home

www.b-download.com

Privacy Protection Service INC d/b/a PrivacyProtect.org  (Proxy Registrant)

Domain Information

The domain www.b-download.com is registered by proxy through PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM and was originally registered in November of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Registrar:
PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

Server location:
Virginia, United States (US)

Create date:
Saturday, November 22, 2014

Expires date:
Tuesday, November 22, 2016

Updated date:
Sunday, October 25, 2015

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US

Root domain:
b-download.com

Whois:
2 b-download.com records

Scanner detections:
Detections  (94% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.ICSSetup.M, PUP.installCore.ICSSetup.Installer (M), PUP.InstallCore.EST (M), PUP.NewMedia.NMH.installCore.Installer (M), PUP.installCore (M)
100.00%

ESET NOD32
Win32/InstallCore.NF potentially unwanted application, Win32/InstallCore.ADX.gen potentially unwanted application
18.75%

Dr.Web
Trojan.InstallCore.25
12.50%

VIPRE Antivirus
Threat.4788237
12.50%

K7 AntiVirus
Unwanted-Program
12.50%

Sophos
Install Core Click run software
12.50%

Avira AntiVirus
Adware/InstallCore.Y
12.50%

G Data
Win32.Adware.InstallCore.BV
12.50%

AVG
Generic
12.50%

The domain www.b-download.com has been seen to resolve to the following 5 IP addresses.

52.7.132.182
ec2-52-7-132-182.compute-1.amazonaws.com
February 26, 2016

107.23.203.23
ec2-107-23-203-23.compute-1.amazonaws.com
February 26, 2016

54.84.143.69
ec2-54-84-143-69.compute-1.amazonaws.com
February 26, 2016

54.88.15.93
ec2-54-88-15-93.compute-1.amazonaws.com
November 29, 2014

54.172.110.87
ec2-54-172-110-87.compute-1.amazonaws.com
November 29, 2014

File downloads found at URLs served by www.b-download.com.

1 / 68      (Adware)
http://www.b-download.com/?dl=1&dr=hd5C m0WedNyDK50IXDlfSDphXAmD3vpDZ0m rcWcHim7dAWilam7dREhXs0vmAWASDChTMm7dlChV8FNjAROZ7RNjamI3cWedtleX2JcmxWvm10hXtt7XxjIHxFcrVWvm1uhXtw r5jDK1l ExWvmN0hXt07XvEDXxWvmF0hXtpDCNJ Exl Ei6xH1YIKDTDK5y7dg6VH0mDXPwcj1Y7KNlIKxWvm5whXtPDHsJcdl0IKWufSDC2j1YDrVdIKNlfSDzcj1zcmAm2r0Wc32lDXimcHaWck1mIXvlDmW4vm5EIKiWXzCwAZg4OZA0NZ7R&campaignId=9jn0ATcwNZa4AZMq  (firefoxsetup.exe)

1 / 68      (Adware)
http://www.b-download.com/?dl=1&dr=hd5C m0WedNyDK50IXDlfSDphXAmD3vpDZ0m rcWcHim7dAWilam7dREhXs0vmAWASDChTMm7dlChV8FNZgROZ7RNjamI3cWedtleX2JcmxWvm10hXtt7XxjIHxFcrVWvm1uhXtw r5jDK1l ExWvmN0hXt07XvEDXxWvmF0hXtpDCNJ Exl Ei6xH1YIKDTDK5y7dg6VH0mDXPwcj1Y7KNlIKxWvm5whXtPDHsJcdl0IKWufSDC2j1YDrVdIKNlfSDzcj1zcmAm2r0Wc32lDXimcHaWck1mIXvlDmW4vm5EIKiWXzCwNZ74Aji0NZ7R&campaignId=9jn0ATcRAznwAZMq  (firefoxsetup.exe)

0 / 68
http://www.b-download.com/?dl=1&dr=c3aWc3vjvExthXN3DKV0vEsyhXMtDmlyDKDJekDphXAmD3vpDZ0m rcWDK4m7dAWL5im7dREhKVuvmAWASDChTMm7dlChV8FAZ71NZaFNTam7K2pDZ1fOTa3NTi3OZ7yNjn=&campaignId=9jn0AT7FNZA4AZMq  (firefox setup 27.0.exe)

1 / 68      (Adware)
http://www.b-download.com/?dl=1&dr=hd5C m0WedNyDK50IXDlfSDphXAmD3vpDZ0m rcWcHim7dAWilam7dREhXs0vmAWASDChTMm7dlChV8FOZMyOZ7RNjamI3cWedtleX2JcmxWvm10hXtt7XxjIHxFcrVWvm1uhXtw r5jDK1l ExWvmN0hXt07XvEDXxWvmF0hXtpDCNJ Exl Ei6xH1YIKDTDK5y7dg6VH0mDXPwcj1Y7KNlIKxWvm5whXtPDHsJcdl0IKWufSDC2j1YDrVdIKNlfSDzcj1zcmAm2r0Wc32lDXimcHaWck1mIXvlDmW4vm5EIKiWXzC0Nj74Aji0NZ7R&campaignId=9jn0ATcwAZLwAZMq  (firefoxsetup.exe)

1 / 68      (Adware)
http://www.b-download.com/?dl=1&dr=hd5C m0WedNyDK50IXDlfSDphXAmD3vpDZ0m rcWcHim7dAWilam7dREhXs0vmAWASDChTMm7dlChV8FNZgROZ7RNjamI3cWedtleX2JcmxWvm10hXtt7XxjIHxFcrVWvm1uhXtw r5jDK1l ExWvmN0hXt07XvEDXxWvmF0hXtpDCNJ Exl Ei6xH1YIKDTDK5y7dg6VH0mDXPwcj1Y7KNlIKxWvm5whXtPDHsJcdl0IKWufSDC2j1YDrVdIKNlfSDzcj1zcmAm2r0Wc32lDXimcHaWck1mIXvlDmW4vm5EIKiWXzCwNZ74Aji0NZ7R&campaignId=9jn0ATcRAza4AZMq  (firefoxsetup.exe)

1 / 68      (Adware)
http://www.b-download.com/?dl=1&dr=cHaWck1mIXvlDmW4vExthXN3DKV0AQDzcj1QDyDphXAmD3vpDZ0m rcWDEam7dAWxlam7dREhKDyvmAWASDChTMm7dlChV8RNTnwAzgwOTnm7K2pDZ1fAZa4AzayOZn0Ag==&pd=2323UmFl2y1QDXN07XswUmNJ i==&campaignId=9jn0AjA4NTM0AZMq  (firefoxsetup.exe)

1 / 68      (Adware)
http://www.b-download.com/?dl=1&dr=hd5C m0WedNyDK50IXDlfSDphXAmD3vpDZ0m rcWDK4m7dAWSL4m7dREhKVuvmAWASDChTMm7dlChV8FNZ7RNzLFNTamI3cWedtleX2JcmxWvm10hXtt7XxjIHxFcrVWvm1uhXtw r5jDK1l ExWvmN0hXt07XvEDXxWvmF0hXtpDCNJ Exl Ei6xH1YIKDTDK5y7dg6VH0mDXPwcj1Y7KNlIKxWvm5whXtPDHsJcdl0IKWufSDC2j1YDrVdIKNlfSDzcj1zcmAm2r0Wc32lDXimcHaWck1mIXvlDmW4vm5EIKiWXzC4Aj71OZAwAz7R&campaignId=9jn0AT7FAznyAZMq  (icreinstall_firefoxsetup.exe)

2 / 68      (PUP)
http://www.b-download.com/?dl=1&dr=hd5C m0WedNyDK50IXDlfSDphXAmD3vpDZ0m rcWDK4m7dAWSL4m7dREhKVuvmAWASDChTMm7dlChV8FNZ7RNzLFNTamI3cWedtleX2JcmxWvm10hXtt7XxjIHxFcrVWvm1uhXtw r5jDK1l ExWvmN0hXt07XvEDXxWvmF0hXtpDCNJ Exl Ei6xH1YIKDTDK5y7dg6VH0mDXPwcj1Y7KNlIKxWvm5whXtPDHsJcdl0IKWufSDC2j1YDrVdIKNlfSDzcj1zcmAm2r0Wc32lDXimcHaWck1mIXvlDmW4vm5EIKiWXzC4Aj71OZAwAz7R&campaignId=9jn0AT7FAznyAZMq  (firefoxsetup.exe)

1 / 68      (Adware)
http://www.b-download.com/?dl=1&dr=hd5C m0WedNyDK50IXDlfSDphXAmD3vpDZ0m rcWDK4m7dAWSL4m7dREhKVuvmAWASDChTMm7dlChV8FNZ7RNzLFNTamI3cWedtleX2JcmxWvm10hXtt7XxjIHxFcrVWvm1uhXtw r5jDK1l ExWvmN0hXt07XvEDXxWvmF0hXtpDCNJ Exl Ei6xH1YIKDTDK5y7dg6VH0mDXPwcj1Y7KNlIKxWvm5whXtPDHsJcdl0IKWufSDC2j1YDrVdIKNlfSDzcj1zcmAm2r0Wc32lDXimcHaWck1mIXvlDmW4vm5EIKiWXzC4Aj71OZAwAz7R&campaignId=9jn0AT7FAznyAZMq  (icreinstall_firefoxsetup.exe)

0 / 68
http://www.b-download.com/?dl=1&dr=hd5C m0WedNyDK50IXDlfSDphXAmD3vpDZ0m rcWDK4m7dAWSL4m7dREhKVuvmAWASDChTMm7dlChV8FNZ7RNzLFNTamI3cWedtleX2JcmxWvm10hXtt7XxjIHxFcrVWvm1uhXtw r5jDK1l ExWvmN0hXt07XvEDXxWvmF0hXtpDCNJ Exl Ei6xH1YIKDTDK5y7dg6VH0mDXPwcj1Y7KNlIKxWvm5whXtPDHsJcdl0IKWufSDC2j1YDrVdIKNlfSDzcj1zcmAm2r0Wc32lDXimcHaWck1mIXvlDmW4vm5EIKiWXzC4Aj71OZAwAz7R&campaignId=9jn0AT7FAznyAZMq  (firefox setup 27.0.exe)

1 / 68      (Adware)
http://www.b-download.com/?dl=1&dr=c3aWc3vjvExthXN3DKV0vEsyhXMtDmlyDKDJekDphXAmD3vpDZ0m rcWDK4m7dAWTCwm7dREhKVuvmAWASDChTMm7dlChV8FNZg1NZaFNTam7K2pDZ1fOTgwNji3OZ7yNjn=&campaignId=9jn0AT74OTcwAZMq  (firefoxsetup.exe)

1 / 68      (Adware)
http://www.b-download.com/?dl=1&dr=7Kxu T1Y73vl7Xxp2mVWvmCWcyDEcmlChSDBDz1l QDj7z1OTkDj rcWDK4m7z0RvmiWAkDjIKiWXzCdATadNTC1AQDG2z1YIdVF2dWyDH0m XiWed1P2rNo2HlwDX0m K4We3sB7KNl KVu2H0m73iWe3xPcm2l2H0m EiWedlmidWu2rVu2ZpnfXtpDlNl7XvjIZpLfSDleHsyhXtP7dVpDH0m7XMWed5CcrWzIXxp dFWvmxdhXtCDXDp7dVWvENyhXNy7yD0 T1z2dVl2kDwcj1wUKDpcmVm 3gm7K2pDZ1fOTi0OZa4AZMzNjn=&campaignId=9jn0AT7FATgdAZMq  (firefoxsetup.exe)

1 / 68      (Adware)
http://www.b-download.com/?dl=1&dr=hd5C m0WedNyDK50IXDlfSDphXAmD3vpDZ0m rcWDK4m7dAWSL4m7dREhKVuvmAWASDChTMm7dlChV8FNjnzOZLFNTamI3cWedtleX2JcmxWvm10hXtt7XxjIHxFcrVWvm1uhXtw r5jDK1l ExWvmN0hXt07XvEDXxWvmF0hXtpDCNJ Exl Ei6xH1YIKDTDK5y7dg6VH0mDXPwcj1Y7KNlIKxWvm5whXtPDHsJcdl0IKWufSDC2j1YDrVdIKNlfSDzcj1zcmAm2r0Wc32lDXimcHaWck1mIXvlDmW4vm5EIKiWXzCyOTayNT7wAz7R&campaignId=9jn0AT74ATa0AZMq  (firefoxsetup.exe)

1 / 68      (Adware)
http://www.b-download.com/?dl=1&dr=hd5C m0WedNyDK50IXDlfSDphXAmD3vpDZ0m rcWDK4m7dAWiLLm7dREhKVuvmAWASDChTMm7dlChV8FAjLdNTLFNTamI3cWedtleX2JcmxWvm10hXtt7XxjIHxFcrVWvm1uhXtw r5jDK1l ExWvmN0hXt07XvEDXxWvmF0hXtpDCNJ Exl Ei6xH1YIKDTDK5y7dg6VH0mDXPwcj1Y7KNlIKxWvm5whXtPDHsJcdl0IKWufSDC2j1YDrVdIKNlfSDzcj1zcmAm2r0Wc32lDXimcHaWck1mIXvlDmW4vm5EIKiWXzC0NZazAjCFAj7R&campaignId=9jn0AT7FAzg0AZMq  (firefoxsetup.exe)

1 / 68      (Adware)
http://www.b-download.com/?dl=1&dr=hd5C m0WedNyDK50IXDlfSDphXAmD3vpDZ0m rcWDEam7dAWxlam7dREhKDyvmAWASDChTMm7dlChV8FAjAFNz7RNjamI3cWedtleX2JcmxWvm10hXtt7XxjIHxFcrVWvm1uhXtw r5jDK1l ExWvmN0hXt07XvEDXxWvmF0hXtpDCNJ Exl Ei6xH1YIKDTDK5y7dg6VH0mDXPwcj1Y7KNlIKxWvm5whXtPDHsJcdl0IKWufSDC2j1YDrVdIKNlfSDzcj1zcmAm2r0Wc32lDXimcHaWck1mIXvlDmW4vm5EIKiWXzC4AjCzAZa0NZ7R&campaignId=9jn0AT7FAjayAZMq  (icreinstall_firefoxsetup.exe)

1 / 68      (Adware)
http://www.b-download.com/?dl=1&dr=hd5C m0WedNyDK50IXDlfSDphXAmD3vpDZ0m rcWDK4m7dAWVVAm7dREhKVuvmAWASDChTMm7dlChV8FNZM3NTL4NTamI3cWedtleX2JcmxWvm10hXtt7XxjIHxFcrVWvm1uhXtw r5jDK1l ExWvmN0hXt07XvEDXxWvmF0hXtpDCNJ Exl Ei6xH1YIKDTDK5y7dg6VH0mDXPwcj1Y7KNlIKxWvm5whXtPDHsJcdl0IKWufSDC2j1YDrVdIKNlfSDzcj1zcmAm2r0Wc32lDXimcHaWck1mIXvlDmW4vm5EIKiWXzCyNzcdAjL0Aj7R&campaignId=9jn0AT74NZi4AZMq  (firefoxsetup.exe)

9 / 68      (Adware)
http://www.b-download.com/?dl=1&dr=c3aWc3vjvExthXN3DKV0vEsyhXMtDmlyDKDJekDphXAmD3vpDZ0m rcWDK4m7dAWTCwm7dREhKVuvmAWASDChTMm7dlChV8FNZg1NZaFNTam7K2pDZ1fOTgwNji3OZ7yNjn=&campaignId=9jn0ATcwOTgdAZMq  (firefoxsetup.exe)

9 / 68      (Adware)
http://www.b-download.com/?dl=1&dr=hd5C m0WedNyDK50IXDlfSDphXAmD3vpDZ0m rcWDK4m7dAWi0nm7dREhKVuvmAWASDChTMm7dlChV8FNjC0OZLFNTamI3cWedtleX2JcmxWvm10hXtt7XxjIHxFcrVWvm1uhXtw r5jDK1l ExWvmN0hXt07XvEDXxWvmF0hXtpDCNJ Exl Ei6xH1YIKDTDK5y7dg6VH0mDXPwcj1Y7KNlIKxWvm5whXtPDHsJcdl0IKWufSDC2j1YDrVdIKNlfSDzcj1zcmAm2r0Wc32lDXimcHaWck1mIXvlDmW4vm5EIKiWXzCdNz7yNT7wAz7R&campaignId=9jn0ATcwNjM4AZMq  (firefoxsetup.exe)

The following 3 files have been seen to comunicate with www.b-download.com in live environments.

TCP » 54.84.143.69:80
WajamInternetEnhancer.exe (Wajam Internet Enhancer by Wajam Internet Technologies)

TCP » 54.84.143.69:80
notifier64.exe (Notifications)

TCP » 54.84.143.69:80
ContentFinder.exe (ContentFinder by ContentFinder Company)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.