www.socksharedownloader.com

NameFind LLC

Domain Information

The domain www.socksharedownloader.com registered by NameFind LLC was initially registered in November of 2012 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Scottsdale, Arizona within the United States which resides on the GoDaddy.com, LLC network.
Registrar:
GODADDY.COM, LLC

Server location:
Arizona, United States (US)

Create date:
Thursday, November 15, 2012

Expires date:
Tuesday, November 15, 2016

Updated date:
Friday, April 08, 2016

ASN:
AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC,US

Scanner detections:
Detections  (95% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.InstallLabltd.u, PUP.CoolMirage.e, PUP.CoolMirage.S, PUP.CoolMirageltd.EE, PUP.CoolMirage.Installer, PUP.CoolMirage.Installer (M)
95.00%

Dr.Web
Adware.Yontoo.11, Adware.Downware.1263, Adware.Downware.902, Trojan.Yontoo.3993
30.00%

McAfee
Artemis!12C58D4249CA, Artemis!3056E0E13991, Adware-SweetIM, Program.Artemis!4B26755A38DF, Program.Adware-SweetIM
25.00%

Malwarebytes
PUP.Optional.OneClickDownloader.A, PUP.BundleInstaller.DW
25.00%

VIPRE Antivirus
Conduit, CoolMirage Ltd, Threat.4784938, Threat.4791953
25.00%

Sophos
CoolMirage, FT Downloader, PUA 'CoolMirage'
25.00%

McAfee Web Gateway
Artemis!12C58D4249CA, Artemis!3056E0E13991, BehavesLike.Win32.AdwareSweet.dc, BehavesLike.Win32.AdwareSweet.gc
20.00%

Panda Antivirus
PUP/MultiToolbar.A
15.00%

avast!
Downloader-TPG [PUP], Oneclick-I [PUP], Win32:Oneclick-I [PUP]
15.00%

ESET NOD32
Win32/Adware.1ClickDownload.AM application, Win32/AdWare.1ClickDownload.AT application, Win32/Adware.1ClickDownload.AX application
15.00%

G Data
NSIS.Adware.OneClickDownloader, Gen:Application.Bundler.DefaultTab
10.00%

Qihoo 360 Security
Win32/Virus.Adware.47b
10.00%

K7 AntiVirus
Adware
10.00%

K7 Gateway Antivirus
Adware
10.00%

NANO AntiVirus
Trojan.Script.Downware.cujzax, Riskware.Nsis.Downware.czyjkl
10.00%

The domain www.socksharedownloader.com has been seen to resolve to the following 7 IP addresses.

April 9, 2016

February 11, 2016

ip-50-63-202-34.ip.secureserver.net
December 26, 2015

ec2-176-34-107-151.eu-west-1.compute.amazonaws.com
June 19, 2015

ec2-54-241-253-59.us-west-1.compute.amazonaws.com
September 13, 2014

ec2-50-18-174-205.us-west-1.compute.amazonaws.com
May 1, 2014

ec2-184-169-175-49.us-west-1.compute.amazonaws.com
April 13, 2014

File downloads found at URLs served by www.socksharedownloader.com.

1 / 68      (Adware)
http://www.socksharedownloader.com/.../Extraction.2014.HDRip.HebSub.XviD-Eliran_Gozlan-.avi.exe  (machine.gun.preacher.2011.readnfo.dvdrip.xvid-bida_hebsub_tamitos_www.nako.me.avi.exe)

9 / 68      (PUP)

10 / 68    (Adware)

1 / 68      (Adware)

10 / 68    (Adware)

6 / 68      (Adware)

The following 14 files have been seen to comunicate with www.socksharedownloader.com in live environments.

URL:
http://www.socksharedownloader.com/

Title:
“socksharedownloader.com”

Web server:
Apache