www.download-office.com

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain www.download-office.com is registered by proxy through ENOM, INC. and was originally registered in May of 2012. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in New York City, New York within the United States which resides on the CloudFlare, Inc. network. The domain uses the CloudFlare CDN, a distributed domain name server service which utilizes a number of reverse proxy IP Addresses (see below).
Remove Malware from www.download-office.com - Powered by Reason Core Security
Registrar:
ENOM, INC.

Server location:
New York, United States (US)

Create date:
Tuesday, May 08, 2012

Expires date:
Monday, May 08, 2017

Updated date:
Thursday, June 11, 2015

ASN:
AS13335 CLOUDFLARENET - CloudFlare, Inc.

Scanner detections:
Detections  (86% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.DownloadManager.M, PUP.Installer.DownloadManager.F, PUP.Air Software.DownloadManager.Bundler (M)
100.00%

Malwarebytes
PUP.Optional.AirInstaller, PUP.Optional.AirAdInstaller
83.33%

Dr.Web
Trojan.SMSSend.4790, Trojan.SMSSend.4902, Trojan.SMSSend.4979, Adware.Downware.1470
83.33%

VIPRE Antivirus
Iminent, AirInstaller
83.33%

Rising Antivirus
PE:PUF.Airinstall!1.9C4C
83.33%

K7 Gateway Antivirus
Unwanted-Program
66.67%

avast!
Win32:Malware-gen, Win32:PUP-gen [PUP], Win32:Installer-L [PUP]
66.67%

Avira AntiVirus
ADWARE/Adware.Gen, Adware/Airinstall.J
66.67%

AVG
BundleApp_r.D, Win.Threat.Medium
66.67%

ESET NOD32
Win32/AirAdInstaller (variant)
50.00%

K7 AntiVirus
Unwanted-Program , Adware
50.00%

Comodo Security
Application.Win32.AirAdInstaller.B, Application.Win32.Agent.AJ
50.00%

Sophos
AirInstaller
50.00%

ESET NOD32
Win32/AirAdInstaller.A potentially unwanted application
33.33%

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.AirInstaller
33.33%

The domain www.download-office.com has been seen to resolve to the following 5 IP addresses.

January 3, 2016

January 3, 2016

April 13, 2014

April 13, 2014

cf-199-27-135-100.cloudflare.com
March 3, 2014

File downloads found at URLs served by www.download-office.com.

32 / 68    (Adware)

32 / 68    (Adware)

1 / 68      (Adware)

14 / 68    (Adware)

11 / 68    (Adware)

7 / 68      (Adware)

The following file have been seen to comunicate with www.download-office.com in live environments.

URL:
http://www.download-office.com/

Title:
“Free Office Software: OfficeNow”

Description:
“#”

SSL certificate subject:
CN=ssl278878.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO RSA Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
cloudflare-nginx

Facebook:
Shares:  1

Statistics are for the previous month.

Remove Malware from www.download-office.com - Powered by Reason Core Security