www.windows8downloads.com

WebSys, s.r.o.

Domain Information

The domain www.windows8downloads.com registered by WebSys, s.r.o. was initially registered in January of 2010 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Bratislava, Bratislava within Slovakia which resides on the RIPE Network Coordination Centre network.
Registrar:
GODADDY.COM, LLC

Server location:
Bratislava, Slovakia (SK)

Create date:
Monday, January 11, 2010

Expires date:
Friday, January 11, 2019

Updated date:
Wednesday, December 04, 2013

ASN:
AS42005 LIGHTSTORM-COMMUNICATIONS-SRO-SK-AS LightStorm Communications s.r.o.

Scanner detections:
Detections  (85% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.ISfreemium.EE, PUP.Tightrope.Sanflex.Bundler (M), PUP.installCore.ISfreemium.Installer (M), PUP.InstallCore.ENG (M), PUP.installCore.ISfreemi.Installer (M), PUP.Tightrope.Download.Bundler (M), PUP.Tightrope.Zoobam.Bundler (M), PUP.Tightrope (M)
88.24%

F-Prot
W32/InstallCore.R.gen, W32/InstallCore.R4.gen, W32/InstallCore.R3.gen
58.82%

Dr.Web
Adware.InstallCore.124, Trojan.Packed.24524
52.94%

VIPRE Antivirus
InstallCore.b, Threat.4786018
47.06%

Trend Micro House Call
TROJ_GEN.F47V0726, TROJ_GEN.R0CBC0OLR13, TROJ_GEN.F47V0913, TROJ_GEN.R0CBH05JK13, Suspicious_GEN.F47V0105, TROJ_GEN.R0CBH05JF13
41.18%

McAfee Web Gateway
Artemis!1F0F5AC79C6A, BehavesLike.Win32.HLLP.tc, Artemis!40367B34B471, Artemis!F2773E906780, BehavesLike.Win32.CryptInno.tc
41.18%

ESET NOD32
Win32/InstallCore.CA.gen (variant), Win32/InstallCore.CH (variant), Win32/InstallCore (variant)
35.29%

McAfee
Artemis!1F0F5AC79C6A, Artemis!40367B34B471, Artemis!F2773E906780, Artemis!28D600DEE9FA, Artemis!24B9E5E2409D, Artemis!8594A56362D0
35.29%

Sophos
Install Core Click run software
35.29%

Avira AntiVirus
ADWARE/InstallCore.Gen7
35.29%

K7 AntiVirus
Unwanted-Program, Unwanted-Program
29.41%

Trend Micro
TROJ_GEN.R0CBC0OLR13, TROJ_GEN.R0CBC0EJP13, TROJ_GEN.R0CBC0OJK13, TROJ_GEN.R0CBC0OJE13, TROJ_GEN.R0CBC0OJN13
29.41%

Norman
InstallCore.RBUR, Gen:Variant.Strictor.102633
29.41%

ESET NOD32
Win32/InstallCore.D potentially unwanted application, Win32/Kryptik.BWJC trojan, Win32/InstallCore.CF potentially unwanted application
23.53%

Malwarebytes
PUP.Optional.Freemium.A
23.53%

The domain www.windows8downloads.com has been seen to resolve to the following 2 IP addresses.

206.237.240.92.in-addr.arpa.lightstorm.sk
January 29, 2014

July 26, 2013

File downloads found at URLs served by www.windows8downloads.com.

1 / 68      (Adware)

5 / 68      (Adware)
http://www.windows8downloads.com/.../windows8downloads_installer.exe  (pdf-to-word-converter-free-download_setup.exe)

1 / 68      (Adware)

1 / 68      (Adware)

18 / 68    (PUP)

7 / 68      (Adware)

14 / 68    (PUP)

19 / 68    (PUP)

4 / 68      (Adware)

31 / 68    (PUP)

17 / 68    (PUP)
http://www.windows8downloads.com/.../windows8downloads_installer.exe  (media-player-classic-homecinema-64-bit_setup.exe)

10 / 68    (Adware)

10 / 68    (Adware)

The following 3 files have been seen to comunicate with www.windows8downloads.com in live environments.

URL:
http://www.windows8downloads.com/

Title:
“Windows 8 Downloads - free Windows 8 software downloads”

Description:
“Windows 8 Downloads - free Windows 8 software downloads - Free Windows8 Download”

SSL certificate subject:
CN=windows8downloads.com

SSL certificate issuer:
CN=Let's Encrypt Authority X1, O=Let's Encrypt, C=US

Web server:
Apache/2.2.15 (CentOS) (PHP/5.3.3)

Compete.com:
US visitors:  228,059

Statistics are for the previous month.