home

download-core.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain download-core.com is registered by proxy through GODADDY.COM, LLC and was originally registered in July of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Scottsdale, Arizona within the United States which resides on the GoDaddy.com, LLC network.
Registrar:
GODADDY.COM, LLC

Server location:
Arizona, United States (US)

Create date:
Tuesday, July 15, 2014

Expires date:
Wednesday, July 15, 2015

Updated date:
Tuesday, July 15, 2014

ASN:
AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC

Whois:
1 download-core.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.InformationTechnologySystems.DD, PUP.Installer.InformationTechnologySystemsdoo.R, PUP.Installer.InformationTechnologySystems.R, PUP.installCore.Informat.Installer (M), PUP.InstallCore (L)
92.86%

K7 AntiVirus
Trojan , Unwanted-Program
78.57%

AVG
Generic
78.57%

VIPRE Antivirus
Threat.4150696, Threat.4786018, Trojan.Win32.Generic
78.57%

Dr.Web
Trojan.Packed.28409, Trojan.MulDrop5.38104, Trojan.Packed.28587
71.43%

Malwarebytes
PUP.Optional.Downloader, PUP.Optional.InfoTech
71.43%

Avira AntiVirus
ADWARE/InstallCore.Gen9, Adware/InstallCore.aaa
71.43%

ESET NOD32
Win32/InstallCore.PX potentially unwanted application, Win32/InstallCore.QL potentially unwanted application, Win32/InstallCore.PZ potentially unwanted application
71.43%

SUPERAntiSpyware
PUP.InstallCore/Variant
64.29%

F-Prot
W32/InstallCore.AC.gen
64.29%

McAfee
Trojan.Artemis!460ECEB35134, Trojan.Artemis!37216996A8AB
64.29%

herdProtect (fuzzy)
a variant of 4b301a2d05aa6ac48d368c206e025586d6bddef9, a variant of 2033fcc0e96c427d120e7d2b8d82c70a4bd46d3f, a variant of c06e6eef87591455812afb0d970f16bec4b5aaa7
42.86%

NANO AntiVirus
Riskware.Win32.InstallCore.dfgool, Riskware.Win32.InstallCore.dfgmnf, Riskware.Win32.InstallCore.dfgmcg, Riskware.Text.Drop.deckwp
28.57%

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
21.43%

Sophos
Install Core Click run software, PUA 'Install Core Click run software'
14.29%

The domain download-core.com has been seen to resolve to the following 2 IP addresses.

50.63.202.56
ip-50-63-202-56.ip.secureserver.net
October 24, 2014

207.244.83.46
August 16, 2014

File downloads found at URLs served by download-core.com.

1 / 68      (Adware)
http://download-core.com/.../download.php?site_id=206&app_id=63&lp_id=9&v=ico&dist_id=110&channel=adc_debjava1&src=adc&pbsid=1407032825857_1407032774668_110_526_86727606_1  (java_runtime_enviroment_setup.exe)

1 / 68      (PUP)
http://download-core.com/.../download.php?site_id=206&app_id=63&lp_id=101&v=&dist_id=114&channel=adcbanner97&src=adc&pbsid=1406462285572_1406462247033_105_377_128388383_1  (java_runtime_enviroment_setup.exe)

1 / 68      (Adware)
http://download-core.com/.../download.php?site_id=206&app_id=63&lp_id=9&v=ico&dist_id=110&channel=adc_debjava1&src=adc&pbsid=1407203767557_1407200314743_114_525_674640_1  (java_runtime_enviroment_setup.exe)

17 / 68    (Adware)
http://download-core.com/.../download.php?site_id=206&app_id=4&lp_id=92&v=&dist_id=109&channel=adcgb02&src=adc&pbsid=1406632834336_1406632789549_103_10687_79130151_1  (adobe_flash_setup.exe)

14 / 68    (Adware)
http://download-core.com/.../download.php?site_id=206&app_id=4&lp_id=278&v=ico&dist_id=109&channel=adcgb01&src=adc&pbsid=1406908184105_1406907807055_120_3795_21143739_1  (adobe_flash_setup.exe)

13 / 68    (Adware)
http://download-core.com/.../download.php?site_id=206&app_id=63&lp_id=100&v=ico&dist_id=110&channel=adc_debjava1&src=adc&pbsid=1407189659150_1407189651700_112_1485_69839515_1  (java_runtime_enviroment_setup.exe)

9 / 68      (Adware)
http://download-core.com/.../download.php?site_id=206&app_id=4&lp_id=272&v=ico&dist_id=109&channel=adcgb01&src=adc&pbsid=1407256579690_1407256577735_114_476_24227094_1  (adobe_flash_setup.exe)

12 / 68    (Adware)
http://download-core.com/.../download.php?site_id=206&app_id=4&lp_id=274&v=ico&dist_id=109&channel=adcgb01&src=adc&pbsid=1407009985230_1407009972847_115_612_78118619_1  (adobe_flash_setup.exe)

12 / 68    (Adware)
http://download-core.com/.../download.php?site_id=206&app_id=4&lp_id=274&v=ico&dist_id=109&channel=adcgb01&src=adc&pbsid=1407009638362_1407009630508_113_13982_77399161_1  (adobe_flash_setup.exe)

10 / 68    (Adware)
http://download-core.com/.../download.php?site_id=206&app_id=4&lp_id=274&v=ico&dist_id=106&channel=adcfl2&src=adc&pbsid=1407044914415_1407044913384_119_340_90645760_1  (adobe_flash_setup.exe)

12 / 68    (Adware)
http://download-core.com/.../download.php?site_id=206&app_id=4&lp_id=107&v=ico&dist_id=109&channel=adcgb02&src=adc&pbsid=1406740070642_1406739967621_121_433_97808241_1  (adobe_flash_setup.exe)

12 / 68    (Adware)
http://download-core.com/.../download.php?site_id=206&app_id=1&lp_id=205&v=ico&dist_id=142&channel=adcsuk&src=adc&pbsid=1406843126739_1406843094747_101_688_4997143_1  (skype_setup.exe)

8 / 68      (Adware)
http://download-core.com/.../download.php?site_id=206&app_id=4&lp_id=107&v=ico&dist_id=109&channel=adcgb02&src=adc&pbsid=1406740070642_1406739967621_121_433_97808241_1  (adobe_flash_setup.exe)

12 / 68    (Adware)
http://download-core.com/.../download.php?site_id=206&app_id=63&lp_id=198&v=ico&dist_id=114&channel=adcbanner97&src=adc&pbsid=1407185989659_1407185961728_112_1354_69197431_1  (java_runtime_enviroment_setup.exe)

The following 51 files have been seen to comunicate with download-core.com in live environments.

TCP » 50.63.202.56:80
googleupdate.exe13d7b73 (globalUpdate Update by globalUpdate)

TCP » 50.63.202.56:80
shoppy-up.2.7-codedownloader.exe (Shoppy-Up.2.7 by Winportal)

TCP » 50.63.202.56:80
20b9a285-202b-40f5-8dca-bdb3fa127f47-7.exe (SavePass 1.1 by OB)

TCP » 50.63.202.56:80
20b9a285-202b-40f5-8dca-bdb3fa127f47-11.exe (SavePass 1.1 by OB)

TCP » 50.63.202.56:80
476e068a-388e-4ec9-8130-3bcf1039e788-11.exe (SavePass 1.1 by OB)

TCP » 50.63.202.56:80
bfa0d68f.exe (Client Server Runtime Process by Microsoft)

TCP » 50.63.202.56:80
20b9a285-202b-40f5-8dca-bdb3fa127f47-2.exe (SavePass 1.1 by OB)

TCP » 50.63.202.56:80
object browser-codedownloader.exe (Object Browser by ObjectB)

TCP » 50.63.202.56:80
i - cinema-codedownloader.exe (I - Cinema by DiscountFrenzy)

TCP » 50.63.202.56:80
{blocked}.exe (SavePass 1.1 by OB)

TCP » 50.63.202.56:80
online-guardian-v2.0.9.exe

TCP » 50.63.202.56:80
onlineguardian-v2.exe

TCP » 50.63.202.56:80
i - cinema-codedownloader.exe (I - Cinema by DiscountFrenzy)

TCP » 50.63.202.56:80
1575e8da-840a-43cb-99a1-fcbd9b37a9a2-6.exe (GoHD by InstallMoon)

TCP » 50.63.202.56:80
plushd-v1.9-nova.exe (PlusHD-V1.9 by PlusHDv1.9)

TCP » 50.63.202.56:80
3eafbf32-2904-4ab6-b67f-f546973d4e16-6.exe (SavePass 1.1 by OB)

TCP » 50.63.202.56:80
41bfed2b-92ad-4ce6-aae1-acabe0b6cfc5-7.exe (SavePass 1.1 by OB)

TCP » 50.63.202.56:80
dhpdgxl.exe (TornPlusTV_version1.11 by Qwerty)

TCP » 50.63.202.56:25
folkanjekyrw.exe

TCP » 50.63.202.56:80
13a8a803-9afb-449a-a365-c3bd7b81e33f-5.exe (iWebar by Webby)

 
Latest 20 of 52 files

URL:
http://download-core.com/

Title:
“Download Core - Free Software Downloads”

Description:
“Download free software. Safe and 100% virus-free. Software downloads, tutorials, and much more. The website created to help you enjoy the best software.”

Web server:
nginx/1.2.1 (PHP/5.4.4-14+deb7u12)

best-software.co

ex-soft.net

mango-download.com

soft53.net

soft74.co

sveskasoft.info

sveskasoft.org

ybssoft.com

0112life.info

0120e.info

0120h.info

0134j.info

1000classicgames.com

buildwebmaster.info

ddllpmedia902.info

down6768.org

download2desktop.com

downloadcobra.com

faddmr.com

file15desktop.com

foxarc.com

freesoftwaren.com

gamezooks.com

getfastddl.com

getweb1000.info

importantbestfiles.com

jsunstewart.com

limexgames.net

newplayshop.com

nkprods.com

30 of 41 related domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.