home

dl.addonupdater.com

RAN AROUSSI

Domain Information

The domain dl.addonupdater.com registered by RAN AROUSSI was initially registered in April of 2013 through ENOM, INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in London, England within United Kingdom which resides on the RIPE Network Coordination Centre network.
Registrar:
ENOM, INC.

Server location:
England, United Kingdom (GB)

Create date:
Sunday, April 21, 2013

Expires date:
Thursday, April 21, 2016

Updated date:
Sunday, March 22, 2015

ASN:
AS17025 ABOVENET-CUSTOMER - Abovenet Communications, Inc,US

Root domain:
addonupdater.com

Whois:
1 addonupdater.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Trend Micro House Call
TROJ_GEN.R0C1H05AD14, TROJ_GEN.F47V1018, TROJ_GEN.F47V0205, TROJ_GEN.R0CBC0OE514, TROJ_GEN.R0CBC0OJ914, TROJ_GE.43B54569
66.67%

McAfee
Artemis!1F9787AD3923, Artemis!2BF68054B40F, Artemis!0A7133B806FD, Artemis!53AFF83252FD, Artemis!C6D963C250F5
55.56%

Malwarebytes
PUP.Optional.BesttoolBars
55.56%

VIPRE Antivirus
Besttoolbars
55.56%

Baidu Antivirus
Adware.Win64.Besttoolbars, Adware.Win32.Besttoolbars, PUA.Win32.Besttoolbars
55.56%

ESET NOD32
Win32/Toolbar.Besttoolbars (variant), Win32/Toolbar.Besttoolbars.I potentially unwanted (variant)
55.56%

Dr.Web
Adware.Plugin.115, Adware.Plugin.169, Adware.Plugin.349
44.44%

Reason Heuristics
PUP.PurpleTechSoftware.O, PUP.Performersoft.WeCodeGood.Bundler (M), PUP.Performersoft.Bundler
44.44%

K7 AntiVirus
Trojan
44.44%

Norman
Suspicious_Gen4.FTGIS, Suspicious_Gen4.FTAJF, Suspicious_Gen4.FSZFA
33.33%

G Data
Win32.Trojan.Agent.80M906, Win32.Trojan.Agent.1R9XPS, Win32.Application.Agent.7QON6D
33.33%

NANO AntiVirus
Trojan.Win32.Brantall.dbetup, Riskware.Win32.Plugin.dgderv
33.33%

Agnitum Outpost
PUA.Toolbar.Besttoolbars
33.33%

Sophos
Generic PUA MJ, Generic PUA EM, Generic PUA KE
33.33%

avast!
Win32:Malware-gen
22.22%

The domain dl.addonupdater.com has been seen to resolve to the following 5 IP addresses.

109.201.135.34
.
August 28, 2016

158.69.145.49
July 6, 2016

98.124.243.38
May 27, 2016

94.31.29.96
94.31.29.96.IPYX-077437-ZYO.above.net
February 28, 2016

108.161.189.9
April 17, 2015

File downloads found at URLs served by dl.addonupdater.com.

1 / 68      (Adware)
https://dl.addonupdater.com/.../statuswinks.exe  (5ef3fe826017e2d8f43a96500dbce8d5)

1 / 68      (Adware)
https://dl.addonupdater.com/.../pluswinks.exe  (176f4b7ba3bf99c2da640604124fc521)

14 / 68    (PUP)
https://dl.addonupdater.com/revjs/.../7go.exe  (c6d963c250f5a658fbe2f043689dd287)

16 / 68    (PUP)
https://dl.addonupdater.com/revjs/.../zulagames.exe  (53aff83252fd9fb7b2353afd6b782304)

17 / 68    (PUP)
https://dl.addonupdater.com/revjs/.../speedtestanalysis.exe  (0a7133b806fdc47c7c03454ad394247d)

7 / 68      (PUP)
https://dl.addonupdater.com/revjs/.../speedanalysis02.exe  (2bf68054b40f0793e6d7817c01644165)

1 / 68      (Adware)
https://dl.addonupdater.com/.../statuswinks.exe  (5a59d76294366885844e630133c91041)

9 / 68      (PUP)
https://dl.addonupdater.com/revjs/.../specialsavings.exe  (1f9787ad3923c52776ea6f06c8279b0b)

3 / 68      (Adware)
https://dl.addonupdater.com/.../specialsavings.exe  (c560e234abc1c44141852ec460d7830b)

The following 91 files have been seen to comunicate with dl.addonupdater.com in live environments.

TCP » 94.31.29.96:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 94.31.29.96:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 94.31.29.96:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 94.31.29.96:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 94.31.29.96:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 94.31.29.96:443
online-guardian.exe

TCP » 94.31.29.96:443
browser.exe (speed browser by Fast Applications)

TCP » 94.31.29.96:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 94.31.29.96:80
crossbrowse.exe (Crossbrowse)

TCP » 94.31.29.96:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 94.31.29.96:443
online-guardian-v2.exe

TCP » 94.31.29.96:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 94.31.29.96:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 94.31.29.96:80
snakeclassics.exe (by GamesPub)

TCP » 94.31.29.96:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 94.31.29.96:80
apptrailers.exe

TCP » 94.31.29.96:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 94.31.29.96:80
jingling.exe

TCP » 94.31.29.96:80
bricksbreakingii.exe (by GamesPub)

TCP » 94.31.29.96:443
onlineguardian-v2.exe

 
Latest 20 of 101 files

URL:
http://dl.addonupdater.com/

Web server:
NetDNA-cache/2.2

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.