

VIPRE Antivirus
BetterInstaller
100.00%

Baidu Antivirus
Trojan.Win32.Adware, Adware.Win32.Somoto
100.00%

ESET NOD32
Win32/Somoto
100.00%

Avira AntiVirus
APPL/Somoto.Gen2, APPL/Somoto.cnu
100.00%

Agnitum Outpost
PUA.Somoto
100.00%

G Data
Win32.Application.Somoto, Application.Bundler.Somoto
100.00%

F-Secure
Application.Bundler.Somoto
100.00%

Fortinet FortiGate
Riskware/Somoto
100.00%

AVG
AdInstaller.Somoto
100.00%

Panda Antivirus
PUP/MultiToolbar.A
100.00%

Qihoo 360 Security
Win32/Virus.Downloader.832
100.00%

Bkav FE
W32.Clodc5c.Trojan, W32.Clod59f.Trojan
100.00%

Malwarebytes
PUP.Optional.Somoto
100.00%

NANO AntiVirus
Trojan.Win32.Agent.cruvhh
100.00%

The domain downloadserver3.wintoflash.com has been seen to resolve to the following IP address.

novicorp.com
January 17, 2014

File downloads found at URLs served by downloadserver3.wintoflash.com.

51 / 68    (Adware)

19 / 68    (PUP)

The following 3 files have been seen to comunicate with downloadserver3.wintoflash.com in live environments.

URL:
http://downloadserver3.wintoflash.com/

Title:
“404 requested Web site does not exist”

Web server:
Microsoft-IIS/8.5