home

dl.fileanddown.com

Corp New Ventures Services

Domain Information

The domain dl.fileanddown.com registered by Corp New Ventures Services was initially registered in October of 2015 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in New York City, New York within the United States which resides on the Akamai Technologies, Inc. network.
Registrar:
ALLEARTHDOMAINS.COM LLC

Server location:
New York, United States (US)

Create date:
Thursday, October 22, 2015

Expires date:
Saturday, October 22, 2016

Updated date:
Wednesday, October 28, 2015

ASN:
AS20940 AKAMAI-ASN1 Akamai International B.V.,US

Root domain:
fileanddown.com

Whois:
2 fileanddown.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.PopelerSystemsl.G, PUP.Installer.PopelerSystemsl.U, PUP.Installer.PopelerSystemsl.Z, PUP.Installer.PopelerSystemsl.V, PUP.Solimba.PopelerS.Installer (M), PUP.Solimba.PopelerS.Bundler (M), PUP.Solimba (M)
100.00%

F-Prot
W32/A-a2151e6a
37.50%

Bitdefender
Gen:Variant.Application.Bundler.Kazy.132995
37.50%

NANO AntiVirus
Trojan.Win32.Morstar.delxop
37.50%

Sophos
Solimba Installer
37.50%

F-Secure
Gen:Variant.Application.Bundler
37.50%

Avira AntiVirus
APPL/Firseria.Gen8
37.50%

G Data
Gen:Variant.Application.Bundler.Kazy.132995
37.50%

Panda Antivirus
Trj/Genetic.gen
37.50%

IKARUS anti.virus
AdWare.BundleApp
37.50%

AVG
Generic, Adware BundleApp.HA
37.50%

VIPRE Antivirus
Threat.4782980
31.25%

Dr.Web
Trojan.DownLoader11.24441
31.25%

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.Kazy.132995
31.25%

Kaspersky
not-a-virus:Downloader.Win32.Morstar
31.25%

The domain dl.fileanddown.com has been seen to resolve to the following 5 IP addresses.

204.11.56.48
April 18, 2016

23.73.181.41
a23-73-181-41.deploy.static.akamaitechnologies.com
November 17, 2014

23.73.181.42
a23-73-181-42.deploy.static.akamaitechnologies.com
November 17, 2014

184.29.106.123
a184-29-106-123.deploy.static.akamaitechnologies.com
September 11, 2014

184.29.106.105
a184-29-106-105.deploy.static.akamaitechnologies.com
September 11, 2014

File downloads found at URLs served by dl.fileanddown.com.

1 / 68      (Adware)
http://dl.fileanddown.com/n/3.1.22.17.1/.../Ares Galaxy.exe  (87ae6ed54424db84a6d4217b8f1eae5a)

1 / 68      (Adware)
http://dl.fileanddown.com/n/3.1.22.17.1/.../Internet Explorer.exe  (b978efd1091a4c5bf0c3ddea6533aa08)

1 / 68      (Adware)
http://dl.fileanddown.com/n/3.1.22.17.1/.../Setup.exe  (e4b5e63ae95160121e46466b56328dc4)

1 / 68      (Adware)
http://dl.fileanddown.com/n/3.1.22.17.1/.../CursorFX.exe  (47127a09da12f0ec3bf8f642d5338e5b)

1 / 68      (Adware)
http://dl.fileanddown.com/n/3.1.22.17.1/.../Advanced PDF to JPG converter.exe  (be50b6b8edd25793491068a094b0cbbe)

1 / 68      (Adware)
http://dl.fileanddown.com/n/3.1.22.17.1/.../BitComet Beta.exe  (d269f480cce6c8d0d5e2b4a4c5b5d5b8)

1 / 68      (Adware)
http://dl.fileanddown.com/n/3.1.22.17.1/.../VLC Media Player.exe  (23df3e567ec69eb5bf2191b5846a8267)

1 / 68      (Adware)
http://dl.fileanddown.com/n/3.1.22.17.1/.../PhotoScape.exe  (b717daa52331ea3c44552aa2155efcc8)

1 / 68      (Adware)
http://dl.fileanddown.com/n/3.1.22.17.1/.../Ares Galaxy.exe  (7289d4b73ff7c666972c3a61f5ba8e3e)

1 / 68      (Adware)
http://dl.fileanddown.com/n/3.1.22.17.1/.../Setup.exe  (c1dde906b471baf446296ed4afd11968)

1 / 68      (Adware)
http://dl.fileanddown.com/n/3.1.22.17.1/.../VLC Media Player.exe  (ffdad44ded43fdfd6d375c1d249c7f15)

30 / 68    (Adware)
http://dl.fileanddown.com/n/3.1.22.17.1/.../Avast! Free Antivirus.exe  (dd6069453a1b25a7a080db795dd92c84)

27 / 68    (Adware)
http://dl.fileanddown.com/n/3.1.22.17.1/.../Free Screen Video Capture.exe  (822fe7ca6dafc570cce47f431f44885e)

28 / 68    (Adware)
http://dl.fileanddown.com/n/3.1.22.17.1/.../Cute Screen Recorder.exe  (cb71cf9f188f0a19a866e6bb91e4eca3)

24 / 68    (Adware)
http://dl.fileanddown.com/n/3.1.22.17.1/.../WinRAR.exe  (f3933509df74a09af6577dfbc03b468a)

32 / 68    (Adware)
http://dl.fileanddown.com/n/3.1.22.17.1/.../Speccy.exe  (c43d040967f1e367cfbee93dc0352335)

The following 33 files have been seen to comunicate with dl.fileanddown.com in live environments.

TCP » 23.73.181.41:80
clearscreenplayerbrowser.exe

TCP » 23.73.181.42:80
browser.exe (Speed Browser by Smart Applications)

TCP » 23.73.181.42:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 23.73.181.41:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 23.73.181.41:80
browser.exe (Speed Browser by Smart Applications)

TCP » 184.29.106.105:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.29.106.123:443
new_chrome.exe (1stBrowser by The 1stBrowser Authors)

TCP » 184.29.106.105:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.29.106.123:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.29.106.105:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.29.106.123:80
browser.exe (Browser)

TCP » 184.29.106.105:443
kometa.exe (Kometa by Kometa Authors)

TCP » 23.73.181.41:80
apptrailers.exe

TCP » 23.73.181.41:80
mine-craft-setup.exe

TCP » 23.73.181.41:80
pokki.exe (Pokki)

TCP » 23.73.181.41:80
bobrowser.exe (BoBrowser by The BoBrowser Authors)

TCP » 184.29.106.105:80
cfcdeaphhpbipfcpobifmeadpbleiadb.crx

TCP » 184.29.106.105:80
browser.exe (Browser)

TCP » 184.29.106.105:80
browser.exe (Browser)

TCP » 184.29.106.123:80
iaofmdncmakgfhhlkpeohbidhaiedblo.crx

 
Latest 20 of 43 files

URL:
http://dl.fileanddown.com/

Web server:
Apache

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.