home

files.downloadwizard.com

Download Manager  (via a Proxy Registrant)

Domain Information

The domain files.downloadwizard.com is registered by proxy through ENOM, INC. and was originally registered in April of 2000. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in New York City, New York within the United States which resides on the Digital Ocean, Inc. network. The domain is associated with the publisher Download Manager who is located in Victoria, British Columbia in Canada.
Registrar:
ENOM, INC.

Server location:
New York, United States (US)

Create date:
Wednesday, April 12, 2000

Expires date:
Wednesday, April 12, 2017

Updated date:
Monday, March 14, 2016

ASN:
AS14061 DIGITALOCEAN-ASN - Digital Ocean, Inc.

Root domain:
downloadwizard.com

Whois:
3 downloadwizard.com records

Scanner detections:
Detections  (92% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.DownloadManager.F, PUP.Installer.DownloadManager.N, PUP.Installer.DownloadManager.a, PUP.Installer.InstallManager.T, PUP.Installer.InstallManager.L, PUP.Installer.DownloadManager.O, PUP.Installer.Air Software, PUP.Air Software.DownloadManager.Bundler (M), PUP.Air Software.Download.Bundler (M), PUP.Adknowledge.InstallM.Installer (M), PUP.Air Software (M)
97.87%

Malwarebytes
PUP.Optional.AirAdInstaller, PUP.Optional.AirInstaller, PUP.Optional.InstallManager
70.21%

Dr.Web
Trojan.SMSSend.4902, Trojan.SMSSend.4766, Trojan.SMSSend.4733, Trojan.SMSSend.4790, Trojan.SMSSend.5404, Trojan.SMSSend.5407
70.21%

VIPRE Antivirus
Iminent, Threat.5061940, Threat.4784938, Threat.4150696
70.21%

Avira AntiVirus
ADWARE/Adware.Gen
70.21%

Rising Antivirus
PE:PUF.Airinstall!1.9C4C
70.21%

AVG
BundleApp_r.D, Adware BundleApp_r.D, Generic, Adware BundleApp.DN, Adware Generic_r.JF
70.21%

avast!
Win32:Malware-gen, Win32:Installer-L [PUP], PUP-gen [PUP], Adware-gen [Adw], Win32:Adware-BZI [PUP], Win32:Adware-gen [Adw]
68.09%

K7 AntiVirus
Unwanted-Program , Adware
65.96%

ESET NOD32
Win32/AirAdInstaller (variant)
51.06%

Vba32 AntiVirus
AdWare.AirAdInstaller, AdWare.AirAdInstaller.ajov, AdWare.AirAdInstaller.aimu
44.68%

NANO AntiVirus
Riskware.Win32.AirAdInstaller.cxhlvu, Riskware.Win32.Downware.cwaprw, Riskware.Win32.AirAdInstaller.cwbyev, Riskware.Win32.AirAdInstaller.cwbkkg
42.55%

IKARUS anti.virus
AdWare.AdWare.Gen7, AdWare.Airinstall, Win32.AdWare, Win32.Malware, AdWare.AirAdInstaller, PUA.AirAdInstaller, not-a-virus:AdWare.AirAdInstaller
42.55%

Sophos
AirInstaller
40.43%

F-Prot
W32/AirInstall.A.gen, W32/AirInstall.A8.gen, W32/A-8c0ea402, W32/A-6bcf410b, W32/A-a547d746, W32/A-a607985a
36.17%

The domain files.downloadwizard.com has been seen to resolve to the following 7 IP addresses.

108.168.218.35
108.168.218.35-static.reverse.softlayer.com
October 24, 2014

192.241.139.115
justice.airinstaller.com
September 5, 2014

162.243.2.91
empire.airinstaller.com
May 30, 2014

192.241.237.97
uswestmeganode1.airinstaller.com
April 13, 2014

173.192.195.226
173.192.195.226-static.reverse.softlayer.com
April 13, 2014

184.154.116.114
chicago.airinstaller.com
April 13, 2014

108.168.218.34
108.168.218.34-static.reverse.softlayer.com
April 11, 2014

File downloads found at URLs served by files.downloadwizard.com.

1 / 68      (Adware)
http://files.downloadwizard.com/get/click/e2s0e2d1/?d=http://www.downloadwizard.com/redirect_idm_us_live.php&key=2cb4540a13f9b9a27e63e623ef17f43b1a5a5a025699207b9375efbddb32c7f1&sid=idm-us&uid=&affiliate_image=&product_image=http://www.downloadwizard.com/.../logo_idm_live.jpg&n=Internet Download Manager&filename=downloadmanager  (downloadmanager.exe)

1 / 68      (Adware)
http://files.downloadwizard.com/get/click/e2s0e2d1/?d=http://www.downloadwizard.com/redirect_google_chrome_us_live.php&key=1f0469cbb140bfec791ae538b03dd3b0ac6a3d2eb8bea1b2e899afd9c52d5e51&sid=chrome-us&uid=&affiliate_image=&product_image=http://www.downloadwizard.com/.../logo_googlechrome_live.jpg&n=Google Chrome&filename=ChromeSetup  (chromesetup.exe)

1 / 68      (Adware)
http://files.downloadwizard.com/get/click/he9ahhcl/?d=http://www.downloadwizard.com/redirect_google_chrome_au_live.php&key=26edfda8e2caf915a21cd6cb7a8e7f6a44fb2af9021445fc43a21812c4cbd4ea&sid=chrome-au&uid=&affiliate_image=&product_image=http://www.downloadwizard.com/.../logo_googlechrome_live.jpg&n=Google Chrome&filename=ChromeSetup  (chromesetup.exe)

1 / 68      (Adware)
http://files.downloadwizard.com/get/click/.../?sid=testmine&uid=44835576&filename=ChromeSetup  (chromesetup.exe)

1 / 68      (Adware)
http://files.downloadwizard.com/get/click/.../?sid=ppc&uid=42729271&filename=Minecraft.exe  (minecraft.exe.exe)

1 / 68      (Adware)
http://files.downloadwizard.com/get/click/.../?sid=ppc&uid=48477414&filename=install_reader  (install_reader.exe)

1 / 68      (Adware)
http://files.downloadwizard.com/get/click/.../?sid=ppc&uid=45795475&filename=iTunes64Setup  (itunes64setup.exe)

1 / 68      (Adware)
http://files.downloadwizard.com/get/click/.../?sid=ppc&uid=42593760&filename=Minecraft.exe  (minecraft.exe.exe)

1 / 68      (Adware)
http://files.downloadwizard.com/get/click/.../?sid=ppc&uid=38375395&filename=ChromeSetup  (chromesetup.exe)

1 / 68      (Adware)
http://files.downloadwizard.com/get/click/.../?sid=ppc&uid=42540937&filename=Firefox_Setup  (firefox_setup.exe)

0 / 68
http://files.downloadwizard.com/get/click/14w94crr/?d=http://www.downloadwizard.com/redirect_google_chrome_ca_live.php&key=7e92e2d5b8ea535f3bc2fbe1993f51414bfede12e0ada272796049f3b8471f79&sid=chrome-ca&uid=&affiliate_image=&product_image=http://www.downloadwizard.com/.../logo_googlechrome_live.jpg&n=Google Chrome&filename=ChromeSetup  (chromesetup.exe)

1 / 68      (Adware)
http://files.downloadwizard.com/get/click/.../?sid=ppc&uid=&filename=Firefox_Setup  (firefox_setup.exe)

0 / 68
http://files.downloadwizard.com/get/click/cu8h6gw3/?d=http://www.downloadwizard.com/redirect_google_chrome_uk_live.php&key=ded41b533deb550309493dff7964a8a8dd4b823e3df965d0704ff85be782e6d6&sid=chrome-uk&uid=&affiliate_image=&product_image=http://www.downloadwizard.com/.../logo_googlechrome_live.jpg&n=Google Chrome&filename=ChromeSetup  (chromesetup.exe)

1 / 68      (Adware)
http://files.downloadwizard.com/get/click/.../?sid=ppc&uid=45771533&filename=Firefox_Setup  (8885ff37.exe)

1 / 68      (Adware)
http://files.downloadwizard.com/get/click/.../?sid=ppc&uid=42844226&filename=install_reader  (install_reader.exe)

22 / 68    (Adware)
http://files.downloadwizard.com/get/click/.../?sid=ppc&uid=47009799&filename=install_reader  (install_reader.exe)

26 / 68    (Adware)
http://files.downloadwizard.com/get/click/.../?sid=ppc&uid=48179311&filename=install_flashplayer  (install_flashplayer.exe)

32 / 68    (Adware)
http://files.downloadwizard.com/get/click/.../?sid=ppc&uid=45815229&filename=Firefox_Setup  (firefox_setup.exe)

32 / 68    (Adware)
http://files.downloadwizard.com/get/click/.../?sid=ppc&uid=48405970&filename=jxpiinstall  (jxpiinstall.exe)

20 / 68    (Adware)
http://files.downloadwizard.com/get/click/.../?sid=ppc&uid=46667682&filename=FreeYouTubeDownloaderInstallerIC  (freeyoutubedownloaderinstalleric.exe)

22 / 68    (Adware)
http://files.downloadwizard.com/get/click/.../?sid=ppc&uid=45344876&filename=Firefox_Setup  (firefox_setup.exe)

22 / 68    (Adware)
http://files.downloadwizard.com/get/click/.../?sid=ppc&uid=45323599&filename=Firefox_Setup  (firefox_setup.exe)

30 / 68    (Adware)
http://files.downloadwizard.com/get/click/.../?sid=ppc&uid=43490463&filename=install_flashplayer  (setup.exe)

10 / 68    (Adware)
http://files.downloadwizard.com/get/click/.../?sid=ppc&uid=46281302&filename=avg_free  (setup.exe)

10 / 68    (Adware)
http://files.downloadwizard.com/get/click/.../?sid=ppc&uid=45825430&filename=avg_free  (setup.exe)

10 / 68    (Adware)
http://files.downloadwizard.com/get/click/.../?sid=ppc&uid=44525972&filename=avg_free  (setup.exe)

10 / 68    (Adware)
http://files.downloadwizard.com/get/click/.../?sid=ppc&uid=46550374&filename=avast_free_antivirus_setup  (setup.exe)

9 / 68      (Adware)
http://files.downloadwizard.com/get/click/.../?sid=ppc&uid=46361424&filename=wrar  (setup.exe)

9 / 68      (Adware)
http://files.downloadwizard.com/get/click/.../?sid=ppc&uid=45332265&filename=wrar  (setup.exe)

10 / 68    (Adware)
http://files.downloadwizard.com/get/click/.../?sid=ppc&uid=44964607&filename=avast_free_antivirus_setup  (setup.exe)

 
Latest 30 of 55 download URLs

The following file have been seen to comunicate with files.downloadwizard.com in live environments.

TCP » 108.168.218.34:80
15ba9f94.exe (Google Talk by AirInstaller)

downloadd.org

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.