home

www.upstaradown.com

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain www.upstaradown.com is registered by proxy through ENOM, INC. and was originally registered in May of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Miami Beach, Florida within the United States which resides on the Krypt Technologies network.
Registrar:
ENOM, INC.

Server location:
Florida, United States (US)

Create date:
Tuesday, May 6, 2014

Expires date:
Wednesday, May 6, 2015

Updated date:
Tuesday, May 6, 2014

ASN:
AS35908 VPLSNET - Krypt Technologies,US

Root domain:
upstaradown.com

Whois:
1 upstaradown.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.ClovermediaSL.E, PUP.PaymentsInteractiveSL.E, PUP.Tuguu.Clovermedia.Bundler (M), PUP.Tuguu.Payments.Bundler (M), PUP.Tuguu.Cloverme.Bundler (M), PUP.Tuguu.Bundler, PUP.Tuguu (M)
100.00%

MicroWorld eScan
Gen:Variant.Adware.Kazy.374465, Gen:Variant.Application.Bundler.DomaIQ.8, Gen:Variant.Application.Bundler.DomaIQ.7
23.08%

McAfee
PUP-FJS!D8F20B08BE1A, PUP-FJV!1292BD0B45DB, PUP-FJV!30536FBB2EDB, PUP-FJV!410EDFC077AE, PUP-FJV!856CD5EB1CF7, PUP-FJV!B7C73AFE167C
23.08%

Malwarebytes
PUP.Optional.DomaIQ, PUP.Optional.BundleInstaller.A, PUP.Optional.Domalq
23.08%

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ, not-a-virus:AdWare.Win32.Lollipop
23.08%

Bitdefender
Gen:Variant.Adware.Kazy.374465, Gen:Variant.Application.Bundler.DomaIQ.8, Gen:Variant.Application.Bundler.DomaIQ.7
23.08%

Agnitum Outpost
PUA.Lollipop, PUA.DomaIQ
23.08%

F-Secure
Gen:Variant.Adware.Kazy.374465, Gen:Variant.Application.Bundler
23.08%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4150696, DomaIQ
23.08%

Avira AntiVirus
APPL/DomaIQ.Gen, Adware/Strictor.55983
23.08%

Sophos
DomainIQ pay-per install, Generic PUA KD, Generic PUA FN, Generic PUA JB
23.08%

G Data
Gen:Variant.Adware.Kazy.374465, Gen:Variant.Application.Bundler.DomaIQ
23.08%

Panda Antivirus
Trj/Genetic.gen, PUP/MultiToolbar.A
23.08%

AVG
DomaIQ_r.K, Win.Threat.Medium, Adware DomaIQ.DI
23.08%

Lavasoft Ad-Aware
Gen:Variant.Adware.Symmi.41510, Gen:Variant.Application.Bundler.DomaIQ.7, Gen:Variant.Application.Bundler.DomaIQ.8, Gen:Variant.Kazy.380151
20.51%

The domain www.upstaradown.com has been seen to resolve to the following 2 IP addresses.

199.59.166.109
May 13, 2014

174.139.115.118
www.krypt.com
May 10, 2014

File downloads found at URLs served by www.upstaradown.com.

1 / 68      (Adware)
http://www.upstaradown.com/.../Java.exe  (9e055c74d0fc344d63db52b2ed68f033)

URL:
http://www.upstaradown.com/

Google Analytics:
UA-69192

Title:
“upstaradown.com - Registered at Namecheap.com”

Web server:
nginx (ASP.NET,ARR/2.5,ASP.NET) (Version: 4.0.30319)

2014officialversion.com

aabedo.com

abcodoe.com

aboede.com

agorainfote.ch

bestversiong.com

dokjdfh.com

doncmling.com

fandxine.com

fix-my-errors.com

getdownloadsnow.com

icoresoftware.com

inncdn.com

iwgrft.biz

kandouing.com

maxdocumentsitefun.info

namecheap.com

officending.com

procloudstorage.com

quicktrkr.com

sgurdin.com

simplekb.com

tdsm.org

topcoolidea.com

trusturl.us

updaaed.com

update95.com

updownday.com

updownding.com

updowntot.com

30 of 36 related domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.