home

lp.downloadsrv13.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain lp.downloadsrv13.com is registered by proxy through GODADDY.COM, LLC and was originally registered in September of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Cambridge, Massachusetts within the United States which resides on the Akamai Technologies, Inc. network.
Registrar:
GODADDY.COM, LLC

Server location:
Massachusetts, United States (US)

Create date:
Sunday, September 15, 2013

Expires date:
Thursday, September 15, 2016

Updated date:
Wednesday, September 16, 2015

ASN:
AS20940 AKAMAI-ASN1 Akamai International B.V.

Root domain:
downloadsrv13.com

Whois:
3 downloadsrv13.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Yontoo.InstallV.Installer (M), PUP.Bundlore.Bundler (M), PUP.Adknowledge.Fileange.Bundler (M), PUP.Amonetize.Bundler.Amonitize.Installer.Meta (M), PUP.Adknowledge.InstallM.Installer (M), PUP.Air Software.Installe.Installer (M), PUP.Yontoo (M), PUP.Bundlore (M), PUP.InstallCore.FC (M), PUP.Softpulse (M), PUP.Air Software (M), PUP.Outbrowse (M)
100.00%

The domain lp.downloadsrv13.com has been seen to resolve to the following 51 IP addresses.

23.219.88.200
a23-219-88-200.deploy.static.akamaitechnologies.com
September 14, 2016

23.219.88.158
a23-219-88-158.deploy.static.akamaitechnologies.com
August 30, 2016

23.219.88.175
a23-219-88-175.deploy.static.akamaitechnologies.com
August 30, 2016

104.96.220.98
a104-96-220-98.deploy.static.akamaitechnologies.com
August 23, 2016

65.158.47.40
August 2, 2016

65.158.47.49
August 2, 2016

104.96.221.145
a104-96-221-145.deploy.static.akamaitechnologies.com
July 24, 2016

104.96.221.89
a104-96-221-89.deploy.static.akamaitechnologies.com
July 24, 2016

216.156.199.9
216.156.199.9.ptr.us.xo.net
July 4, 2016

216.156.199.51
216.156.199.51.ptr.us.xo.net
July 4, 2016

107.14.40.248
June 3, 2016

107.14.45.10
June 3, 2016

104.96.220.106
a104-96-220-106.deploy.static.akamaitechnologies.com
May 16, 2016

104.96.220.129
a104-96-220-129.deploy.static.akamaitechnologies.com
May 16, 2016

23.0.160.98
a23-0-160-98.deploy.static.akamaitechnologies.com
April 14, 2016

69.31.20.48
April 3, 2016

69.31.20.8
April 3, 2016

184.28.17.186
a184-28-17-186.deploy.static.akamaitechnologies.com
February 2, 2016

23.0.160.97
a23-0-160-97.deploy.static.akamaitechnologies.com
January 31, 2016

23.0.160.96
a23-0-160-96.deploy.static.akamaitechnologies.com
January 31, 2016

198.47.116.25
January 3, 2016

198.47.116.10
January 3, 2016

184.28.17.169
a184-28-17-169.deploy.static.akamaitechnologies.com
December 15, 2015

184.28.17.218
a184-28-17-218.deploy.static.akamaitechnologies.com
December 15, 2015

173.205.24.152
September 1, 2015

173.205.24.147
September 1, 2015

168.143.242.241
August 11, 2015

168.143.242.218
August 11, 2015

63.88.100.185
May 5, 2015

63.88.100.187
May 5, 2015

 
Showing 30 of 51 IP Addresses

File downloads found at URLs served by lp.downloadsrv13.com.

1 / 68      (Adware)
http://lp.downloadsrv13.com/.../setup.exe  (8da4047d7a586e4aa4064807ed234d2d)

The following 840 files have been seen to comunicate with lp.downloadsrv13.com in live environments.

TCP » 104.96.220.106:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 23.219.88.200:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 104.96.220.98:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 104.96.220.129:443
kometa.exe (Kometa by Kometa Authors)

TCP » 23.15.7.154:80
browser.exe (speed browser by Smart Applications)

TCP » 23.219.88.158:80
browser.exe (Browser)

TCP » 104.96.220.98:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 104.96.220.129:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 23.219.88.200:80
updateadanak.exe

TCP » 23.15.9.32:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 23.219.88.158:80
jingling.exe

TCP » 104.96.220.106:80
GPlayer.exe (by Exent Technologies)

TCP » 23.15.9.58:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 23.219.88.175:80
cpx.exe (Google Embedded Application)

TCP » 23.3.13.226:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 23.62.6.179:80
plugin.exe

TCP » 104.96.220.129:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.28.17.186:80
browser.exe (speed browser by Smart Applications)

TCP » 104.96.221.145:443
online-guardian-v2.exe

TCP » 23.219.88.158:80
set_hnrmfrgr.exe (Credited Handy System Installer)

 
Latest 20 of 873 files

URL:
http://lp.downloadsrv13.com/

Title:
“Software Solutions”

Web server:
nginx/1.6.3

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.