home

download2.manycams.com

Visicom Media Inc.

Domain Information

The domain download2.manycams.com registered by Visicom Media Inc. was initially registered in March of 2006 through DNC HOLDINGS, INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Phoenix, Arizona within the United States which resides on the CloudFlare, Inc. network. The domain uses the CloudFlare CDN, a distributed domain name server service which utilizes a number of reverse proxy IP Addresses (see below).
Registrar:
DNC HOLDINGS, INC.

Server location:
Arizona, United States (US)

Create date:
Wednesday, March 22, 2006

Expires date:
Monday, March 22, 2021

Updated date:
Thursday, October 15, 2015

ASN:
AS13335 CLOUDFLARENET - CloudFlare, Inc.,US

Root domain:
manycams.com

Whois:
1 manycams.com record

Scanner detections:
Detections  (86% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Visicom.ManyCam (L), Threat.Win.Reputation.IMP, PUP.Visicom.MPE, Win32.Generic, PUP.Visicom.Manycam.Meta (L), PUP.Visicom.VisicomM.Installer.Meta (M), PUP.Visicom (M), PUP.Visicom.Manycam (L)
77.42%

Dr.Web
Tool.InstallToolbar.174, Trojan.Siggen6.54687, Trojan.Inject1.28681, hacktool program Tool.InstallToolbar.246
25.81%

ESET NOD32
Win32/VB.OSK trojan, Win32/Toolbar.Visicom.F potentially unwanted application, Win32/Delf.NRJ worm
19.35%

AVG
Generic, Worm/Delf.KHX, Worm/Delf.KKS
16.13%

Emsisoft Anti-Malware
Gen:Variant.Barys.977, Worm.Generic.377772
16.13%

Microsoft Security Essentials
Threat.Undefined
16.13%

avast!
Win32:VB-OJQ [Wrm], Win32:Agent-AODJ [Trj]
16.13%

Norman
Gen:Variant.Barys.977, Worm.Generic.377772
12.90%

F-Prot
W32/Renamer.A.gen
12.90%

McAfee
Virus.W32/Swisyn.ag, Virus.W32/Gnamer
9.68%

Kaspersky
Trojan.Win32.Swisyn, Virus.Win32.Renamer
9.68%

Bkav FE
W32.HfsAdware
3.23%

VIPRE Antivirus
Threat.4763461
3.23%

F-Secure
Variant.Barys.977
3.23%

Sophos
Virus 'Mal/VB-YJ'
3.23%

The domain download2.manycams.com has been seen to resolve to the following 6 IP addresses.

104.24.16.106
July 6, 2016

104.24.15.106
July 6, 2016

162.159.243.179
January 4, 2016

162.159.244.179
January 4, 2016

104.18.47.215
October 29, 2015

104.18.46.215
October 29, 2015

File downloads found at URLs served by download2.manycams.com.

1 / 68      (PUP)
http://download2.manycams.com/.../ManyCamWebInstaller.exe  (b66c32ff07819969e3805adb7c3b2214)

1 / 68      (Adware)
http://download2.manycams.com/ManyCamSetup_v4.1.2.exe  (f188a906a40071f07c62746355e84cf7)

4 / 68      (PUP)
http://download2.manycams.com/cdn-cgi/.../chk_captcha?recaptcha_challenge_field=03AHJ_Vus14D4TJF7iplobB4gf3sOhTKNqPWyhedNXC0fApDxqAfe2mVuET5gBTIeJ-Z0Q6FqQDxZNPNqoUAfIUtd586zmnxIDkH95N6sSRunemZNC8lDPZgsGLFPaat6sGKUDFyqn-kNXBZ8K7xTSFQmNH0wVQiBSk4GUqFqZx_pzx3GaIE4kO1edG-jrgzZ_b5_XCtyWlwlmDpe4Xb7f_Z5lcjzZaUclppqBKdCJiAYovINkUmufW-8&recaptcha_response_field=134&id=25cf242233cb3337  (manycamwebinstaller.exe)

4 / 68      (PUP)
http://download2.manycams.com/cdn-cgi/.../chk_captcha?recaptcha_challenge_field=03AHJ_VutUobK3Ly0QrflMm6jjGhi6DleLhbQPt_2vtJvtKyChoBXWe5weQWMjRx_9zz9KEU_2tc9vMT82tWL7dvmq_xSRkWEi1Z_bZqKSa3kBIsWYc0APhb5fmYLbp_ke7jWz722f-EE-xtEbuoTKTcv5QvPBHINTm5RMSnwCsgzgH32MzEGYwwP36U1SM2z3pC3chtQNSYh6ZZkobOG_SGBK1t0La9ZY3450UygFI3IprH0YCaYavK4dLSz9jznEPglz_wupYxMlNbEOx9U4e8lR9oNSHWwmNA&recaptcha_response_field=1717&id=25cb6f2ac0ad3fb9  (manycamwebinstaller.exe)

URL:
http://download2.manycams.com/

SSL certificate subject:
CN=ssl340674.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO RSA Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
cloudflare-nginx

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.