files.downloadwizard.com

Download Manager  (via a Proxy Registrant)

Domain Information

The domain files.downloadwizard.com is registered by proxy through ENOM, INC. and was originally registered in April of 2000. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in New York City, New York within the United States which resides on the Digital Ocean, Inc. network. The domain is associated with the publisher Download Manager who is located in Victoria, British Columbia in Canada.
Registrar:
ENOM, INC.

Server location:
New York, United States (US)

Create date:
Wednesday, April 12, 2000

Expires date:
Wednesday, April 12, 2017

Updated date:
Monday, March 14, 2016

ASN:
AS14061 DIGITALOCEAN-ASN - Digital Ocean, Inc.

Root domain:

Scanner detections:
Detections  (92% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.DownloadManager.F, PUP.Installer.DownloadManager.N, PUP.Installer.DownloadManager.a, PUP.Installer.InstallManager.T, PUP.Installer.InstallManager.L, PUP.Installer.DownloadManager.O, PUP.Installer.Air Software, PUP.Air Software.DownloadManager.Bundler (M), PUP.Air Software.Download.Bundler (M), PUP.Adknowledge.InstallM.Installer (M), PUP.Air Software (M)
97.87%

Malwarebytes
PUP.Optional.AirAdInstaller, PUP.Optional.AirInstaller, PUP.Optional.InstallManager
70.21%

Dr.Web
Trojan.SMSSend.4902, Trojan.SMSSend.4766, Trojan.SMSSend.4733, Trojan.SMSSend.4790, Trojan.SMSSend.5404, Trojan.SMSSend.5407
70.21%

VIPRE Antivirus
Iminent, Threat.5061940, Threat.4784938, Threat.4150696
70.21%

Avira AntiVirus
ADWARE/Adware.Gen
70.21%

Rising Antivirus
PE:PUF.Airinstall!1.9C4C
70.21%

AVG
BundleApp_r.D, Adware BundleApp_r.D, Generic, Adware BundleApp.DN, Adware Generic_r.JF
70.21%

avast!
Win32:Malware-gen, Win32:Installer-L [PUP], PUP-gen [PUP], Adware-gen [Adw], Win32:Adware-BZI [PUP], Win32:Adware-gen [Adw]
68.09%

K7 Gateway Antivirus
Unwanted-Program
65.96%

K7 AntiVirus
Unwanted-Program , Adware
65.96%

ESET NOD32
Win32/AirAdInstaller (variant)
51.06%

Vba32 AntiVirus
AdWare.AirAdInstaller, AdWare.AirAdInstaller.ajov, AdWare.AirAdInstaller.aimu
44.68%

NANO AntiVirus
Riskware.Win32.AirAdInstaller.cxhlvu, Riskware.Win32.Downware.cwaprw, Riskware.Win32.AirAdInstaller.cwbyev, Riskware.Win32.AirAdInstaller.cwbkkg
42.55%

IKARUS anti.virus
AdWare.AdWare.Gen7, AdWare.Airinstall, Win32.AdWare, Win32.Malware, AdWare.AirAdInstaller, PUA.AirAdInstaller, not-a-virus:AdWare.AirAdInstaller
42.55%

Sophos
AirInstaller
40.43%

The domain files.downloadwizard.com has been seen to resolve to the following 7 IP addresses.

108.168.218.35-static.reverse.softlayer.com
October 24, 2014

justice.airinstaller.com
September 5, 2014

empire.airinstaller.com
May 30, 2014

uswestmeganode1.airinstaller.com
April 13, 2014

173.192.195.226-static.reverse.softlayer.com
April 13, 2014

chicago.airinstaller.com
April 13, 2014

108.168.218.34-static.reverse.softlayer.com
April 11, 2014

File downloads found at URLs served by files.downloadwizard.com.

 
Latest 30 of 55 download URLs

The following file have been seen to comunicate with files.downloadwizard.com in live environments.