dl.cdn-services.com

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain dl.cdn-services.com is registered by proxy through ENOM, INC. and was originally registered in April of 2012. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Chicago, Illinois within the United States which resides on the SingleHop, Inc. network.
Registrar:
ENOM, INC.

Server location:
Illinois, United States (US)

Create date:
Wednesday, April 25, 2012

Expires date:
Tuesday, April 25, 2017

Updated date:
Thursday, March 31, 2016

ASN:
AS32475 SINGLEHOP-INC - SingleHop

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.VisualTools.?, PUP.VisualTools.e, PUP.VisualTools.t, PUP.VisualTools.g, (M), PUP.VisualTools.a, PUP.VisualTools.f, PUP.VisualTools.HH, PUP.VisualTools.N, PUP.VisualTools.V, PUP.Toolbar (M), PUP.Babylon.R, PUP.Installer.VisualTools.K, PUP.Babylon (M), PUP.Babylon.Banylon (M), PUP.Babylon.Banylon.Installer (M)
89.80%

ESET NOD32
Win32/Toolbar.Babylon (variant), Win32/Hao123 (variant), Win32/Toolbar.Babylon.AD (variant), Win32/Reporter (variant), Win32/Toolbar.Babylon.H potentially unwanted (variant)
77.55%

Trend Micro House Call
TROJ_GEN.F47V0820, TROJ_GEN.F47V0827, TROJ_GEN.F47V0817, TROJ_GEN.F47V0819, TROJ_GEN.F47V0726, TROJ_GEN.F47V0826, TROJ_GEN.F47V0705
67.35%

McAfee
Artemis!21EFA7BE308E, Artemis!98B886EFD6CC, Artemis!90935CC76154, Artemis!5B2DEDA9F70A, Artemis!700C28D7A9D7, Artemis!089AF8A8FCE6, Artemis!CE52DAE8FDEE, Artemis!36A1C833C107, Artemis!2A031A841761, Program.Artemis!A552F21A8B9C, Artemis!B40C658E75EE, Artemis!57F69F80337E, Artemis!98A26573D49F, Artemis!AD3714CF4E8A, Artemis!9DF8D78A1DDD, Artemis!9EBC88C4AC32
65.31%

Malwarebytes
PUP.Optional.Babylon, PUP.Optional.DeltaTB, PUP.Optional.Hao123.A, PUP.Optional.ToolBarInstaller.A
61.22%

Dr.Web
Adware.Toolbar.175, Adware.Babylon.10, Adware.Toolbar.146, Adware.Babylon.14, Trojan.StartPage.53634, infected with Trojan.StartPage.57898
46.94%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen, AdWare.Hao123, Downloader.Agent
40.82%

herdProtect (fuzzy)
a variant of ae0bb8db01586920338ba1c45e4c368aeae6fab9, a variant of f7ed466aee6d3ae1889dfc9338d84bb7e71396dd, a variant of 2bf54990dbbb259e8da94a9540a6de40adc095de
36.73%

Boost by Reason
PUP.VisualTools.?, PUP.VisualTools.e, PUP.VisualTools.g, PUP.VisualTools.f, PUP.VisualTools.}, PUP.VisualTools.u, PUP.VisualTools.t, PUP.VisualTools.FF, PUP.VisualTools.M, Adware.Babylon.J
28.57%

SUPERAntiSpyware
PUP.BabylonToolbar/Variant, PUP.Babylon/Variant
28.57%

VIPRE Antivirus
Babylon, Trojan.Win32.Generic, Threat.4150696, Threat.4758582
26.53%

NANO AntiVirus
Trojan.Win32.Agent.ctknvv, Trojan.Win32.StartPage.cqhujc, Trojan.Win32.StartPage.brmuar, Riskware.Win32.Babylon.craswq, Trojan.Win32.Downware.ctimdd
24.49%

Fortinet FortiGate
W32/BIFROSE.GCW!tr.bdr, Riskware/Hao123, W32/StartPage.CJBP!tr, Riskware/Toolbar_Babylon
22.45%

Agnitum Outpost
PUA.Toolbar.Babylon, Trojan.Agent, Riskware.Agent
20.41%

K7 AntiVirus
Trojan
12.24%

The domain dl.cdn-services.com has been seen to resolve to the following 6 IP addresses.

August 29, 2013

August 29, 2013

August 29, 2013

August 29, 2013

August 29, 2013

August 29, 2013

File downloads found at URLs served by dl.cdn-services.com.

6 / 68      (Adware)

7 / 68      (PUP)

1 / 68      (Adware)

8 / 68      (Adware)

8 / 68      (Adware)

10 / 68    (PUP)

1 / 68      (Adware)

1 / 68      (Adware)

14 / 68    (Adware)

1 / 68      (PUP)

7 / 68      (Adware)

6 / 68      (Adware)

1 / 68      (Malware)
http://dl.cdn-services.com/site/files/autoprtnrp/.../adwcleaner-2-306-en-win.exe  (daemon-tools-4-45-3-lite-es-en-br-fr-de-it-cn-jp-win.exe)

8 / 68      (Adware)

5 / 68      (Adware)
http://dl.cdn-services.com/files/.../MyClaroTB.exe  (64aa04695e70ba743150b36c98c61181)

3 / 68      (Adware)

6 / 68      (PUP)
http://dl.cdn-services.com/files/prtnrp/.../RssBandit.exe  (36a1c833c107c0d81c9f64c04df993e0)

10 / 68    (Adware)

9 / 68      (Adware)

9 / 68      (Adware)

9 / 68      (Adware)

 
Latest 30 of 72 download URLs

The following 12 files have been seen to comunicate with dl.cdn-services.com in live environments.

URL:
http://dl.cdn-services.com/

Web server:
nginx/0.8.54