home

mobilitydata5.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain mobilitydata5.com is registered by proxy through GODADDY.COM, LLC and was originally registered in February of 2015. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Chicago, Illinois within the United States which resides on the FDCservers.net network.
Registrar:
GODADDY.COM, LLC

Server location:
Illinois, United States (US)

Create date:
Thursday, February 12, 2015

Expires date:
Sunday, February 12, 2017

Updated date:
Thursday, April 16, 2015

ASN:
AS6461 ABOVENET - Abovenet Communications, Inc,US

Whois:
1 mobilitydata5.com record

Scanner detections:
Detections  (96% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.InstallCore, Adware.ConvertAd.Installer.Meta (M), PUP.InstallCore (M), PUP.ExtremeWhite.CityRoadlabsExtremeWhiteLimited.Installer (M), PUP.InstallCore.RE (M)
63.83%

Avira AntiVirus
ADWARE/InstallCore.Gen7, TR/Trash.Gen, PUA/InstallCore.Gen7, W32/Ramnit.A, ADWARE/CrossRider.Gen, ADWARE/CrossRider.Gen7
42.55%

avast!
Malware-gen, Win32:Malware-gen, Win32:ScrambleWrapper-A [PUP]
40.43%

F-Prot
W32/A-fa569e41, W32/A-df0bbe51, W32/A-e3871acb, W32/A-95939616
38.30%

ESET NOD32
Win32/InstallCore.PK potentially unwanted application, Win32/InstallCore.PO potentially unwanted application, Win32/InstallCore.PL potentially unwanted application, Win32/InstallCore.VV potentially unwanted application
34.04%

G Data
Win32.Application.AnyProtect, Win32.Adware.CrossriderWrapper
34.04%

Baidu Antivirus
Adware.Win32.InstallCore
31.91%

VIPRE Antivirus
Threat.4150696, Trojan.Win32.Generic
29.79%

SUPERAntiSpyware
PUP.InstallCore/Variant
29.79%

Dr.Web
Adware.ClickMeIn.827, Adware.ClickMeIn.933, Trojan.DownLoader12.47681, Trojan.MulDrop5.10078, Trojan.Packed.25266, Trojan.Crossrider1.42769
29.79%

Qihoo 360 Security
Win32/Virus.Adware.94c, HEUR/QVM42.0.Malware.Gen, HEUR/QVM06.1.Malware.Gen, Win32/Virus.00e, HEUR/QVM42.1.Malware.Gen
27.66%

NANO AntiVirus
Riskware.Win32.InstallCore.dqheqe, Riskware.Win32.InstallCore.dfuunj, Trojan.InnoSetup.Agent.duatzb, Trojan.Win32.MLW.dpnylv
21.28%

Malwarebytes
PUP.Optional.InstallCore.A, PUP.Optional.GoHD, PUP.Optional.GoHD.A
21.28%

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen, Trojan.GoogUpdate
21.28%

AVG
Adware InstallCore.ALX, ScrambleWrapper.A, AdLoad
19.15%

The domain mobilitydata5.com has been seen to resolve to the following 6 IP addresses.

216.227.128.186
dl21.clickmein.com
February 4, 2016

199.115.115.14
February 4, 2016

199.115.115.13
February 4, 2016

192.240.114.2
dl17.clickmein.com
February 4, 2016

108.59.9.195
February 4, 2016

50.7.99.2
dl16.clickmein.com
February 4, 2016

File downloads found at URLs served by mobilitydata5.com.

3 / 68      (PUP)
http://mobilitydata5.com/.../count.php  (nsaa640.tmp)

1 / 68      (Adware)
http://mobilitydata5.com/.../dlgen.php?r=vu_vo2_top4&rr=J&sct=AGR&sid=95A07D8A-D530-11E2-B4C6-C870F8A92900&civ=0&pac=  (icreinstall_nsc8443.tmp)

5 / 68      (PUP)
http://mobilitydata5.com/.../dlgen.php?r=vu_vo2_&rr=J&sct=AGR&sid=95A07D8A-D530-11E2-B4C6-C870F8A92900&civ=0&pac=  (setup.exe)

11 / 68    (Adware)
http://mobilitydata5.com/.../dljo.php?r=vu_vo2_&rr=J&sct=AGR&sid=95A07D8A-D530-11E2-B4C6-C870F8A92900&civ=0&pac=  (icreinstall_nsb83f4.tmp)

15 / 68    (PUP)
http://mobilitydata5.com/.../dls.php?r=vu_vo2_SO&rr=C&sct=AGR&isnw=2&civ=1&pac=&gdp=&gda=&gdv=&pip=&pia=&piv=&pst=1426618673&sisn=1  (nso604c.tmp)

3 / 68      (PUP)
http://mobilitydata5.com/.../dl.php?r=vu_vo2_100&rr=R&sct=AGR&sid=60D9192C-2EEC-E111-8733-B05A8F547530&isnw=7&prd=1&civ=0&pac=AS&guidv=7  (setup.exe)

12 / 68    (Adware)
http://mobilitydata5.com/.../dlgen.php?r=vu_vo2_SO01&rr=J&sct=AGR&sid=A3122A94-E62E-11E3-AE94-448A5B66490F&civ=0&pac=  (icreinstall_nsg8f51.tmp)

9 / 68      (PUP)
http://mobilitydata5.com/.../dljo.php?r=vu_vo2_&rr=J&sct=AGR&sid=A3122A94-E62E-11E3-AE94-448A5B66490F&civ=0&pac=  (nso18e.tmp)

8 / 68      (PUP)
http://mobilitydata5.com/.../dljo.php?r=vu_vo2_&rr=J&sct=AGR&sid=4C4C4544-0042-5110-8057-B9C04F4C5031&civ=0&pac=  (nswe4.tmp)

7 / 68      (Adware)
http://mobilitydata5.com/.../dlgen.php?r=vu_vo2_LOF1&rr=H&sct=AGR&sid=  (icreinstall_nsq9e70.tmp)

16 / 68    (PUP)
http://mobilitydata5.com/.../dlgen.php?r=vu_vo2_BBN&rr=H&sct=AGR&sid=  (setup.exe)

25 / 68    (Adware)
http://mobilitydata5.com/.../dlgen.php?r=vu_vo2_100&rr=H&sct=AGR&sid=  (setup.exe)

7 / 68      (PUP)
http://mobilitydata5.com/.../dljo.php?r=vu_vo2_&rr=J&sct=AGR&sid=34575120-1DD2-11B2-8000-8C3AF0D4EE3C&civ=0&pac=  (nsg4995.tmp)

1 / 68      (Adware)
http://mobilitydata5.com/.../dlgen.php?r=vu_vo2_top4&rr=H&sct=AGR&sid=  (icreinstall_nsle38c.tmp)

17 / 68    (PUP)
http://mobilitydata5.com/.../dlgen.php?r=vu_vo2_IMZ01&rr=H&sct=AGR&sid=  (nsj4004.tmp)

24 / 68    (Adware)
http://mobilitydata5.com/.../dlgen.php?r=vu_vo2_AM01&rr=H&sct=AGR&sid=  (setup.exe)

6 / 68      (PUP)
http://mobilitydata5.com/.../zgm.php?sid=38476834  (nse5345.tmp)

1 / 68      (Adware)
http://mobilitydata5.com/.../dlgen.php?r=vu_vo2_IMR1&rr=H&sct=AGR&sid=  (icreinstall_nsb6718.tmp)

9 / 68      (PUP)
http://mobilitydata5.com/.../dljo.php?r=vu_vo2_&rr=J&sct=AGR&sid=2468598B-0D1E-6191-0694-D02788776698&civ=0&pac=AS  (nsjbe58.tmp)

6 / 68      (PUP)
http://mobilitydata5.com/.../dlgen.php?r=vu_vo2_SGW&rr=H&sct=AGR&sid=  (nsi7047.tmp)

15 / 68    (PUP)
http://mobilitydata5.com/.../dlgen.php?r=vu_vo2_MON&rr=H&sct=AGR&sid=  (setup.exe)

1 / 68      (Adware)
http://mobilitydata5.com/.../dlgen.php?r=vu_vo2_ICE&rr=H&sct=AGR&sid=  (icreinstall_nsp4c6c.tmp)

7 / 68      (PUP)
http://mobilitydata5.com/.../dljo.php?r=vu_vo2_100&rr=J&sct=AGR&sid=400A08F1-BADA-DE11-9F7A-A416C614312B&civ=0&pac=  (nsbe393.tmp)

11 / 68    (Adware)
http://mobilitydata5.com/.../dljo.php?r=vu_vo2_&rr=J&sct=AGR&sid=03000200-0400-0500-0006-000700080009&civ=0&pac=  (icreinstall_nsb83f4.tmp)

7 / 68      (PUP)
http://mobilitydata5.com/.../dlgen.php?r=vu_vo2_SO&rr=J&sct=AGR&sid=A6CB4C80-430B-11E4-A41C-9AA8B9DB1600&civ=0&pac=  (nsj1ee.tmp)

11 / 68    (Adware)
http://mobilitydata5.com/.../dlgen.php?r=vu_vo2_&rr=J&sct=AGR&sid=A6CB4C80-430B-11E4-A41C-9AA8B9DB1600&civ=0&pac=  (icreinstall_nsoa7f5.tmp)

11 / 68    (Adware)
http://mobilitydata5.com/.../dljo.php?r=vu_vo2_&rr=J&sct=AGR&sid=33554741-B3E4-E211-A2CB-2089840CAF6D&civ=0&pac=  (icreinstall_nsb83f4.tmp)

The following 1270 files have been seen to comunicate with mobilitydata5.com in live environments.

TCP » 216.227.128.186:443
wdsrvwrapper.exe

TCP » 216.227.128.186:80
qnsl1e89.tmp

TCP » 216.227.128.186:443
kns4956.tmp

TCP » 216.227.128.186:443
pro83c2.tmp

TCP » 216.227.128.186:80
WebNotifier.exe (TODO: <Product name> by TODO: <Company name>)

TCP » 216.227.128.186:80
kns71c8.tmp

TCP » 216.227.128.186:80
nspd4a0.tmp

TCP » 216.227.128.186:80
kns4956.tmp

TCP » 216.227.128.186:443
kns611f.tmp

TCP » 216.227.128.186:443
kns71c8.tmp

TCP » 216.227.128.186:443
kns3238.tmp

TCP » 216.227.128.186:80
beb3.tmp

TCP » 216.227.128.186:443
7fb98491-dfe4-4fc7-984c-6d8955740618.exe

TCP » 216.227.128.186:443
knsd5b2.tmp

TCP » 216.227.128.186:80
snsv9ba3.tmp

TCP » 216.227.128.186:80
snsvfffb.tmp

TCP » 216.227.128.186:443
kns264d.tmp

TCP » 216.227.128.186:443
asins.exe

TCP » 216.227.128.186:80
susrv.exe

TCP » 216.227.128.186:443
7iqkebw

 
Latest 20 of 1,376 files

URL:
http://mobilitydata5.com/

Google Analytics:
UA-21120979

Title:
“Download Servers”

Web server:
nginx/1.6.2

amazonaws.com

counter99.com

download-ap.com

download-servers.com

globalstorage1.com

livestatscounter.com

software-repository.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.