www.download-servers.com

Domain Privacy Service FBO Registrant.  (Proxy Registrant)

Domain Information

The domain www.download-servers.com is registered by proxy through DOMAIN.COM, LLC and was originally registered in December of 2011. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Chicago, Illinois within the United States which resides on the FDCservers.net network.
Remove Malware from www.download-servers.com - Powered by Reason Core Security
Registrar:
DOMAIN.COM, LLC

Server location:
Illinois, United States (US)

Create date:
Tuesday, December 20, 2011

Expires date:
Wednesday, December 20, 2017

Updated date:
Friday, November 21, 2014

Scanner detections:
Detections  (92% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.ClickMeInLimited.Q, PUP.InstallCore.W, PUP.InstallCore (M), PUP.InstallCore.Bundler (M), PUP.installCore.ClickMeIn.Installer (M), PUP.installCore.Installer (M)
66.00%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4150696
42.00%

ESET NOD32
Win32/InstallCore.PK potentially unwanted application, Win32/InstallCore.PO potentially unwanted application, Win32/InstallCore.OZ potentially unwanted application
40.00%

Dr.Web
Trojan.Packed.25266, Trojan.MulDrop5.10078, Adware.InstallCore.301, Trojan.DownLoad3.35967, Adware.Downware.5929
36.00%

Baidu Antivirus
Adware.Win32.InstallCore, Trojan.Win32.AnyProtect
34.00%

McAfee Web Gateway
Artemis!BBDFA672CFBF, BehavesLike.Win32.CryptInno.hc, BehavesLike.Win32.Backdoor.hc, RDN/Generic PUP.x!ccw, Artemis!A4D22AF87CAA
30.00%

McAfee
Artemis!BBDFA672CFBF, RDN/Generic PUP.x!cml, Artemis!5B66ED6AB753, RDN/Generic.bfr!ht, RDN/Generic.bfr!hk, RDN/Generic PUP.x!ccw, Artemis!D8F8F866D950, Artemis!ED6BDB799D37
22.00%

NANO AntiVirus
Riskware.Win32.InstallCore.dfgmni, Riskware.Win32.InstallCore.dfgmhc, Riskware.Win32.InstallCore.dgjqhu, Riskware.Win32.InstallCore.dfgooz
22.00%

F-Prot
W32/A-df0bbe51, W32/A-95939616, W32/A-d8e93021, W32/A-e3871acb, W32/A-fa569e41, W32/A-a5d79c65
20.00%

avast!
Win32:Dropper-gen [Drp], Malware-gen, Win32:Malware-gen
18.00%

ESET NOD32
Win32/InstallCore.NH, Win32/InstallCore.PL (variant), Win32/InstallCore.BG, Win32/InstallCore.PK (variant), Win32/InstallCore.PZ potentially unwanted (variant)
16.00%

Trend Micro House Call
Suspicious_GEN.F47V0702, TROJ_GEN.R02KH06JC14, TROJ_GEN.R0C1H06G514, TROJ_GEN.R047H06ED14, Suspicious_GEN.F47V1107, Suspicious_GEN.F47V0625
16.00%

G Data
Win32.Trojan.Agent.XDUVR2, Win32.Trojan.Agent.00L1MP, Win32.Application.AnyProtect, Win32.Trojan.Agent.P5JB79, NSIS.Application.AnyProtect
16.00%

AVG
Win.Threat.Medium, Adware InstallCore.ALX, Adware Generic_c
16.00%

SUPERAntiSpyware
PUP.InstallCore/Variant, Adware.Downware/Variant
14.00%

The domain www.download-servers.com has been seen to resolve to the following 22 IP addresses.

May 5, 2015

May 5, 2015

May 5, 2015

May 5, 2015

dl18.clickmein.com
May 30, 2014

dl15.clickmein.com
May 30, 2014

dl13.clickmein.com
May 30, 2014

dl17.clickmein.com
May 30, 2014

dl12.clickmein.com
May 30, 2014

dl21.clickmein.com
May 30, 2014

dl14.clickmein.com
May 30, 2014

dl22.clickmein.com
May 30, 2014

dl23.clickmein.com
May 30, 2014

dl16.clickmein.com
May 30, 2014

dl8.clickmein.com
January 16, 2014

dl7.clickmein.com
January 16, 2014

dl1.clickmein.com
December 25, 2013

dl6.clickmein.com
December 25, 2013

dl5.clickmein.com
December 13, 2013

dl2.clickmein.com
December 13, 2013

dl4.clickmein.com
December 13, 2013

dl3.clickmein.com
December 13, 2013

File downloads found at URLs served by www.download-servers.com.

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)
http://www.download-servers.com/.../ClickMeInGeneric.exe  (60eaa4bb1a072aee32bfeb92a656f154)

12 / 68    (Adware)

24 / 68    (Adware)

 
Latest 30 of 149 download URLs

The following 167 files have been seen to comunicate with www.download-servers.com in live environments.

 
Latest 20 of 218 files

URL:
http://www.download-servers.com/

Google Analytics:
UA-21120979

Title:
“Download Servers”

Web server:
nginx/1.8.0

Facebook:
Likes:  1
Shares:  4
Comments:  2

Statistics are for the previous month.

Remove Malware from www.download-servers.com - Powered by Reason Core Security