download.mipony.net

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain download.mipony.net is registered by proxy through GODADDY.COM, LLC and was originally registered in October of 2009. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dusseldorf, Nordrhein-Westfalen within Germany which resides on the RIPE Network Coordination Centre network.
Registrar:
GODADDY.COM, LLC

Server location:
Nordrhein-Westfalen, Germany (DE)

Create date:
Saturday, October 10, 2009

Expires date:
Monday, October 10, 2016

Updated date:
Tuesday, October 06, 2015

ASN:
AS24961 MYLOC-AS myLoc managed IT AG

Root domain:

Scanner detections:
Detections  (55% detected)

Scan engine
Details
Detections

ESET NOD32
Win32/InstallCore.CF (variant), Win32/InstallCore.BY (variant), Win32/InstallCore.IJ (variant), Win32/InstallCore.JE.gen (variant), Win32/InstallCore.PZ (variant), Win32/InstallCore.WX potentially unwanted (variant)
66.67%

Dr.Web
Trojan.Packed.24524, Adware.InstallCore.124, Adware.Downware.908, Trojan.DownLoader9.402, Trojan.Packed.24141, Trojan.MulDrop5.10078, Trojan.Packed.25266, Trojan.Siggen6.33552
63.64%

Reason Heuristics
PUP.ISfreemium.Q, PUP.ExtendedSetup.Q, PUP.WorldSetup.CC, PUP.WorldSetup.Q, PUP.Optional.MaxSetup.Q, PUP.MaxSetup.Q, PUP.STMSetup.Q, PUP.InstallCore.11 (M)
45.45%

Fortinet FortiGate
Riskware/InstallCoreDL, Riskware/InstallCore_JE, W32/Kryptik.BVVE!tr, W32/Toolbar.BABYLON, W32/Toggle, Riskware/Babylon
39.39%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h, TrojanDownloader.Genome, Downware.InstallCore, Trojan.Vilsel
36.36%

VIPRE Antivirus
InstallCore, Trojan.Win32.Generic, Babylon, Conduit
33.33%

Trend Micro House Call
TROJ_GEN.F47V1121, TROJ_SPNR.0CFD13, TROJ_GEN.F47V0801, TROJ_GEN.F47V0214, TROJ_GEN.F47V0224, TROJ_GEN.F47V0317, TROJ_GEN.F47V0417, Suspicious_GEN.F47V0625, Suspicious_GEN.F47V0122
30.30%

Baidu Antivirus
Adware.Win32.InstallCore, Adware.Win32.Bbylon, Adware.Win32.BrowseFox
30.30%

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594, NS:Malware.Install!1.9F62, PE:Malware.InstallCore!6.4, PE:Trojan.Win32.Generic.16F55F76!385179510
27.27%

K7 Gateway Antivirus
Trojan , Unwanted-Program
24.24%

McAfee Web Gateway
Artemis!1571F79C4CF6, Artemis!7F471A167033, Artemis!D5463C1170FA, Artemis!D2516C85D562, Artemis!3B0F525C9E47, Artemis!4279176CAFE4, BehavesLike.Win32.BadFile.jc
24.24%

Avira AntiVirus
APPL/InstallCore.AT.13, APPL/InstallCore.Y.56, ADWARE/InstallCore.Gen7
21.21%

K7 AntiVirus
Trojan , Unwanted-Program
21.21%

McAfee
Artemis!1571F79C4CF6, Artemis!7F471A167033, Artemis!D5463C1170FA, Artemis!D2516C85D562, Artemis!3B0F525C9E47, Artemis!4279176CAFE4
21.21%

Sophos
Install Core Click run software, Mal/Generic-S
18.18%

The domain download.mipony.net has been seen to resolve to the following 2 IP addresses.

166.ip-164-132-99.eu
March 3, 2016

o031.orange.fastwebserver.de
December 28, 2013

File downloads found at URLs served by download.mipony.net.

0 / 68

0 / 68
http://download.mipony.net/.../Mipony-Installer.exe  (228c11e07066b17e506db1632934d95b)

0 / 68
http://download.mipony.net/downloads/.../Mipony-Installer-es.dmg  (0b59a648-b057-b877-01d9-9b9fc98d081a_1d1bae71a6bc7f6)

The following 12 files have been seen to comunicate with download.mipony.net in live environments.

URL:
http://download.mipony.net/

Web server:
nginx/1.6.2 (Ubuntu)

Facebook:
Shares:  1

Statistics are for the previous month.