home

download.devicedoctor.com

Device Doctor Software Inc.

Domain Information

The domain download.devicedoctor.com registered by Device Doctor Software Inc. was initially registered in June of 2007 through TIERRANET INC. D/B/A DOMAINDISCOVER. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in New York City, New York within the United States which resides on the Digital Ocean, Inc. network.
Registrar:
TIERRANET INC. D/B/A DOMAINDISCOVER

Server location:
New York, United States (US)

Create date:
Tuesday, June 26, 2007

Expires date:
Wednesday, June 26, 2019

Updated date:
Monday, August 12, 2013

ASN:
AS46652 SERVERSTACK-ASN - ServerStack, Inc.

Root domain:
devicedoctor.com

Whois:
1 devicedoctor.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
DownloadManager.AirSoftware.T, PUP.Air Software.AirSoftware.Bundler (M), PUP.Air Software.AirSoftw.Bundler (M)
100.00%

McAfee
Artemis!0AD84E90907F
37.50%

Malwarebytes
PUP.Optional.AirInstaller
37.50%

Trend Micro House Call
TROJ_GEN.F47V0119
37.50%

avast!
Win32:Installer-L [PUP]
37.50%

Agnitum Outpost
PUA.AirAd
37.50%

AegisLab AV Signature
Troj.W32.Jorik.Steckt
37.50%

Comodo Security
Application.Win32.AirAdInstaller.A
37.50%

Dr.Web
Trojan.SMSSend.4747, Adware.Downware.2035
37.50%

VIPRE Antivirus
Iminent
37.50%

Sophos
AirInstaller
37.50%

Vba32 AntiVirus
AdWare.AirAdInstaller, AdWare.AirAdInstaller.ajov
37.50%

ESET NOD32
Win32/AirAdInstaller (variant)
37.50%

Rising Antivirus
PE:PUF.Airinstall!1.9C4C
37.50%

Fortinet FortiGate
Riskware/AirAdInstaller
37.50%

The domain download.devicedoctor.com has been seen to resolve to the following 4 IP addresses.

162.243.2.91
empire.airinstaller.com
March 20, 2014

108.168.218.34
108.168.218.34-static.reverse.softlayer.com
March 15, 2014

192.241.231.245
babar.airinstaller.com
February 7, 2014

192.241.139.115
justice.airinstaller.com
December 23, 2013

File downloads found at URLs served by download.devicedoctor.com.

1 / 68      (Adware)
http://download.devicedoctor.com/get/click/.../?filename=DeviceDoctor_Bundle.exe  (devicedoctor_bundle.exe.exe)

1 / 68      (Adware)
http://download.devicedoctor.com/get/click/.../?filename=DeviceDoctor_Bundle.exe  (devicedoctor_bundle.exe.exe)

1 / 68      (Adware)
http://download.devicedoctor.com/get/click/.../?filename=DeviceDoctor_Bundle.exe  (devicedoctor_bundle.exe.exe)

1 / 68      (Adware)
http://download.devicedoctor.com/get/click/.../?filename=DeviceDoctor_Bundle.exe  (devicedoctor_bundle.exe.exe)

1 / 68      (Adware)
http://download.devicedoctor.com/get/click/.../?filename=DeviceDoctor_Bundle.exe  (devicedoctor_bundle.exe.exe)

36 / 68    (Adware)
http://download.devicedoctor.com/get/click/.../?filename=DeviceDoctor_Bundle.exe  (devicedoctor_bundle.exe.exe)

35 / 68    (Adware)
http://download.devicedoctor.com/get/click/.../?filename=DeviceDoctor_Bundle.exe  (devicedoctor_bundle.exe.exe)

35 / 68    (Adware)
http://download.devicedoctor.com/get/click/.../?filename=DeviceDoctor_Bundle.exe  (devicedoctor_bundle.exe.exe)

The following file have been seen to comunicate with download.devicedoctor.com in live environments.

TCP » 108.168.218.34:80
15ba9f94.exe (Google Talk by AirInstaller)

URL:
http://download.devicedoctor.com/

Title:
“Air Installer ™”

Description:
“Air Installer”

Web server:
Apache/2.2.22 (Ubuntu) (PHP/5.4.6-1ubuntu1.4)

airdwnlds.com

downloadwiz.com

downloadwizard.com

getsoftfree.com

updatersoft.com

updatesoftnow.com

airdwnlas.com

downloadd.org

downloaderhub.net

dwnload.org

ez-downloads.com

fastdownloaders.com

installs.co

mp3jam.org

my-uq.com

pcfilehelp.com

pcsoftupdate.com

pcupgradenow.com

redir.info

trustydownloads.com

updatenowpro.com

airinstaller.com

bestpcfiles.com

downloadrockstar.com

downloadverse.com

ezdownloader.net

fastdld.com

filefolio.com

freeversion.org

install-free.net

30 of 34 related domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.