www.downanapp.com

imali media n.i ltd

Domain Information

The domain www.downanapp.com registered by imali media n.i ltd was initially registered in August of 2014 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Scottsdale, Arizona within the United States which resides on the GoDaddy.com, LLC network.
Registrar:
GODADDY.COM, LLC

Server location:
Arizona, United States (US)

Create date:
Sunday, August 24, 2014

Expires date:
Wednesday, August 24, 2016

Updated date:
Tuesday, June 09, 2015

ASN:
AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC

Root domain:

Google Safe Browsing:
unwanted

Scanner detections:
Detections  (93% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.Stepitapp.F, PUP.Installer.IMALINIMEDIA, PUP.IMALINIMEDIA, PUP.Stepitapp, Threat.Win.Reputation.IMP, PUP.IMALI.IMALINIMEDIA, PUP.IMALI.IMALINIMEDIA.Installer (M), PUP.IMALI.IMALINIM.Installer (M), PUP.InstallCore.FC.Installer (M), PUP.Systweak.TUNEUPPR.Installer.Meta (L), PUP.Downloadius.Software.Installer (M), PUP.Softpulse.SmartSec.Bundler (M), PUP.Softpulse (M), PUP.AdGazelle (M)
96.43%

avast!
Win32:Dropper-gen [Drp], Win32:Malware-gen, Win32:Rootkit-gen [Rtk], Win32:Trojan-gen, Win32:Evo-gen [Susp]
64.29%

Avira AntiVirus
TR/Dldr.Agent.216048, TR/Dldr.Agent.215952, TR/Dldr.Agent.210832, TR/Dldr.Agent.265104, TR/Dldr.Agent.272784, TR/Dldr.Agent.272272
64.29%

McAfee Web Gateway
BehavesLike.Win32.BadFile.dh, BehavesLike.Win32.Downloader.dh, Artemis!Trojan, Artemis!PUP
60.71%

McAfee
Artemis!F4CD8201B97A, Artemis!9D54F21747B3, Artemis!AED39EECB67B, Artemis!2F472C9F080A, Artemis!E9938724CFD2, Artemis!DC365FC18033
60.71%

Trend Micro House Call
Suspicious_GEN.F47V1219, Suspicious_GEN.F47V1213, Suspicious_GEN.F47V1214, Suspicious_GEN.F47V1230, Suspicious_GEN.F47V0107, Suspicious_GEN.F47V0203
57.14%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4150696
57.14%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
50.00%

K7 Gateway Antivirus
DoS-Trojan , Unwanted-Program , Riskware , Trojan-Downloader , Adware
46.43%

Sophos
Generic PUA OF, Generic PUA LN, Generic PUA OH, Generic PUA NC, Generic PUA LB, Generic PUA EK
42.86%

K7 AntiVirus
Unwanted-Program , Riskware , Adware
42.86%

ESET NOD32
Win32/Downloader.Agent.AI (variant), Win32/Adware.Imali (variant)
39.29%

AVG
Generic, Adware Generic6
35.71%

Kaspersky
UDS:DangerousObject.Multi.Generic
25.00%

Fortinet FortiGate
Riskware/Downloader_Agent, Riskware/Imali
25.00%

The domain www.downanapp.com has been seen to resolve to the following 3 IP addresses.

ip-50-63-202-65.ip.secureserver.net
August 30, 2016

ec2-52-1-45-42.compute-1.amazonaws.com
June 19, 2015

209.81.59.108.bc.googleusercontent.com
January 11, 2015

File downloads found at URLs served by www.downanapp.com.

31 / 68    (Adware)

22 / 68    (Adware)

16 / 68    (Adware)

 
Latest 30 of 135 download URLs

The following 1133 files have been seen to comunicate with www.downanapp.com in live environments.

 
Latest 20 of 1,158 files

URL:
http://www.downanapp.com/

Title:
“Downanapp”

Web server:
nginx

Facebook:
Shares:  5

Statistics are for the previous month.