dl.addonupdater.com

RAN AROUSSI

Domain Information

The domain dl.addonupdater.com registered by RAN AROUSSI was initially registered in April of 2013 through ENOM, INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in London, England within United Kingdom which resides on the RIPE Network Coordination Centre network.
Registrar:
ENOM, INC.

Server location:
England, United Kingdom (GB)

Create date:
Sunday, April 21, 2013

Expires date:
Thursday, April 21, 2016

Updated date:
Sunday, March 22, 2015

ASN:
AS17025 ABOVENET-CUSTOMER - Abovenet Communications, Inc,US

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Trend Micro House Call
TROJ_GEN.R0C1H05AD14, TROJ_GEN.F47V1018, TROJ_GEN.F47V0205, TROJ_GEN.R0CBC0OE514, TROJ_GEN.R0CBC0OJ914, TROJ_GE.43B54569
66.67%

McAfee
Artemis!1F9787AD3923, Artemis!2BF68054B40F, Artemis!0A7133B806FD, Artemis!53AFF83252FD, Artemis!C6D963C250F5
55.56%

Malwarebytes
PUP.Optional.BesttoolBars
55.56%

VIPRE Antivirus
Besttoolbars
55.56%

Baidu Antivirus
Adware.Win64.Besttoolbars, Adware.Win32.Besttoolbars, PUA.Win32.Besttoolbars
55.56%

ESET NOD32
Win32/Toolbar.Besttoolbars (variant), Win32/Toolbar.Besttoolbars.I potentially unwanted (variant)
55.56%

Dr.Web
Adware.Plugin.115, Adware.Plugin.169, Adware.Plugin.349
44.44%

Reason Heuristics
PUP.PurpleTechSoftware.O, PUP.Performersoft.WeCodeGood.Bundler (M), PUP.Performersoft.Bundler
44.44%

K7 AntiVirus
Trojan
44.44%

Norman
Suspicious_Gen4.FTGIS, Suspicious_Gen4.FTAJF, Suspicious_Gen4.FSZFA
33.33%

G Data
Win32.Trojan.Agent.80M906, Win32.Trojan.Agent.1R9XPS, Win32.Application.Agent.7QON6D
33.33%

NANO AntiVirus
Trojan.Win32.Brantall.dbetup, Riskware.Win32.Plugin.dgderv
33.33%

Agnitum Outpost
PUA.Toolbar.Besttoolbars
33.33%

Sophos
Generic PUA MJ, Generic PUA EM, Generic PUA KE
33.33%

avast!
Win32:Malware-gen
22.22%

The domain dl.addonupdater.com has been seen to resolve to the following 5 IP addresses.

.
August 28, 2016

July 6, 2016

May 27, 2016

94.31.29.96.IPYX-077437-ZYO.above.net
February 28, 2016

April 17, 2015

File downloads found at URLs served by dl.addonupdater.com.

1 / 68      (Adware)
https://dl.addonupdater.com/.../statuswinks.exe  (5ef3fe826017e2d8f43a96500dbce8d5)

1 / 68      (Adware)
https://dl.addonupdater.com/.../pluswinks.exe  (176f4b7ba3bf99c2da640604124fc521)

14 / 68    (PUP)
https://dl.addonupdater.com/revjs/.../7go.exe  (c6d963c250f5a658fbe2f043689dd287)

16 / 68    (PUP)
https://dl.addonupdater.com/revjs/.../zulagames.exe  (53aff83252fd9fb7b2353afd6b782304)

17 / 68    (PUP)

7 / 68      (PUP)
https://dl.addonupdater.com/revjs/.../speedanalysis02.exe  (2bf68054b40f0793e6d7817c01644165)

1 / 68      (Adware)
https://dl.addonupdater.com/.../statuswinks.exe  (5a59d76294366885844e630133c91041)

9 / 68      (PUP)
https://dl.addonupdater.com/revjs/.../specialsavings.exe  (1f9787ad3923c52776ea6f06c8279b0b)

3 / 68      (Adware)
https://dl.addonupdater.com/.../specialsavings.exe  (c560e234abc1c44141852ec460d7830b)

The following 91 files have been seen to comunicate with dl.addonupdater.com in live environments.

 
Latest 20 of 101 files

URL:
http://dl.addonupdater.com/

Web server:
NetDNA-cache/2.2