home

www.downanapp.com

imali media n.i ltd

Domain Information

The domain www.downanapp.com registered by imali media n.i ltd was initially registered in August of 2014 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Scottsdale, Arizona within the United States which resides on the GoDaddy.com, LLC network.
Registrar:
GODADDY.COM, LLC

Server location:
Arizona, United States (US)

Create date:
Sunday, August 24, 2014

Expires date:
Wednesday, August 24, 2016

Updated date:
Tuesday, June 9, 2015

ASN:
AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC

Root domain:
downanapp.com

Whois:
2 downanapp.com records

Google Safe Browsing:
unwanted

Scanner detections:
Detections  (93% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.Stepitapp.F, PUP.Installer.IMALINIMEDIA, PUP.IMALINIMEDIA, PUP.Stepitapp, Threat.Win.Reputation.IMP, PUP.IMALI.IMALINIMEDIA, PUP.IMALI.IMALINIMEDIA.Installer (M), PUP.IMALI.IMALINIM.Installer (M), PUP.InstallCore.FC.Installer (M), PUP.Systweak.TUNEUPPR.Installer.Meta (L), PUP.Downloadius.Software.Installer (M), PUP.Softpulse.SmartSec.Bundler (M), PUP.Softpulse (M), PUP.AdGazelle (M)
96.43%

avast!
Win32:Dropper-gen [Drp], Win32:Malware-gen, Win32:Rootkit-gen [Rtk], Win32:Trojan-gen, Win32:Evo-gen [Susp]
64.29%

Avira AntiVirus
TR/Dldr.Agent.216048, TR/Dldr.Agent.215952, TR/Dldr.Agent.210832, TR/Dldr.Agent.265104, TR/Dldr.Agent.272784, TR/Dldr.Agent.272272
64.29%

McAfee
Artemis!F4CD8201B97A, Artemis!9D54F21747B3, Artemis!AED39EECB67B, Artemis!2F472C9F080A, Artemis!E9938724CFD2, Artemis!DC365FC18033
60.71%

Trend Micro House Call
Suspicious_GEN.F47V1219, Suspicious_GEN.F47V1213, Suspicious_GEN.F47V1214, Suspicious_GEN.F47V1230, Suspicious_GEN.F47V0107, Suspicious_GEN.F47V0203
57.14%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4150696
57.14%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
50.00%

Sophos
Generic PUA OF, Generic PUA LN, Generic PUA OH, Generic PUA NC, Generic PUA LB, Generic PUA EK
42.86%

K7 AntiVirus
Unwanted-Program , Riskware , Adware
42.86%

ESET NOD32
Win32/Downloader.Agent.AI (variant), Win32/Adware.Imali (variant)
39.29%

AVG
Generic, Adware Generic6
35.71%

Kaspersky
UDS:DangerousObject.Multi.Generic
25.00%

Fortinet FortiGate
Riskware/Downloader_Agent, Riskware/Imali
25.00%

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen, Win32/RootKit.Rootkit.7e5, Win32/Trojan.eaa, Win32/Trojan.0a7, Win32/Trojan.522
25.00%

G Data
Trojan.Generic.12708105, Win32.Trojan.Agent.NDE4LL, Rootkit.72610, Trojan.Generic.12606400, Gen:Variant.Zusy.128984
25.00%

The domain www.downanapp.com has been seen to resolve to the following 3 IP addresses.

50.63.202.65
ip-50-63-202-65.ip.secureserver.net
August 30, 2016

52.1.45.42
ec2-52-1-45-42.compute-1.amazonaws.com
June 19, 2015

108.59.81.209
209.81.59.108.bc.googleusercontent.com
January 11, 2015

File downloads found at URLs served by www.downanapp.com.

1 / 68      (Adware)
http://www.downanapp.com/.../300?sub_id=apn630_lax1CMTrqtaUpKOhVxACGM-5t5HrnczbKCINNzAuNDUuMjI1LjExMigBMK2B66UF&pub_id=337&template=lp  (setup.exe)

1 / 68      (Adware)
http://www.downanapp.com/.../300?sub_id=apn630_fra1CIiIxLGep5rneBACGPiEzPbX98G8ViIPMTA5LjE5Ni4xOTIuMTM1KAEwpsOgpQU.&pub_id=337&template=lp  (setup.exe)

26 / 68    (Adware)
http://www.downanapp.com/.../300?sub_id=6095469491425008964&pub_id=303&template=lp  (Setup.exe)

27 / 68    (Adware)
http://www.downanapp.com/.../300?sub_id=u4f2ad6b154c04d0e3941c7b5a8&pub_id=303&template=lp  (לא מאושר 268068.crdownload)

1 / 68      (PUP)
http://www.downanapp.com/.../300?sub_id=apn630_fra1CNPLstq6pPXmPBACGMTBqZzM1-K6KiIOODUuMTg2LjEyNy4xNTMoATC5raWlBQ..&pub_id=337&template=lp  (setup.exe)

9 / 68      (Adware)
http://www.downanapp.com/.../300?sub_id=apn630_ams1CLjf39WqwdGdDRACGKDH7r_4is-tJyIPMjEzLjE0OS4xNTcuMTIyKAEwxZiBpQU.&pub_id=337&template=lp  (setup.exe)

14 / 68    (Adware)
http://www.downanapp.com/.../300?sub_id=31782309731423573122&pub_id=303&template=lp  (Setup.exe)

9 / 68      (Adware)
http://www.downanapp.com/.../300?sub_id=apn630_fra1CNSmqdmX7K2oOBACGO2q-sDZ6bGNLCIPMTkzLjEwNi4xNTUuMTQyKAEwgOSApQU.&pub_id=337&template=lp  (setup.exe)

1 / 68      (Adware)
http://www.downanapp.com/.../300?sub_id=apn630_sin1CNf0n9WIidKKPBACGKPgi_bS95PwQCINMTI0LjgyLjIxLjIxNygBMMzc-KUF&pub_id=337&template=lp  (setup.exe)

20 / 68    (Adware)
http://www.downanapp.com/.../300?sub_id=ubec62c8a544925b47a3af0d2d9&pub_id=303&template=lp  (sin confirmar 641022.crdownload)

18 / 68    (Adware)
http://www.downanapp.com/.../300?sub_id=apn630_ams1CNvP2d_w-NeSFBACGIi83fWf4r3tLCINNzkuMTc2LjQyLjE0NigBMODAmaYF&pub_id=337&template=lp  (setup.exe)

1 / 68      (Adware)
http://www.downanapp.com/.../300?sub_id=apn630_sin1CLbS6p6h7emdcRACGJPjvYP3xIideyIOMTIyLjE2Ny4xMDcuNjMoATCOx5WlBQ..&pub_id=337&template=lp  (setup.exe)

1 / 68      (Adware)
http://www.downanapp.com/.../300?sub_id=apn630_lax1CIizksuNkOTOBBACGP7AxKfkxfrELyIMMTg5LjE5Mi44LjgwKAEw2MT8pQU.&pub_id=337&template=lp  (setup.exe)

9 / 68      (Adware)
http://www.downanapp.com/.../300?sub_id=apn630_ams1CKirh8Ke8dbOXhACGMeY8N65xpaODyIMODQuMS4xMTEuMTAyKAEw07KKpQU.&pub_id=337&template=lp  (setup.exe)

2 / 68      (false positives)
http://www.downanapp.com/.../300?sub_id=adk2_QA7iwwc_f9HYntsuYsMPyeEBJY1WvDt88dGO8M2C-mc0qviwjh7EN_xMKPNltyNyjENglOR1XLcgwfK8dVlHpxS5KRY4MzzEeQLy8xwGVhq6m9cM3QJx6O3QW4Xvik2LF_DoWWd2uQmR1452LLsJOQWWi_2t9cZUPgXOCxNIl3FLIHZno7dTUWIQoSj0-3U3VP3HxKAbCZlJokMiKjtbNWgB7e5lV1tj68jFxD_EF2Hj4RBZWqUk6QEoTQyTzLbH_CuDbpenVUP5r4gt812ivKbu6mMGCuYUi2A7dzdXa-TXE5Hh2L25pIjjApWI_CUnpEz9T4GyUqmNlOFX-sfDw4uKG9atbpAvY71vqsTzDC99GDyeTn2CfZ0w5_bEGusAxLaufB_V0VfGtePj3McIGrcJ3Y-GK30WIZLJ4J8FLNRRgQ&pub_id=334&template=lp4  (wrar420.exe)

1 / 68      (Adware)
http://www.downanapp.com/.../300?sub_id=apn630_sin1CP2Wm9WQoc7jHBACGL2hicrJltbedyINNDkuMTQ0LjE4Ny42OCgBMMzw_aUF&pub_id=337&template=lp  (setup.exe)

22 / 68    (Adware)
http://www.downanapp.com/.../300?sub_id=apn630_fra1CJnV07iIouDeTBACGM3R36WRj5jIDCINNDEuMTg1LjQyLjE3OCgBMJ-51KUF&pub_id=337&template=lp  (setup.exe)

9 / 68      (Adware)
http://www.downanapp.com/.../300?sub_id=apn630_fra1CM7r_vTCvJSfJRACGPew5Or0i-KAHCINODQuMTA4LjEzMS4xOCgBMITWz6QF&pub_id=337&template=lp  (setup.exe)

9 / 68      (Adware)
http://www.downanapp.com/.../300?sub_id=jSSgV_PUYg2-EcORwYDskbh8REOnBCpqWeVslJjkKenR1wq5j0cKQx3__do4IhT9OYx1Ad30EG2din__zqCId--0t3AZLS2uca1pu_dHj7YG1lqrZj7IE-St_xhasBiZK_LqB9YmgJx2Zb5yjkSMBEn_sDXfrr8eblQAvbyfXAu6WYHIbAib-e5JVYF3Y-zKz2JLFGi1uc0_HRtUvm0f-84i7LWPRqo_982i0-0PibIoZsQHABoPGq4w656vXm3ACgamQzg1rTJa_4GGRjb8Wc1SXpuo4pBFyYqgbLXKic6ai03u6mlb9dDL5RukXeTwN8niuFbd9O5f9OHJQGaRI0jpR7F3BDDMdk6tsk9in3anyhgJ6jkXfKdtCTth5LIbbA3iri3Dq6rUtc6f33ctA5E63QisE2GdSiE4F5hlpKBt&pub_id=300&template=lp4  (setup.exe)

14 / 68    (Adware)
http://www.downanapp.com/.../300?sub_id=u4f0dff3354bad49e6b46cfde71&pub_id=303&template=lp  (לא מאושר 1593.crdownload)

9 / 68      (Adware)
http://www.downanapp.com/.../300?sub_id=apn630_sin1CJfimqWyhrmsbhACGLa04f7Kva-JayIMNzkuMTcwLjU0LjU5KAEwg9XLpAU.&pub_id=337&template=lp  (setup.exe)

9 / 68      (Adware)
http://www.downanapp.com/.../300?sub_id=u5ea5b80b548ad29c44c485b5dc&pub_id=303&template=lp  (bht4pl1b.exe)

9 / 68      (Adware)
http://www.downanapp.com/.../300?sub_id=apn630_ams1CIX1g6ON2oGsdBACGOaFxMHrrsgzIg04OS42OS4xMjkuMjUyKAEwttjapAU.&pub_id=337&template=lp  (setup.exe)

9 / 68      (Adware)
http://www.downanapp.com/.../300?sub_id=apn630_nym1CJm_ma7esLK4HBACGJ2AtKihqtSmBCIMNzIuMjIuMTU1LjE0KAEw1eGMpQU.&pub_id=337&template=lp  (setup.exe)

13 / 68    (Adware)
http://www.downanapp.com/.../300?sub_id=apn630_nym1CIPT9qG3o4b-XhACGPb3iajK2KPnYSINMTA4LjY5LjQxLjExNigBMI23qKUF&pub_id=337&template=lp  (setup.exe)

1 / 68      (Adware)
http://www.downanapp.com/.../300?sub_id=16978786901419237994&pub_id=303&template=lp5  (setup.exe)

22 / 68    (Adware)
http://www.downanapp.com/.../300?sub_id=apn630_fra1CKuf8sT_7ZayVxACGJ_SrJLBsd__SCIOMzEuMTY4LjE2NC4yMDYoATCC29elBQ..&pub_id=337&template=lp  (setup.exe)

9 / 68      (Adware)
http://www.downanapp.com/.../300?sub_id=apn630_nym1CKOiv83C_Y_vOBACGJ_l4ZD265atRCILOTkuNzIuMTczLjEoATDxjIClBQ..&pub_id=337&template=lp  (setup.exe)

9 / 68      (Adware)
http://www.downanapp.com/.../300?sub_id=adk2_yqikArPsODiJiduiuhuQl3HvwlkCwME0Qdr_xPEP6P6qr-ZKCsPT-7kbqVYc8cwPBQSvS13e8-Yj9fSAVtrCPTJAJCqtErSutFbIbGubJa8bACM7ErMr5KnoAbjX-V_TGSefZmRtUJiEuo97xBpK24FG_yjMXLQAu4sT_J0ihCOQ_tpTV0LVowAltzDpE393egmGYj5jqGyHEQjFVKGY-kTOPdv8aBgJQuLrwvyC6IftwknTaawYS_bg4RkBQuRLZote9A7tZZydYkYOk8D5i3RnfrC0WARiCIvk2Pavb9lrNS-kIqoFbk0-IUQrRQ5tP3zi-d3h4q1te05dtHHY5_8wA4o4TwFiMn1iKR4tPtlIl7ulp5d6c2weAwjPcd2_IRO2-rPjzU_Cn2cmdubxmq8R0HayIjRirdzGHets&pub_id=334&template=lp  (setup.exe)

8 / 68      (Adware)
http://www.downanapp.com/.../300?sub_id=14402238701420698439&pub_id=303&template=lp  (Setup.exe)

 
Latest 30 of 135 download URLs

The following 1133 files have been seen to comunicate with www.downanapp.com in live environments.

TCP » 108.59.81.209:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 52.1.45.42:80
nsh379f.tmp

TCP » 52.1.45.42:80
fsd814a.exe (Installer)

TCP » 52.1.45.42:80
syk160.exe (SilentInstaller)

TCP » 52.1.45.42:80
fsd57e.exe (Installer)

TCP » 108.59.81.209:80
jingling.exe

TCP » 108.59.81.209:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 108.59.81.209:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 108.59.81.209:80
jingling.exe

TCP » 108.59.81.209:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.1.45.42:80
sykc278.exe (SilentInstaller)

TCP » 52.1.45.42:80
dbupdater.exe

TCP » 52.1.45.42:80
dbupdater.exe

TCP » 52.1.45.42:80
dbupdater.exe

TCP » 52.1.45.42:80
dbupdater.exe

TCP » 52.1.45.42:80
SilentInstaller_dotnet4.exe (sol0506)

TCP » 52.1.45.42:80
dbupdater.exe

TCP » 52.1.45.42:80
adv_154.exe (chromium-installer-sharp)

TCP » 108.59.81.209:80
kometa.exe (Kometa by @COMPANY_FULLNAME@)

TCP » 108.59.81.209:80
browserair.exe (BrowserAir by Goobzo)

 
Latest 20 of 1,158 files

URL:
http://www.downanapp.com/

Title:
“Downanapp”

Web server:
nginx

Facebook:
Shares:  5

Statistics are for the previous month.

classicvideoplayer.com

downthat.com

fastmediaplayer.net

freemediaplayer.tv

iqabrowser.com

onthesoft.com

playmediaforfree.com

redirectos.com

socialnewtabs.com

winrepairpro.com

adskdoom.info

downc468.com

flashplayerkur.com

iptvlive.org

track342ut.com

coolplayer.info

coolplayer2.info

coolplayerpremium.info

djapp.info

freemediplayer.info

mediplayer.co

sudokuplayer.info

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.