dl1.downserver2.com

OutBrowse

Domain Information

The domain dl1.downserver2.com registered by OutBrowse was initially registered in April of 2014 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Sherman Oaks, California within the United States which resides on the Unitas Global LLC network.
Registrar:
GODADDY.COM, LLC

Server location:
California, United States (US)

Create date:
Sunday, April 20, 2014

Expires date:
Wednesday, April 20, 2016

Updated date:
Tuesday, June 16, 2015

ASN:
AS4436 AS-NLAYER - nLayer Communications, Inc.

Root domain:

Scanner detections:
Detections  (90% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.PlurPush.L, (M), PUP.Win.Reputation, PUP.Veristaff.R, PUP.Installer.OlacatalaOU.S, PUP.ReSoft.F, PUP.MYPOPSHOP.J, PUP.Installer.BoxoreOU.P, PUP.BundledOffer.Meta (L), Threat.Win.Reputation.IMP, PUP.BubbleDock.Installer.Meta (M)
70.00%

Trend Micro House Call
TROJ_GEN.F47V0413, TROJ_GE.48818833, Suspicious_GEN.F47V0727, Suspicious_GEN.F47V0905, TROJ_GEN.R031C0EJE14, Suspicious_GEN.F47V1107
40.00%

G Data
Gen:Variant.Graftor.149279, Win32.Trojan-Dropper.BoxoreInject, Win32.Trojan.Agent.38RZLK, Win32.Application.Dealply, Gen:Variant.Graftor.161841
30.00%

ESET NOD32
Win32/BrowseFox, Win32/Injector.BIZV (variant), Win32/TrojanDropper.MsiDrop (variant), Win32/DealPly.V potentially unwanted (variant)
25.00%

Malwarebytes
PUP.Optional.SearchProtect.A, PUP.Optional.SoftwareUpdate.A, Trojan.Agent, PUP.Optional.OutBrowse
25.00%

NANO AntiVirus
Trojan.Win32.Generic.cthmwf, Trojan.Win32.Downware.ctonas, Trojan.Win32.Agent.dhiqaj
25.00%

Dr.Web
Adware.Downware.2081, Adware.Downware.1463, Trojan.Siggen6.30901
25.00%

Baidu Antivirus
Adware.Win32.Conduit, Trojan.Win32.MsiDrop, Adware.Win32.offerblvd, Trojan.Win32.Genome, Adware.Win32.DealPly
25.00%

McAfee
Artemis!148927801825, Artemis!5255C259AEA3, Artemis!A637480D1FD4, RDN/Generic PUP.x!crj, Artemis!E59113EE0893
25.00%

VIPRE Antivirus
Trojan.Win32.Generic, Boxore, Cyclon-Media
25.00%

Avira AntiVirus
TR/Trash.Gen, ADWARE/Adware.Gen, ADWARE/DealPly.fgrts
25.00%

Sophos
Registry Cleaner, Veristaff, Generic PUA LA, Generic PUA FL
20.00%

avast!
Win32:Malware-gen, Win32:Adware-gen [Adw]
20.00%

IKARUS anti.virus
Trojan-Spy.Zbot, PUA.Linkury, AdWare.Win32.PennyBee, Trojan.SuspectCRC
20.00%

Agnitum Outpost
Trojan.Injector, PUA.OutBrowse
15.00%

The domain dl1.downserver2.com has been seen to resolve to the following 2 IP addresses.

192-124-232-198.static.unitasglobal.net
January 5, 2016

224-124-232-198.static.unitasglobal.net
September 15, 2014

File downloads found at URLs served by dl1.downserver2.com.

4 / 68      (PUP)

9 / 68      (Adware)

4 / 68      (PUP)

4 / 68      (PUP)

1 / 68      (PUP)
http://dl1.downserver2.com/Installer/.../Bubble_DockA.exe  (67faf989b802f3a30828d8edfce953cf)

15 / 68    (PUP)

1 / 68      (Malware)

4 / 68      (PUP)

3 / 68      (Malware)

4 / 68      (PUP)

4 / 68      (PUP)

8 / 68      (Malware)

0 / 68
http://dl1.downserver2.com/Installer/.../zoomify.exe  (30abcdd6110c367384976f67aadff61d)

1 / 68      (Malware)

6 / 68      (Adware)

7 / 68      (PUP)

4 / 68      (Adware)
http://dl1.downserver2.com/Installer/.../PlurPush_ob.exe  (6cbb7431e063707ab645ace22424050a)

9 / 68      (Adware)

5 / 68      (PUP)

16 / 68    (Adware)

5 / 68      (PUP)

20 / 68    (PUP)

The following 60 files have been seen to comunicate with dl1.downserver2.com in live environments.

 
Latest 20 of 77 files

URL:
http://dl1.downserver2.com/

Web server:
NetDNA-cache/2.2