home

www.adskdoom.info

Miro Shona

Domain Information

This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Scottsdale, Arizona within the United States which resides on the GoDaddy.com, LLC network.
Registrar:
GoDaddy.com, LLC

Server location:
Arizona, United States (US)

ASN:
AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC

Root domain:
adskdoom.info

Whois:
1 adskdoom.info record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Bkav FE
W32.KirapaL.Trojan, W32.HfsAdware, HW32.Packed, W32.HfsAutoB
83.33%

MicroWorld eScan
Gen:Variant.Adware.Graftor.173198, Gen:Variant.Zusy.113278, Gen:Variant.Graftor.180743, Gen:Variant.Zusy.133389
83.33%

K7 AntiVirus
Adware , Trojan
83.33%

Bitdefender
Gen:Variant.Adware.Graftor.173198, Gen:Variant.Zusy.113278, Gen:Variant.Graftor.180743, Gen:Variant.Zusy.133389
83.33%

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.173198, Gen:Variant.Zusy.113278, Gen:Variant.Graftor.180743, Gen:Variant.Zusy.133389
83.33%

Avira AntiVirus
Adware/Vonteera.1139792, Adware/Vonteera.2155600, ADWARE/Vonteera.2713088, Adware/Vonteera.4536320, ADWARE/Vonteera.1640016
83.33%

G Data
Gen:Variant.Adware.Graftor.173198, Gen:Variant.Zusy.113278, Gen:Variant.Graftor.180743, Trojan.GenericKD.2234822
83.33%

AhnLab V3 Security
Adware/Win32.MultiPlug, Adware/Win32.Vonteera
83.33%

McAfee
Artemis!623018FC95AD, Artemis!F4A06CD0B5BD, Artemis!1B0D3A6C6B46, Artemis!1CB8C03FB510, Artemis!ACFFBA2B2A89
83.33%

Fortinet FortiGate
Riskware/Vonteera, Adware/Vonteera, W32/Vonteera.K, Adware/Generic
83.33%

AVG
Win32/DH, Generic, Generic6
83.33%

Panda Antivirus
Trj/Genetic.gen, Trj/CI.A, Generic Suspicious
83.33%

Qihoo 360 Security
HEUR/QVM41.1.Malware.Gen, HEUR/QVM19.1.Malware.Gen
83.33%

Trend Micro House Call
TROJ_GEN.R047H07BA15, TROJ_GEN.R0C1H07BI15, TROJ_GEN.R031C0ECN15, Suspicious_GEN.F47V0319
66.67%

avast!
Win32:Adware-gen [Adw]
66.67%

The domain www.adskdoom.info has been seen to resolve to the following 2 IP addresses.

141.8.224.239
May 20, 2016

50.63.202.65
ip-50-63-202-65.ip.secureserver.net
February 28, 2016

File downloads found at URLs served by www.adskdoom.info.

25 / 68    (PUP)
http://www.adskdoom.info/.../e5d80d7bfb.exe  (54d29d3.exe)

1 / 68      (Adware)
http://www.adskdoom.info/.../405d18.exe  (fh348d.tmp)

31 / 68    (Adware)
http://www.adskdoom.info/.../7a45bc.exe  (ffbccf5515.exe)

31 / 68    (Adware)
http://www.adskdoom.info/.../ffbccf5515.exe  (acffba2b2a892dc7d813ab5afb99087e)

26 / 68    (Adware)
http://www.adskdoom.info/.../e84e3e1ae2.exe  (6a46ba.exe)

31 / 68    (Adware)
http://www.adskdoom.info/.../c0080281dd.exe  (ffbccf5515.exe)

26 / 68    (Adware)
http://www.adskdoom.info/.../c8b2232.exe  (6a46ba.exe)

26 / 68    (Adware)
http://www.adskdoom.info/.../b912879.exe  (6a46ba.exe)

26 / 68    (Adware)
http://www.adskdoom.info/.../dc364a.exe  (6a46ba.exe)

31 / 68    (Adware)
http://www.adskdoom.info/.../9d9fb35.exe  (ffbccf5515.exe)

31 / 68    (Adware)
http://www.adskdoom.info/.../b6cdbf6b.exe  (ffbccf5515.exe)

23 / 68    (Adware)
http://www.adskdoom.info/.../721f038eb.exe  (292c2304b5.exe)

21 / 68    (PUP)
http://www.adskdoom.info/.../7ca6afb5.exe  (5a65b94a.exe)

The following 3 files have been seen to comunicate with www.adskdoom.info in live environments.

TCP » 141.8.224.239:80
dislike.crx

TCP » 141.8.224.239:443
droppad.crx

TCP » 50.63.202.65:80
42fe.tmp.exe

URL:
http://www.adskdoom.info/

Web server:
Microsoft-IIS/7.5 (ASP.NET) (Version: 4.0.30319)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.