home

www.download-servers.com

Domain Privacy Service FBO Registrant.  (Proxy Registrant)

Domain Information

The domain www.download-servers.com is registered by proxy through DOMAIN.COM, LLC and was originally registered in December of 2011. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Chicago, Illinois within the United States which resides on the FDCservers.net network.
Registrar:
DOMAIN.COM, LLC

Server location:
Illinois, United States (US)

Create date:
Tuesday, December 20, 2011

Expires date:
Wednesday, December 20, 2017

Updated date:
Friday, November 21, 2014

Root domain:
download-servers.com

Whois:
3 download-servers.com records

Google Safe Browsing:
unwanted

Scanner detections:
Detections  (92% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.InstallCore.W, PUP.VOPackage.Installer.Meta, PUP.Somoto.SiteonSpot.Bundler (M), PUP.InstallCore (M), PUP.installCore.ClickMeIn.Installer (M), PUP.InstallCore.RE (M), PUP.Somoto.Installer (M), PUP.installCore.ClickMeI.Installer (M), PUP.installCore (M), PUP.Softpulse.PluginUp.Bundler (M), PUP.Amonitize.Installer, Win32.Generic
85.11%

ESET NOD32
Win32/InstallCore.PK potentially unwanted application, Win32/InstallCore.PO potentially unwanted application, Win32/InstallCore.AEO.gen potentially unwanted application, Win32/InstallCore.PL potentially unwanted application, Win32/InstallCore.BL potentially unwanted application
31.91%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4150696, Threat.4721115
21.28%

Dr.Web
Trojan.Packed.25266, Trojan.MulDrop5.10078, Trojan.Packed.28357, Trojan.InstallCore.1903
19.15%

Baidu Antivirus
Adware.Win32.InstallCore, Adware.Win32.Somoto
14.89%

G Data
Win32.Trojan.Agent.GP0QF1, Win32.Application.AnyProtect
12.77%

F-Prot
W32/A-e3871acb, W32/A-df0bbe51, W32/Sality.gen2
12.77%

AVG
AdLoad.S, Adware InstallCore.ALX, Win32/Sality
12.77%

avast!
Dropper-gen [Drp], Malware-gen, Win32:Malware-gen, Win32:Kukacka, Win32:SaliCode
10.64%

Avira AntiVirus
ADWARE/InstallCore.Gen7, PUA/InstallCore.Gen7
10.64%

Malwarebytes
PUP.Optional.Downloader, PUP.Optional.Somoto.SID.A, PUP.Optional.InstallCore
6.38%

Qihoo 360 Security
Win32/Trojan.Dropper.c9f, HEUR/QVM06.1.Malware.Gen, Win32/Virus.Downloader.912
6.38%

NANO AntiVirus
Riskware.Win32.InstallCore.dmkfnq, Trojan.Nsis.Downloader.dpxxrf, Riskware.Win32.InstallCore.dfgoud
6.38%

McAfee
RDN/Generic PUP.x!ckc, Artemis!79428D08D7F3
4.26%

K7 AntiVirus
Trojan
4.26%

The domain www.download-servers.com has been seen to resolve to the following 22 IP addresses.

199.115.115.13
May 5, 2015

108.59.9.203
May 5, 2015

108.59.9.195
May 5, 2015

199.115.115.14
May 5, 2015

50.7.74.170
dl18.clickmein.com
May 30, 2014

76.73.18.18
dl15.clickmein.com
May 30, 2014

192.240.97.58
dl13.clickmein.com
May 30, 2014

192.240.114.2
dl17.clickmein.com
May 30, 2014

50.7.133.50
dl12.clickmein.com
May 30, 2014

216.227.128.186
dl21.clickmein.com
May 30, 2014

50.7.101.42
dl14.clickmein.com
May 30, 2014

216.227.128.162
dl22.clickmein.com
May 30, 2014

50.7.74.18
dl23.clickmein.com
May 30, 2014

50.7.99.2
dl16.clickmein.com
May 30, 2014

50.7.55.178
dl8.clickmein.com
January 16, 2014

50.7.55.162
dl7.clickmein.com
January 16, 2014

174.37.16.89
dl1.clickmein.com
December 25, 2013

206.190.150.70
dl6.clickmein.com
December 25, 2013

173.193.214.228
dl5.clickmein.com
December 13, 2013

174.36.55.71
dl2.clickmein.com
December 13, 2013

173.193.202.79
dl4.clickmein.com
December 13, 2013

199.189.107.164
dl3.clickmein.com
December 13, 2013

File downloads found at URLs served by www.download-servers.com.

1 / 68      (inconclusive)
http://www.download-servers.com/.../VuuPC_setup.exe  (ac92a4215277da0d7c8dc6d874eda06a)

1 / 68      (PUP)
http://www.download-servers.com/.../dl.php?r=3_vu&rr=37  (setup.exe)

5 / 68      (PUP)
http://www.download-servers.com/.../dl.php?r=vu_vo2_SOTO&rr=C&sct=AGR&sid=03000200-0400-0500-0006-000700080009  (nsoee38.tmp)

1 / 68      (Adware)
http://www.download-servers.com/.../dl.php?r=vu_vo2_SOTO&rr=C&sct=AGR&sid=D6C7C3DF-B952-7A47-9BE1-047D7B540925  (icreinstall_nsh5c45.tmp)

5 / 68      (PUP)
http://www.download-servers.com/.../dl.php?r=vu_vo2_SO&rr=C&sct=AGR&sid=D86D0FD4-5840-11E1-8C85-48A581DF0700  (setup.exe)

0 / 68
http://www.download-servers.com/.../dl.php?r=vu_vo2_SO&rr=UN&sct=AGR&sid=  (nsf615f.tmp)

19 / 68    (Adware)
http://www.download-servers.com/.../dl.php?r=vu_vo2_LOF1&rr=UN&sct=AGR&sid=  (bi.exe)

1 / 68      (PUP)
http://www.download-servers.com/.../dl.php?r=vu_vo2_LOF1&rr=C&sct=AGR&sid=ACB0A456-15BD-DF11-910F-88AE1DD7B79A&isnw=2  (nszf61d.tmp)

1 / 68      (Adware)
http://www.download-servers.com/.../dl.php?r=vu_vo2_SOTO&rr=S&sct=AGR&sid=5B754240-3858-11DE-ACE7-00248CDF6764  (icreinstall_nsn96b6.tmp)

1 / 68      (Adware)
http://www.download-servers.com/.../dl.php?r=vu_vo2_SOTO&rr=C&sct=AGR&sid=5B754240-3858-11DE-ACE7-00248CDF6764  (icreinstall_nsr7ec7.tmp)

8 / 68      (PUP)
http://www.download-servers.com/.../dl.php?r=vu_vo2_SOTO&rr=UN&sct=AGR&sid=  (nsmd054.tmp)

1 / 68      (Adware)
http://www.download-servers.com/.../dl.php?r=vu_vo2_SOTO&rr=C&sct=AGR&sid=00000000-0000-0000-0000-0021855D139C  (icreinstall_nso3922.tmp)

3 / 68      (Adware)
http://www.download-servers.com/.../dl.php?r=vu_vo2_SOTO&rr=S&sct=AGR&sid=00000000-0000-0000-0000-0021855D139C  (icreinstall_nswf0c6.tmp)

1 / 68      (Adware)
http://www.download-servers.com/.../dl.php?r=vu_vo2_SOTO&rr=R&sct=AGR&sid=00000000-0000-0000-0000-0021855D139C  (icreinstall_nsk30f4.tmp)

1 / 68      (Adware)
http://www.download-servers.com/.../dl.php?r=vu_vo2_CP3&rr=R&sct=AGR  (icreinstall_nsq7f11.tmp)

0 / 68
http://www.download-servers.com/.../dl.php?r=vu_vo2_SOTO&rr=R&sct=AGR&sid=7BA46526-FEAF-E311-98E7-201A06FCA720&isnw=2  (nsc2b.tmp)

18 / 68    (Adware)
http://www.download-servers.com/.../dl.php?r=vu_vo2_SOTO&rr=S&sct=AGR&sid=7BA46526-FEAF-E311-98E7-201A06FCA720&isnw=2  (icreinstall_nsife98.tmp)

1 / 68      (Adware)
http://www.download-servers.com/.../ClickMeInGeneric.exe  (96efb848ce28ba1834f8eb768170b77a)

1 / 68      (Adware)
http://www.download-servers.com/.../dl.php?r=vu_vo2_SO&rr=R&sct=AGR&sid=DC8123E3-327B-C9F7-0580-001D60F39D4F  (icreinstall_nsb3775.tmp)

7 / 68      (Malware)
http://www.download-servers.com/.../Validate.exe  (602fcbd0fadbaee8007ad1f2e3e964d1)

6 / 68      (PUP)
http://www.download-servers.com/.../dl.php?r=vu_vo2_SOTO&rr=C&sct=AGR&sid=28E89430-DD2B-81E3-30CA-6002922DBB4E&isnw=2  (nste0ca.tmp)

1 / 68      (Adware)
http://www.download-servers.com/.../dl.php?r=vu_vo2_SOTO&rr=S&sct=AGR&sid=28E89430-DD2B-81E3-30CA-6002922DBB4E&isnw=2  (icreinstall_nsl8e77.tmp)

1 / 68      (Adware)
http://www.download-servers.com/.../dl.php?r=vu_vo2_100&rr=C&sct=AGR&sid=11E2B36E-E527-E211-A26E-B888E39930A3  (icreinstall_nsya6a8.tmp)

1 / 68      (Adware)
http://www.download-servers.com/.../dl.php?r=vu_vo2_LS123&rr=R&sct=AGR&sid=4C4C4544-0043-4D10-8038-B1C04F385331  (icreinstall_nsk6cf6.tmp)

1 / 68      (Adware)
http://www.download-servers.com/.../dl.php?r=vu_vo2_SOTO&rr=R&sct=AGR&sid=F369BFCC-E0D4-E211-B5A6-208984E12B78&isnw=2  (icreinstall_nsd1bc5.tmp)

1 / 68      (Adware)
http://www.download-servers.com/.../dl.php?r=vu_vo2_SOTO&rr=R&sct=AGR&sid=33444335-3632-5830-5A32-A45D3671228A  (icreinstall_nsfedcb.tmp)

1 / 68      (Adware)
http://www.download-servers.com/.../dl.php?r=vu_vo2_SOTO&rr=C&sct=AGR&sid=767ABF2B-B188-E549-2B17-0021CC529CEC  (icreinstall_nsjab9d.tmp)

1 / 68      (Adware)
http://www.download-servers.com/.../dl.php?r=vu_vo2_sp&rr=C&sct=AGR&sid=72CDC7A0-8EE7-11DF-8B90-20CF301F0AA2&isnw=2  (icreinstall_nshefd0.tmp)

2 / 68      (PUP)
http://www.download-servers.com/.../Generic_vo.exe  (a53bf11bb38d6a7431e6543d86c8f499)

0 / 68
http://www.download-servers.com/.../dl.php?r=vu_vo2_sp&rr=UN&sct=AGR&sid=  (nshb8a7.tmp)

 
Latest 30 of 1,699 download URLs

The following 1379 files have been seen to comunicate with www.download-servers.com in live environments.

TCP » 216.227.128.186:443
wdsrvwrapper.exe

TCP » 216.227.128.186:80
qnsl1e89.tmp

TCP » 216.227.128.186:443
kns4956.tmp

TCP » 216.227.128.186:443
pro83c2.tmp

TCP » 216.227.128.186:80
WebNotifier.exe (TODO: <Product name> by TODO: <Company name>)

TCP » 216.227.128.186:80
kns71c8.tmp

TCP » 216.227.128.186:80
nspd4a0.tmp

TCP » 216.227.128.186:80
kns4956.tmp

TCP » 216.227.128.186:443
kns611f.tmp

TCP » 216.227.128.186:443
kns71c8.tmp

TCP » 216.227.128.186:443
kns3238.tmp

TCP » 216.227.128.186:80
beb3.tmp

TCP » 216.227.128.186:443
7fb98491-dfe4-4fc7-984c-6d8955740618.exe

TCP » 216.227.128.186:443
knsd5b2.tmp

TCP » 216.227.128.186:80
snsv9ba3.tmp

TCP » 216.227.128.186:80
snsvfffb.tmp

TCP » 216.227.128.186:443
kns264d.tmp

TCP » 216.227.128.186:443
asins.exe

TCP » 216.227.128.186:80
susrv.exe

TCP » 216.227.128.186:443
7iqkebw

 
Latest 20 of 1,532 files

URL:
http://www.download-servers.com/

Google Analytics:
UA-21120979

Title:
“Download Servers”

Web server:
nginx/1.8.0

Facebook:
Likes:  1
Shares:  4
Comments:  2

Statistics are for the previous month.

amazonaws.com

counter99.com

download-ap.com

globalstorage1.com

livestatscounter.com

mobilitydata5.com

software-repository.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.