files5.getgimp.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain files5.getgimp.com is registered by proxy through GODADDY.COM, LLC and was originally registered in September of 2010. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dallas, Texas within the United States which resides on the SoftLayer Technologies Inc. network.
Registrar:
GODADDY.COM, LLC

Server location:
Texas, United States (US)

Create date:
Wednesday, September 22, 2010

Expires date:
Thursday, September 22, 2016

Updated date:
Wednesday, September 23, 2015

ASN:
AS36351 SOFTLAYER - SoftLayer Technologies Inc.

Root domain:

Scanner detections:
Detections  (96% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.DownloadAdmin.K, PUP.DownloadAdmin.Bundler.Installer.Meta (M), PUP.Tightrope.DownloadAdmin.Bundler (M), PUP.Tightrope.Zoobam.Bundler (M), PUP.Tightrope.Download.Bundler (M)
84.00%

NANO AntiVirus
Trojan.Win32.Downware.crgjbr, Riskware.Win32.Downware.crgjbr, Riskware.Win32.Downware.djahkt, Trojan.Win32.Agent.dtlegd
24.00%

Dr.Web
Adware.Downware.2220, Trojan.Vittalia.81
24.00%

VIPRE Antivirus
DownloadAdmin, Threat.4783369
20.00%

Sophos
Download Admin, PUA 'DownloadAdmin' (of type Adware)
20.00%

herdProtect (fuzzy)
a variant of b285913c2bf0813aee44fa6899961b3d37089961, a variant of cacaf219425f86d5abc5f8439c35d96304d2a659, a variant of 56a863b98b693e9a27afcc43827ca9fd0078625b
16.00%

Malwarebytes
PUP.Optional.DownloadAdmin
16.00%

Kingsoft AntiVirus
Win32.Troj.Generic.a.(kcloud)
12.00%

ESET NOD32
Win32/DownloadAdmin
12.00%

ESET NOD32
Win32/DownloadAdmin.G potentially unwanted application, Win32/DownloadAdmin.H potentially unwanted application
12.00%

K7 Gateway Antivirus
Unwanted-Program , Adware
12.00%

K7 AntiVirus
Unwanted-Program , Adware
12.00%

Comodo Security
Application.Win32.DownloadAdmin.TTK, Application.Win32.DownloadAdmin.ANGL
8.00%

avast!
Adware-OH [Adw], Malware-gen
8.00%

F-Secure
Adware:W32/WebInstallBundle
8.00%

The domain files5.getgimp.com has been seen to resolve to the following 4 IP addresses.

50.22.63.140-static.reverse.softlayer.com
December 1, 2014

50.22.63.138-static.reverse.softlayer.com
December 1, 2014

108.168.160.45-static.reverse.softlayer.com
April 30, 2014

50.97.63.217-static.reverse.softlayer.com
April 30, 2014

File downloads found at URLs served by files5.getgimp.com.

10 / 68    (PUP)

1 / 68      (PUP)

1 / 68      (Adware)

1 / 68      (PUP)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

9 / 68      (PUP)

13 / 68    (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

10 / 68    (Adware)

1 / 68      (PUP)

1 / 68      (Adware)

1 / 68      (PUP)

1 / 68      (PUP)

1 / 68      (PUP)

1 / 68      (Adware)

9 / 68      (PUP)

1 / 68      (Adware)

The following 236 files have been seen to comunicate with files5.getgimp.com in live environments.

 
Latest 20 of 319 files