home

fbdownloader.com

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain fbdownloader.com is registered by proxy through ENOM, INC. and was originally registered in March of 2011. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Portland, Oregon within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Oregon) region datacenter.
Registrar:
ENOM, INC.

Server location:
Oregon, United States (US)

Create date:
Wednesday, March 30, 2011

Expires date:
Wednesday, March 30, 2016

Updated date:
Wednesday, December 10, 2014

Whois:
2 fbdownloader.com records

Scanner detections:
Detections  (75% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.HTTOGROUP.M, PUP.Installer.HTTOGROUP
75.00%

Rising Antivirus
PE:Trojan.Win32.Generic.1419DBAA!337238954
25.00%

Dr.Web
Adware.Shopper.360
25.00%

Bkav FE
W32.HfsAdware
25.00%

Malwarebytes
PUP.Optional.HTTOGROUP.A
25.00%

ESET NOD32
Win32/Adware.Snoozer (variant)
25.00%

Trend Micro House Call
Suspicious_GEN.F47V0517
25.00%

Baidu Antivirus
Adware.Win32.Snoozer
25.00%

Qihoo 360 Security
HEUR/QVM42.1.Malware.Gen
25.00%

Zillya! Antivirus
Worm.VBNA.Win32.258252
25.00%

G Data
NSIS.Application.PUPInstaller
25.00%

The domain fbdownloader.com has been seen to resolve to the following IP address.

54.245.81.123
ec2-54-245-81-123.us-west-2.compute.amazonaws.com
April 11, 2014

File downloads found at URLs served by fbdownloader.com.

2 / 68
http://fbdownloader.com/lp/.../FBDownloader.exe  (1bf0bea7c00215fff4e5cb6d9ed36adb)

7 / 68      (Adware)
http://fbdownloader.com/lp/.../FBDownloader.exe  (ab72461a5cd209343c5cb18e7320f776)

2 / 68      (Adware)
http://fbdownloader.com/lp/.../FBDownloader.exe  (ed59f58c119b2982c8f3dd8f12dc079c)

2 / 68      (Adware)
http://fbdownloader.com/lp/.../FBDownloader.exe  (f7c0724df6c1526498ecf99803191889)

The following 9 files have been seen to comunicate with fbdownloader.com in live environments.

TCP » 54.245.81.123:80
fbdownloader.crx

TCP » 54.245.81.123:80
fbdownloader.crx

TCP » 54.245.81.123:80
fbdownloader.crx

TCP » 54.245.81.123:80
fbdownloader.crx

TCP » 54.245.81.123:80
fbdownloader.crx

TCP » 54.245.81.123:80
fbdownloader.crx

TCP » 54.245.81.123:80
fbdownloader.crx

TCP » 54.245.81.123:80
fbdownloader.crx

TCP » 54.245.81.123:80
fbdownloader.crx

URL:
http://fbdownloader.com/

Google Analytics:
UA-22484878

Title:
“fbDownloader - Download your facebook photos”

Description:
“A free facebook photos download software, download your tagged photos, albums and friends' photos - Free for windows XP/7”

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
Apache

Facebook:
Likes:  34,693
Shares:  760
Comments:  220

Twitter:
Shares:  62

Statistics above are for the previous month of May 2017.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.