The domain direct.downthat.com is registered by proxy through GODADDY.COM, LLC and was originally registered in August of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Registrant:
Domains By Proxy, LLC
Registrar:
GODADDY.COM, LLC
Server location:
Virginia, United States (US)
Create date:
Sunday, August 24, 2014
Expires date:
Wednesday, August 24, 2016
Updated date:
Wednesday, April 22, 2015
ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US
Scanner detections:
Detections (100% detected)
Scan engine
Details
Detections
ESET NOD32
MSIL/Adware.Imali (variant), Win32/Adware.Imali (variant)
100.00%
Avira AntiVirus
TR/Trash.Gen, TR/Dropper.MSIL.Gen, ADWARE/Adware.Gen7
100.00%
Baidu Antivirus
Adware.MSIL.Imali
100.00%
IKARUS anti.virus
AdWare.MSIL.Imali
100.00%
Kaspersky
not-a-virus:AdWare.MSIL.Agent, Trojan-Downloader.Win32.Genome, HEUR:Trojan-Downloader.Win32.Generic
100.00%
avast!
MSIL:Downloader-NG [PUP], Win32:GenMaliciousA-FOI [Adw], Win32:Adware-gen [Adw]
100.00%
G Data
MSIL.Adware.OfferInstaller, Application.Generic.1204413, Gen:Variant.Adware.Graftor.179625, Gen:Variant.Kazy.578645
100.00%
Fortinet FortiGate
Adware/Imali, Riskware/Imali, W32/Generic.B!tr.dldr
100.00%
AVG
Downloader, Generic
100.00%
Sophos
PUA 'Offer Installer', Generic PUA ML
85.71%
VIPRE Antivirus
MSIL.Adware.Imali, Trojan.Win32.Generic, Threat.4150696
85.71%
Bitdefender
Application.Generic.1204413, Gen:Variant.Adware.Graftor.179625, Gen:Variant.Kazy.578645
85.71%
MicroWorld eScan
Application.Generic.1204413, Gen:Variant.Adware.Graftor.179625, Gen:Variant.Kazy.578645
71.43%
Malwarebytes
PUP.Optional.OfferInstaller.C
71.43%
Lavasoft Ad-Aware
Application.Generic.1204413, Gen:Variant.Adware.Graftor.179625, Gen:Variant.Kazy.578645
71.43%
The domain direct.downthat.com has been seen to resolve to the following IP address.
ec2-52-1-45-42.compute-1.amazonaws.com
January 3, 2016
File downloads found at URLs served by direct.downthat.com.
The following 1102 files have been seen to comunicate with direct.downthat.com in live environments.
URL:
http://direct.downthat.com/
Network:
Amazon Web Services (AWS), running an EC2 instance