www.worthdownload.com

GoNameSales.com

Domain Information

The domain www.worthdownload.com registered by GoNameSales.com was initially registered in October of 2014 through Moniker Online Services. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Sankt Ingbert, Saarland within Germany which resides on the RIPE Network Coordination Centre network.
Remove Malware from www.worthdownload.com - Powered by Reason Core Security
Registrar:
GONAME-TN.COM, INC.

Server location:
Saarland, Germany (DE)

Create date:
Sunday, October 19, 2014

Expires date:
Monday, October 19, 2015

Updated date:
Sunday, October 19, 2014

ASN:
AS196763 KEY-SYSTEMS-AS Key-Systems GmbH,DE

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.ShetefSolutionsConsulting1998.?, PUP.Installer.ShetefSolutionsConsulting1998.v, PUP.Installer.Amonetizeltd.i, PUP.Installer.Amonetizeltd.V, PUP.Installer.Amonetizeltd.?
100.00%

Malwarebytes
PUP.Optional.InstallMonetizer, PUP.Optional.Amonetize.A
100.00%

ESET NOD32
Win32/Amonetize (variant)
100.00%

Dr.Web
Adware.Downware.1575, Adware.Downware.1528
92.31%

Avira AntiVirus
ADWARE/Adware.Gen2
92.31%

Kingsoft AntiVirus
Win32.Troj.Generic.a.(kcloud)
84.62%

McAfee
Artemis!53597284E965, Artemis!3492E93A345F, Artemis!17945562CC68, Artemis!CD1FFC3696D4, Artemis!A892424AD6E1, Artemis!2C3F79C3CEF5, Artemis!9026520E9EF5, Artemis!2A82B348D96C
69.23%

IKARUS anti.virus
not-a-virus:Downloader.Win32.Agent, Win32.Malware
69.23%

VIPRE Antivirus
Amonetize, Conduit
69.23%

McAfee Web Gateway
Artemis!53597284E965, Artemis!3492E93A345F, Artemis!CD1FFC3696D4, Artemis!A892424AD6E1, Artemis!2C3F79C3CEF5, Artemis!9026520E9EF5
61.54%

Trend Micro House Call
TROJ_GEN.F47V1203, TROJ_GEN.F47V1125, TROJ_GEN.F47V1017, TROJ_GEN.F47V1011, TROJ_GEN.F47V1103, TROJ_GEN.F47V1105, TROJ_GEN.F47V1114
61.54%

avast!
Win32:Dropper-gen [Drp], Win32:Rootkit-gen [Rtk], Win32:Malware-gen, Win32:Amonetize-R [PUP], Win32:Amonetize-Q [PUP]
53.85%

Sophos
Generic PUA EN, Amonetize
53.85%

G Data
Win32.Trojan.Agent.V3ANE4, Win32.Trojan.Agent.OXERD6, Win32.Trojan.Agent.3F5QSY, Win32.Application.Amonetize, Gen:Variant.Application.Bundler.Amonetize.10
46.15%

Comodo Security
ApplicUnwnt
46.15%

The domain www.worthdownload.com has been seen to resolve to the following 15 IP addresses.

custip-2072.sedoparking.com
May 3, 2015

December 1, 2014

September 5, 2014

ns1.expirationwarning.net
September 4, 2014

209.222.14.3.choopa.net
September 2, 2014

ec2-50-17-209-45.compute-1.amazonaws.com
May 30, 2014

ec2-107-20-210-63.compute-1.amazonaws.com
May 30, 2014

ec2-23-21-228-251.compute-1.amazonaws.com
May 30, 2014

ec2-50-17-206-16.compute-1.amazonaws.com
May 30, 2014

ec2-54-235-68-127.compute-1.amazonaws.com
April 11, 2014

ec2-107-21-115-114.compute-1.amazonaws.com
April 11, 2014

ec2-54-235-189-159.compute-1.amazonaws.com
April 4, 2014

ec2-54-225-132-130.compute-1.amazonaws.com
March 14, 2014

ec2-23-23-96-46.compute-1.amazonaws.com
February 2, 2014

ec2-54-225-181-84.compute-1.amazonaws.com
February 2, 2014

File downloads found at URLs served by www.worthdownload.com.

 
Latest 30 of 146 download URLs

The following 21 files have been seen to comunicate with www.worthdownload.com in live environments.

 
Latest 20 of 22 files

URL:
http://www.worthdownload.com/

Title:
“worthdownload.com - This website is for sale! - worthdownload Resources and Information.”

Title (8/1/2014):
“ERRP | Expired Registration Recovery Policy”

Title (12/1/2014):
“worthdownload.com”

Description:
“This website is for sale! worthdownload.com is your first and best source for all of the information you’re looking for. From general topics to more of what you would expect to find here, worthdownload.com has it all. We hope you find what you a...”

Web server:
nginx (PHP/5.3.3-7+squeeze25)

Remove Malware from www.worthdownload.com - Powered by Reason Core Security