www.minecraftdl.com

Ittikorn Saengchuenthanom

Domain Information

Minecraft DL is a Minecraft web site (not at all affiliated with the real Minecraft) that bundles unwanted malware/adware in its download manager. This malware is inserted by WebPick Internet Holdings and utilizes the company's InstalleRex platfom using the JustPlugIt toolbar extensions along with other potentially unwanted offers. In addition the download manager provides minimal user consent to opt-out of the offers. The domain www.minecraftdl.com registered by Ittikorn Saengchuenthanom was initially registered in April of 2011 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Mountain View, California within the United States which resides on the Google Inc. network.
Remove Malware from www.minecraftdl.com - Powered by Reason Core Security
Registrar:
GODADDY.COM, LLC

Server location:
California, United States (US)

Create date:
Friday, April 15, 2011

Expires date:
Thursday, April 15, 2021

Updated date:
Wednesday, October 29, 2014

ASN:
AS15169 GOOGLE - Google Inc.

Root domain:

Scanner detections:
Detections  (94% detected)

Scan engine
Details
Detections

Reason Heuristics
Adware.WebPick.Installer.R, Adware.WebPick.Installer.Q, PUP.OlehAleksyuk.R, PUP.OlehAleksyuk.Q, Threat.Win.Reputation.IMP, PUP.EdwardKosar, Adware.WebPick.Installer (M), PUP.WebPick.ItzhakShternberg (M), PUP.OlehAleksyuk (M)
78.72%

avast!
Win32:InstalleRex-CK [PUP], Win32:MultiPlug-HL [PUP], Win32:InstalleRex-CG [PUP], Win32:InstalleRex-BI [PUP], Win32:MultiPlug-JU [PUP], Win32:MultiPlug-ND [PUP], Win32:Agent-AYLT [PUP]
76.60%

McAfee
PUP-FMK, MultiPlug-FQV, PUP-FHQ, MultiPlug-FRO, MultiPlug-FPF, MultiPlug-FSS, MultiPlug-FTG, Program.MultiPlug-FTA, Program.PUP-FMK, Program.MultiPlug-FQV
76.60%

Kaspersky
Trojan.Win32.AntiFW, not-a-virus:AdWare.Win32.MultiPlug, not-a-virus:Downloader.Win32.AdLoad, HEUR:Trojan.Win32.Generic
72.34%

Dr.Web
Trojan.WebPick.2759, Trojan.WebPick.2735, Trojan.WebPick.29, Trojan.DownLoader11.38601, Trojan.WebPick.2452, Trojan.Crossrider.36840, Trojan.Crossrider.38004
70.21%

K7 Gateway Antivirus
Unwanted-Program , Trojan
70.21%

K7 AntiVirus
Unwanted-Program , Trojan
70.21%

NANO AntiVirus
Riskware.Win32.InfoLeak.cvgqot, Riskware.Win32.MultiPlug.dgfylp, Riskware.Win32.MultiPlug.dfjscb, Riskware.Win32.MultiPlug.decasb
70.21%

Comodo Security
Application.Win32.InstalleRex.KG, Application.Win32.MultiPlug.PNU, Application.Win32.Multiplug.CT, Application.Win32.AdWare.MultiPlug.VA
70.21%

ESET NOD32
Win32/InstalleRex.M potentially unwanted application, Win32/AdWare.MultiPlug.CN application, Win32/AdWare.MultiPlug.BS application
68.09%

AVG
Generic, Adware Generic_r.UH, InstallRex, Adware Generic_r.VD, Adware Generic5.BRME, Adware Generic5.BGPZ, Adware Generic_r.WW
68.09%

McAfee Web Gateway
PUP-FMK, BehavesLike.Win32.Trojan.bc, BehavesLike.Win32.Downloader.fc, BehavesLike.Win32.ArcadeWeb.cc, BehavesLike.Win32.Backdoor.cc
65.96%

Sophos
InstallRex, MultiPlug, PUA 'MultiPlug' (of type Adware), PUA 'InstallRex'
65.96%

Malwarebytes
PUP.Optional.InstalRex, PUP.Optional.InstalleRex, PUP.Optional.MultiPlug, PUP.Optional.MultiPlug.A, PUP.Optional.Installrex
63.83%

Avira AntiVirus
Adware/InstallRex.A.3, Adware/MPlug.yvz, TR/Kazy.324119.42, Adware/InstallRex.4, ADWARE/MultiPlug.Gen7, Adware/InstallRex.fgw
63.83%

The domain www.minecraftdl.com has been seen to resolve to the following 7 IP addresses.

January 29, 2016

host2.minecraftdl.com
August 11, 2015

qa-in-f121.1e100.net
June 9, 2014

qc-in-f121.1e100.net
May 23, 2014

April 16, 2014

qh-in-f121.1e100.net
March 27, 2014

qg-in-f121.1e100.net
February 14, 2014

File downloads found at URLs served by www.minecraftdl.com.

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

13 / 68    (Adware)

13 / 68    (Adware)

13 / 68    (Adware)

37 / 68    (Adware)

28 / 68    (Adware)

37 / 68    (Adware)

37 / 68    (Adware)

 
Latest 30 of 132 download URLs

The following 20 files have been seen to comunicate with www.minecraftdl.com in live environments.

 
Latest 20 of 20 files

URL:
http://www.minecraftdl.com/

Google Analytics:
UA-3773095

Title:
“Minecraft Mods Texture Packs Download Skins Maps”

Description:
“Minecraft is the fastest growing Java game in the Internet history. We offers you minecraft skins, maps, mods, texture packs and much more.”

Web server:
nginx

Remove Malware from www.minecraftdl.com - Powered by Reason Core Security