The domain www.download-office.com is registered by proxy through ENOM, INC. and was originally registered in May of 2012. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in New York City, New York within the United States which resides on the CloudFlare, Inc. network. The domain uses the CloudFlare CDN, a distributed domain name server service which utilizes a number of reverse proxy IP Addresses (see below).
Registrant:
WHOISGUARD, INC.
Server location:
New York, United States (US)
Create date:
Tuesday, May 8, 2012
Expires date:
Monday, May 8, 2017
Updated date:
Thursday, June 11, 2015
ASN:
AS13335 CLOUDFLARENET - CloudFlare, Inc.
Scanner detections:
Detections (95% detected)
Scan engine
Details
Detections
Reason Heuristics
PUP.Installer.DownloadManager.M, PUP.Installer.DownloadManager.F, PUP.Air Software.DownloadManager.Bundler (M), PUP.Air Software.Download.Bundler (M), PUP.Air Software (M)
100.00%
Malwarebytes
PUP.Optional.AirInstaller, PUP.Optional.AirAdInstaller
26.32%
Dr.Web
Trojan.SMSSend.4790, Trojan.SMSSend.4902, Trojan.SMSSend.4979, Adware.Downware.1470
26.32%
VIPRE Antivirus
Iminent, AirInstaller
26.32%
Rising Antivirus
PE:PUF.Airinstall!1.9C4C
26.32%
avast!
Win32:Malware-gen, Win32:PUP-gen [PUP], Win32:Installer-L [PUP]
21.05%
Avira AntiVirus
ADWARE/Adware.Gen, Adware/Airinstall.J
21.05%
AVG
BundleApp_r.D, Win.Threat.Medium
21.05%
ESET NOD32
Win32/AirAdInstaller (variant)
15.79%
K7 AntiVirus
Unwanted-Program , Adware
15.79%
Comodo Security
Application.Win32.AirAdInstaller.B, Application.Win32.Agent.AJ
15.79%
ESET NOD32
Win32/AirAdInstaller.A potentially unwanted application
10.53%
Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.AirInstaller
10.53%
Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.AirInstaller.4
10.53%
The domain www.download-office.com has been seen to resolve to the following 6 IP addresses.
cf-199-27-135-100.cloudflare.com
March 3, 2014
File downloads found at URLs served by www.download-office.com.
The following file have been seen to comunicate with www.download-office.com in live environments.
URL:
http://www.download-office.com/
Title:
“Free Office Software: OfficeNow”
SSL certificate subject:
CN=ssl278878.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated
SSL certificate issuer:
CN=COMODO RSA Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
Web server:
cloudflare-nginx
Statistics are for the previous month.