home

www.worksdown.com

Contact Privacy Inc. Customer 0142459499  (Proxy Registrant)

Domain Information

The domain www.worksdown.com is registered by proxy through TUCOWS DOMAINS INC. and was originally registered in February of 2016. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Belfast, Northern Ireland within United Kingdom which resides on the RIPE Network Coordination Centre network.
Registrar:
TUCOWS DOMAINS INC.

Server location:
Northern Ireland, United Kingdom (GB)

Create date:
Sunday, February 28, 2016

Expires date:
Tuesday, February 28, 2017

Updated date:
Sunday, March 13, 2016

Root domain:
worksdown.com

Whois:
2 worksdown.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.YumonSystemSL.F, Threat.Win.Reputation.IMP, PUP.YumonSystem.Installer (M), PUP.Softpulse.YumonSystem.Bundler (M), PUP.Softpulse.PluginUpdate.Bundler (M), PUP.Softpulse.YumonSys.Bundler (M), PUP.Bundlore.Wishapp.Bundler (M), PUP.Bundlore.UKRREMBU.Bundler (M), PUP.Vittalia.InstallA.Installer (M)
100.00%

avast!
Win32:SoftPulse-BE [PUP], Win32:SoftPulse-ET [PUP]
33.33%

Avira AntiVirus
APPL/Softpulse.1014112, PUA/SoftPulse.oans, TR/Dropper.Gen
33.33%

VIPRE Antivirus
Threat.5064683, Threat.4150696, Threat.4783235
29.17%

Dr.Web
Adware.SoftPules.3, Adware.SoftPules.3, Trojan.Domaiq.24, Trojan.Domaiq.286
29.17%

AVG
Win.Threat.High, Found Win32/DH{gRIxfX5QgQd5VE8VUYEVgQkcU4ETQYEP}
29.17%

ESET NOD32
Win32/SoftPulse.P potentially unwanted application, Win32/SoftPulse.S potentially unwanted application, Win32/SoftPulse.R potentially unwanted application
29.17%

Kaspersky
Trojan.Win32.Buzus, not-a-virus:AdWare.Win32.SoftPulse
29.17%

Comodo Security
Application.Win32.SoftPulse.D
29.17%

McAfee
Program.SoftPulse
29.17%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h, Signed-Adware.Softpulse
29.17%

Qihoo 360 Security
Malware.QVM18.Gen, Malware.QVM17.Gen
29.17%

AhnLab V3 Security
Win-PUP/SoftPulse, PUP/Win32.SoftPulse
29.17%

Panda Antivirus
Trj/Genetic.gen
29.17%

Sophos
SoftPulse, PUA 'SoftPulse' (of type Adware)
29.17%

The domain www.worksdown.com has been seen to resolve to the following 3 IP addresses.

213.247.47.190
May 19, 2016

174.137.132.28
March 31, 2016

92.242.140.21
unallocated.barefruit.co.uk
May 4, 2015

File downloads found at URLs served by www.worksdown.com.

1 / 68      (Adware)
http://www.worksdown.com/down/flash/.../down.php?sid=750&dv1=ad743-us&kw1=ad743-us-lm&uuid=e441f324-d82f-4927-729b-51c7337b34ac&dv3=e441f324-d82f-4927-729b-51c7337b34ac  (setup.exe)

1 / 68      (Adware)
http://www.worksdown.com/down/flash/.../down.php?sid=807&dv1=ad806-us&kw1=ad806-us-xx&uuid=199ed917-de66-4a44-5621-cc31a4595327&dv3=199ed917-de66-4a44-5621-cc31a4595327  (setup.exe)

1 / 68      (Adware)
http://www.worksdown.com/down/flash/.../down.php?sid=402&dv1=ad396-ca&kw1=ad396-ca-xx&uuid=ccba4538-5411-44f7-6ab9-e005cdafb22d&dv3=ccba4538-5411-44f7-6ab9-e005cdafb22d  (setup.exe)

1 / 68      (Adware)
http://www.worksdown.com/down/flash/.../down.php?sid=1122&dv1=ad1120-ca&kw1=ad1120-ca-qyc&uuid=2dc98a0d-7bd8-47a7-7efc-12ba8c7a9437&dv3=2dc98a0d-7bd8-47a7-7efc-12ba8c7a9437  (setup.exe)

1 / 68      (Adware)
http://www.worksdown.com/down/flash/.../down.php?sid=1122&dv1=ad1120-ca&kw1=ad1120-ca-qyc&uuid=3f6f6328-1dc7-4af8-6439-0211459ac94b&dv3=3f6f6328-1dc7-4af8-6439-0211459ac94b  (setup.exe)

1 / 68      (Adware)
http://www.worksdown.com/down/flash/.../down.php?sid=1100&dv1=ad1098-us&kw1=ad1098-us-qyc-9277&uuid=8348e9a5-acdb-4af8-4170-77aec21d0a16&dv3=8348e9a5-acdb-4af8-4170-77aec21d0a16  (setup.exe)

1 / 68      (Adware)
http://www.worksdown.com/down/flash/.../down.php?sid=497&dv1=ad490-us&kw1=ad490-us-xx&uuid=fd7e558f-6d3c-4e7e-609f-74aacf7c351b&dv3=fd7e558f-6d3c-4e7e-609f-74aacf7c351b  (setup.exe)

1 / 68      (Adware)
http://www.worksdown.com/down/flash/.../down.php?sid=497&dv1=ad490-us&kw1=ad490-us-xx&uuid=a2a7e5dc-04e9-4340-6cc7-7965bacdb96a&dv3=a2a7e5dc-04e9-4340-6cc7-7965bacdb96a  (setup.exe)

1 / 68      (Adware)
http://www.worksdown.com/down/flash/.../down.php?sid=497&dv1=ad490-us&kw1=ad490-us-xx&uuid=4f328473-b9cd-4038-77fc-27b9ee601e29&dv3=4f328473-b9cd-4038-77fc-27b9ee601e29  (setup.exe)

1 / 68      (Adware)
http://www.worksdown.com/down/flash/.../down.php?sid=807&dv1=ad806-us&kw1=ad806-us-xx&uuid=5b245064-6e1c-4f13-44fb-86eb91a41a2a&dv3=5b245064-6e1c-4f13-44fb-86eb91a41a2a  (setup.exe)

1 / 68      (Malware)
http://www.worksdown.com/down/flash/.../down.php?sid=498&dv1=ad491-us&kw1=ad491-us-xx&uuid=c624a2a5-cf48-4afa-7375-e036a121d28d&dv3=c624a2a5-cf48-4afa-7375-e036a121d28d  (setup.exe)

1 / 68      (Adware)
http://www.worksdown.com/down/flash/.../down.php?sid=807&dv1=ad806-us&kw1=ad806-us-xx&uuid=0be3f8cb-7abd-4d99-53d0-3b07073e2781&dv3=0be3f8cb-7abd-4d99-53d0-3b07073e2781  (setup.exe)

35 / 68    (Adware)
http://www.worksdown.com/down/flash/.../down.php?sid=1122&dv1=ad1120-ca&kw1=ad1120-ca-qyc&uuid=47cccbcf-fa79-4bdb-6e64-4f529d67bfc0&dv3=47cccbcf-fa79-4bdb-6e64-4f529d67bfc0  (setup.exe)

1 / 68      (Adware)
http://www.worksdown.com/down/flash/.../down.php?sid=1034&dv1=ad1032-us&kw1=ad1032-us-qyc&uuid=a863ede8-ce89-4aa2-7eae-8ac69516f97e&dv3=a863ede8-ce89-4aa2-7eae-8ac69516f97e  (setup.exe)

1 / 68      (Adware)
http://www.worksdown.com/down/flash/.../down.php?sid=750&dv1=ad743-us&kw1=ad743-us-lm&uuid=474621f5-4f1a-44d2-646b-9ddd275967fb&dv3=474621f5-4f1a-44d2-646b-9ddd275967fb  (setup.exe)

1 / 68      (Adware)
http://www.worksdown.com/down/flash/.../down.php?sid=750&dv1=ad743-us&kw1=ad743-us-lm&uuid=474621f5-4f1a-44d2-646b-9ddd275967fb&dv3=474621f5-4f1a-44d2-646b-9ddd275967fb  (setup.exe)

1 / 68      (Adware)
http://www.worksdown.com/down/flash/.../down.php?sid=750&dv1=ad743-us&kw1=ad743-us-lm&uuid=474621f5-4f1a-44d2-646b-9ddd275967fb&dv3=474621f5-4f1a-44d2-646b-9ddd275967fb  (setup.exe)

32 / 68    (Adware)
http://www.worksdown.com/down/flash/.../down.php?sid=750&dv1=ad743-us&kw1=ad743-us-lm&uuid=3d652e64-1a26-45d6-747d-9905fd8c3b8e&dv3=3d652e64-1a26-45d6-747d-9905fd8c3b8e  (setup.exe)

32 / 68    (Adware)
http://www.worksdown.com/down/flash/.../down.php?sid=750&dv1=ad743-us&kw1=ad743-us-lm&uuid=3eac8963-9a5e-46f7-6e48-2a77421f4a77&dv3=3eac8963-9a5e-46f7-6e48-2a77421f4a77  (setup.exe)

35 / 68    (Adware)
http://www.worksdown.com/down/flash/.../down.php?sid=1121&dv1=ad1119-ca&kw1=ad1119-ca&uuid=07eb7028-f3df-4d2a-7ca3-b40b58ed5ca9&dv3=07eb7028-f3df-4d2a-7ca3-b40b58ed5ca9  (setup.exe)

37 / 68    (Adware)
http://www.worksdown.com/down/flash/.../down.php?sid=750&dv1=ad743-us&kw1=ad743-us-lm&uuid=0a9ee04e-f855-49fc-499b-dec752cfa054&dv3=0a9ee04e-f855-49fc-499b-dec752cfa054  (setup.exe)

34 / 68    (Adware)
http://www.worksdown.com/down/flash/.../down.php?sid=498&dv1=ad491-us&kw1=ad491-us-xx&uuid=c908e1de-2d6d-4c06-419f-57f508c73aac&dv3=c908e1de-2d6d-4c06-419f-57f508c73aac  (setup.exe)

3 / 68      (PUP)
http://www.worksdown.com/down/flash/.../down.php?sid=751&dv1=ad744-us&kw1=ad744-us-lm&uuid=4315fbb5-7944-4a8c-65b8-1aa3d2594317&dv3=4315fbb5-7944-4a8c-65b8-1aa3d2594317  (setup.exe)

30 / 68    (Adware)
http://www.worksdown.com/down/flash/.../down.php?sid=402&dv1=ad396-ca&kw1=ad396-ca-xx&uuid=703e497c-6311-4b64-7983-a31f21369e2a&dv3=703e497c-6311-4b64-7983-a31f21369e2a  (setup.exe)

The following 230 files have been seen to comunicate with www.worksdown.com in live environments.

TCP » 92.242.140.21:80
smelled.exe (Smelled)

TCP » 92.242.140.21:443
dca-monitoring.exe (Compete DCA Monitoring Tool by Compete)

TCP » 92.242.140.21:80
marini.exe (Marini)

TCP » 92.242.140.21:443
client.exe (ClientWrapper)

TCP » 92.242.140.21:80
thebrowser.exe (TheBrowser by Goobzo)

TCP » 92.242.140.21:443
dca-monitoring.exe (Compete DCA Monitoring Tool by Compete)

TCP » 92.242.140.21:443
WindowService.exe (WindowService)

TCP » 92.242.140.21:443
ciuninstall.exe

TCP » 92.242.140.21:1866
jutched.exe

TCP » 92.242.140.21:443
dca-monitoring.exe (Compete DCA Monitoring Tool by Compete)

TCP » 92.242.140.21:80
masterupdater.exe

TCP » 92.242.140.21:80
pricemeterexpress.crx

TCP » 92.242.140.21:80
chrome.crx

TCP » 92.242.140.21:80
app-center.crx

TCP » 92.242.140.21:80
ntp.crx

TCP » 92.242.140.21:80
3dayinvite.crx

TCP » 92.242.140.21:80
twitter.crx

TCP » 92.242.140.21:80
viewlater.crx

TCP » 92.242.140.21:80
rss.crx

TCP » 92.242.140.21:80
datapump.crx

 
Latest 20 of 230 files

URL:
http://www.worksdown.com/

Title:
“Loading”

Web server:
nginx/1.8.0

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.