Adware distribution site from Adlogica using a customized download manager such as the iBryte Optimum Installer. The site provides users with downloadble software bundled with various potentially unwanted software such as web browser toolbars and search hijackers including Babylon, Funmmods and Search.us. The domain file-download.downloadinfo.co is registered by proxy through GODADDY.COM, INC. and was originally registered in September of 2012. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Phoenix, Arizona within the United States which resides on the CloudFlare, Inc. network. The domain uses the CloudFlare CDN, a distributed domain name server service which utilizes a number of reverse proxy IP Addresses (see below). The domain is associated with the publisher Downloadinfo who is located in SAN FRANCISCO, California in the United States.
Registrar:
GODADDY.COM, INC.
Server location:
Arizona, United States (US)
Create date:
Thursday, September 27, 2012
Expires date:
Monday, September 26, 2016
Updated date:
Sunday, September 27, 2015
ASN:
AS13335 CLOUDFLARENET - CloudFlare, Inc.,US
Scanner detections:
Detections (100% detected)
Scan engine
Details
Detections
Reason Heuristics
PUP.Installer.QuickDownloader.O, PUP.Bundler.Outbrowse, PUP.installCore.DownloadGuru.Installer (M), PUP.Adlogica.Downloadinfo.Bundler (M), PUP.Outbrowse.justAccept.Bundler (M), PUP.Outbrowse.GreAtAPpSTlD.Bundler (M), PUP.installCore.DownloadStream.Installer (M), PUP.Outbrowse.VERIFIEDSOFTWAREsnb.Bundler (M), PUP.Outbrowse.SafeDown.Bundler (M), PUP.installCore.Download.Installer (M), PUP.Outbrowse.clickTOS.Bundler (M), PUP.installCore.SpeedyDo.Installer (M), PUP.Adlogica.Download.Bundler (M), PUP.Outbrowse.ClicKtoS.Bundler (M), PUP.Outbrowse (M)
100.00%
ESET NOD32
Win32/OutBrowse.BK potentially unwanted application, Win32/OutBrowse.BU potentially unwanted application
15.79%
VIPRE Antivirus
Threat.4786018, Threat.4150696, MyWebSearch Toolbar (not malicious)
15.79%
K7 AntiVirus
Unwanted-Program , Trojan
15.79%
McAfee
Adware-OutBrowse.c, Program.Adware-OutBrowse.e, Artemis!9FBBBB8EC658
15.79%
Fortinet FortiGate
Riskware/OutBrowse, Riskware/Toolbar_MyWebSearch
15.79%
AVG
Downloader, AdPlugin
15.79%
Dr.Web
Trojan.Packed.28678, Trojan.OutBrowse.109
10.53%
Kaspersky
not-a-virus:AdWare.MSIL.OutBrowse, not-a-virus:Downloader.NSIS.OutBrowse
10.53%
Malwarebytes
PUP.Optional.OutBrowse, PUP.Optional.Downloadster
10.53%
Trend Micro House Call
Suspici.92093976, Suspici.D37B864C
10.53%
Avira AntiVirus
APPL/Downloader.Gen, PUA/Outbrowse.Gen
10.53%
avast!
PUP-gen [PUP], Win32:OutBrowse-CJ [PUP]
10.53%
Agnitum Outpost
PUA.OutBrowse, PUA.Toolbar.MyWebSearch
10.53%
Sophos
Generic PUA GD, Generic PUA CH
10.53%
The domain file-download.downloadinfo.co has been seen to resolve to the following 4 IP addresses.
File downloads found at URLs served by file-download.downloadinfo.co.
URL:
http://file-download.downloadinfo.co/
Title:
“DownloadInfo - DownloadInfo”
SSL certificate subject:
CN=ssl255688.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated
SSL certificate issuer:
CN=COMODO RSA Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
Web server:
cloudflare-nginx (PHP/5.5.9-1ubuntu4)