home

www.win7drivers.com

WebSEO.Net

Domain Information

The domain www.win7drivers.com registered by WebSEO.Net was initially registered in October of 2008 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Columbia, Maryland within the United States which resides on the American Information Network network.
Registrar:
GODADDY.COM, LLC

Server location:
Maryland, United States (US)

Create date:
Saturday, October 11, 2008

Expires date:
Sunday, October 11, 2015

Updated date:
Sunday, April 19, 2015

ASN:
AS6405 AIN - American Information Network,US

Root domain:
win7drivers.com

Whois:
1 win7drivers.com record

Scanner detections:
Detections  (80% detected)

Scan engine
Details
Detections

Trend Micro House Call
Suspicious_GEN.F47V0404, Suspicious_GEN.F47V0505, Suspici.C2149111, TROJ_GEN.R02SC0OBN15
100.00%

Dr.Web
Program.Unwanted.342, Program.Unwanted.257, Trojan.KillFiles.24504
100.00%

VIPRE Antivirus
Trojan.Win32.Generic
75.00%

avast!
Win32:Malware-gen, Win32:Trojan-gen
75.00%

NANO AntiVirus
Riskware.Win32.Unwanted.dqbdml, Riskware.Nsis.Unwanted.dpybkw, Trojan.Win32.KillFiles.doxhth
75.00%

McAfee
Artemis!90680204C4AF, Artemis!D86A4C03988F, Artemis!0E5F80E9EEB1
75.00%

AVG
Generic6
75.00%

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
50.00%

K7 AntiVirus
Trojan , Riskware
50.00%

Avira AntiVirus
TR/Agent.3290008.7, TR/Agent.3332446
50.00%

Norman
Suspicious_Gen4.IEWGG
25.00%

Trend Micro
TROJ_GEN.R03AC0OE415
25.00%

herdProtect (fuzzy)
a variant of 079f90bec67ec383916389ff8976b099a40e6ca5
25.00%

Bkav FE
W32.HfsAdware
25.00%

Reason Heuristics
PUP.oTweak.Optional.Installer.Meta (L)
25.00%

The domain www.win7drivers.com has been seen to resolve to the following 2 IP addresses.

204.11.56.48
May 23, 2016

205.134.174.82
www.top-blowjob.com
August 12, 2015

File downloads found at URLs served by www.win7drivers.com.

5 / 68      (PUP)
http://www.win7drivers.com/counter/click.php?f=http://downloads.otweak.com/dup/74/.../gigatech_sa_500x_drivers.exe&i=gigatech_sa_500x_drivers_1  (ethernet_controller_e0000203.exe)

9 / 68      (Malware)
http://www.win7drivers.com/counter/click.php?f=http://downloads.otweak.com/dup/41971/.../win7driver.exe&i=network_controller_14e4_4357_nodb_pci  (0e5f80e9eeb1b54866f4839e03d6f5c1)

13 / 68    (PUP)
http://www.win7drivers.com/counter/click.php?f=http://downloads.otweak.com/dup/41971/.../win7driver.exe&i=sony_vaio_sve111a11u_drivers  (d86a4c03988f275ad5dae075eb6e3ab2)

11 / 68    (PUP)
http://www.win7drivers.com/counter/click.php?f=http://downloads.otweak.com/dup/41971/.../xear_3d_crl3d_ds3d_eax2_0_a3d1_0.exe&i=xear_3d_crl3d_ds3d_eax2_0_a3d1_0_1  (gsa_t20l_s05d.exe)

0 / 68
http://www.win7drivers.com/counter/click.php?f=http://dynamicdownloads.tweakbit.com/driver/.../xear_3d_crl3d_ds3d_eax2_0_a3d1_0&i=xear_3d_crl3d_ds3d_eax2_0_a3d1_0_2  (siyoteam_sy_690_bluetooth-driver.exe)

The following 2 files have been seen to comunicate with www.win7drivers.com in live environments.

TCP » 204.11.56.48:80
chrome.crx

TCP » 204.11.56.48:80
chrome.crx

URL:
http://www.win7drivers.com/

Title:
“Windows 7 Driver”

Web server:
Apache (PHP/5.5.10)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.