home

g.brothersoft.com

Kunlun Wanwei Keji Gufen Youxian Gongsi

Domain Information

The domain g.brothersoft.com registered by Kunlun Wanwei Keji Gufen Youxian Gongsi was initially registered in July of 2002 through GODADDY.COM, LLC. The domain hosts various software downloads. The hosted servers are located in Houston, Texas within the United States which resides on the ThePlanet.com Internet Services, Inc. network.
Registrar:
GODADDY.COM, LLC

Server location:
Texas, United States (US)

Create date:
Friday, July 12, 2002

Expires date:
Thursday, July 12, 2018

Updated date:
Friday, April 26, 2013

ASN:
AS36351 SOFTLAYER - SoftLayer Technologies Inc.

Root domain:
brothersoft.com

Whois:
1 brothersoft.com record

Scanner detections:
Detections  (63% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.Babylon.P, PUP.Babylon.BabylonSoftware.Installer (M), PUP.Babylon.BabylonS.Installer (M)
100.00%

Dr.Web
Adware.Babylon.10, Adware.Babylon.8, Adware.Babylon.36
80.00%

Malwarebytes
PUP.Optional.Babylon.A
60.00%

Agnitum Outpost
Trojan.Agent, PUA.Toolbar.Babylon
60.00%

ESET NOD32
Win32/Toolbar.Babylon (variant)
60.00%

Trend Micro House Call
TROJ_GEN.F47V0904, TROJ_GEN.F47V0402
40.00%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen
40.00%

Bkav FE
W32.Clodcfc.Trojan, W32.Clod95a.Trojan
40.00%

Baidu Antivirus
Adware.Win32.Bbylon, Trojan.Win32.Toolbar
40.00%

NANO AntiVirus
Trojan.Win32.Babylon.csuksh, Riskware.Win32.Babylon.craswq
40.00%

VIPRE Antivirus
Babylon
20.00%

Fortinet FortiGate
Riskware/Toolbar_Babylon
20.00%

Norman
Babylon.A
20.00%

Emsisoft Anti-Malware
Riskware.Win32.Toolbar.Babylon.AMN
20.00%

Comodo Security
UnclassifiedMalware
20.00%

The domain g.brothersoft.com has been seen to resolve to the following IP address.

184.172.2.121
184.172.2.121-static.reverse.softlayer.com
February 7, 2014

File downloads found at URLs served by g.brothersoft.com.

6 / 68      (Adware)
http://g.brothersoft.com/c.php?url=http://www.babylon.com/.../download.cgi?type=100&affID=115142&u=69e6i0ejGcH7jFGLkqs6DKEqwMMahPMcIYFcVObfyvuJo5vkow&a=3770  (babylon10_setup.exe)

0 / 68
http://g.brothersoft.com/c.php?u=a6afu6JBKs1pWF5qsr27NFzQk0lBs2B1xn5TvweyrdWTCgyF2w&a=4118&url=http://downloads11.lavasoft.com/.../download.ashx?productcode=adaware$params=http://lavasoft.com/products/ad_aware_update.php?source=inappupdate&mvt-inter=brothersoft_promo&toolbar=yes$dwld=http://downloads11.lavasoft.com/.../download.asp  (adaware_installer.exe)

2 / 68      (Adware)
http://g.brothersoft.com/c.php?url=http://www.babylon.com/redirects/download.cgi?type=100&affID=115143&u=45cdzunTWSUQfYnoqrxop 1BsX6XlMhjz8K10CLOe/.../pmhnv0&a=4660  (babylon10_setup_ns.exe)

1 / 68      (Adware)
http://g.brothersoft.com/c.php?url=http://www.babylon.com/redirects/download.cgi?type=100&affID=115143&u=45cdzunTWSUQfYnoqrxop 1BsX6XlMhjz8K10CLOe/.../pmhnv0&a=4660  (babylon10_setup_ns.exe)

2 / 68      (Adware)
http://g.brothersoft.com/c.php?url=http://www.babylon.com/redirects/download.cgi?type=100&affID=115143&u=9f2dbUScbi2GtE z74o MiXTdpyt/.../xvaQ&a=4660  (babylon10_setup_ns.exe)

0 / 68
http://g.brothersoft.com/c.php?u=a6afu6JBKs1pWF5qsr27NFzQk0lBs2B1xn5TvweyrdWTCgyF2w&a=4118&url=http://downloads11.lavasoft.com/.../download.ashx?productcode=adaware$params=http://lavasoft.com/products/ad_aware_update.php?source=inappupdate&mvt-inter=brothersoft_promo&toolbar=yes$dwld=http://downloads11.lavasoft.com/.../download.asp  (adaware_installer.exe)

0 / 68
http://g.brothersoft.com/c.php?u=a6afu6JBKs1pWF5qsr27NFzQk0lBs2B1xn5TvweyrdWTCgyF2w&a=4118&url=http://downloads11.lavasoft.com/.../download.ashx?productcode=adaware$params=http://lavasoft.com/products/ad_aware_update.php?source=inappupdate&mvt-inter=brothersoft_promo&toolbar=yes$dwld=http://downloads11.lavasoft.com/.../download.asp  (adaware_installer.exe)

19 / 68    (Adware)
http://g.brothersoft.com/c.php?url=http://www.babylon.com/.../download.cgi?type=100&affID=115142&u=69e6i0ejGcH7jFGLkqs6DKEqwMMahPMcIYFcVObfyvuJo5vkow&a=3770  (babylon10_setup.exe)

9 / 68      (Adware)
http://g.brothersoft.com/c.php?url=http://www.babylon.com/.../download.cgi?type=100&affID=115142&u=69e6i0ejGcH7jFGLkqs6DKEqwMMahPMcIYFcVObfyvuJo5vkow&a=3770  (babylon10_setup.exe)

The following 2 files have been seen to comunicate with g.brothersoft.com in live environments.

TCP » 184.172.2.121:80
OrbitDM.exe (Orbit Downloader by Orbitdownloader.com)

TCP » 184.172.2.121:80
ekrn.exe (ESET Endpoint Security by ESET)

URL:
http://g.brothersoft.com/

Web server:
BSWS/2.3 (PHP/5.3.10)

Compete.com:
US visitors:  80,467

Statistics are for the previous month.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.