www.idownloadsnow.com

George Memphis

Domain Information

The domain www.idownloadsnow.com registered by George Memphis was initially registered in January of 2014 through WILD WEST DOMAINS, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Registrar:
WILD WEST DOMAINS, LLC

Server location:
Virginia, United States (US)

Create date:
Thursday, January 09, 2014

Expires date:
Monday, January 09, 2017

Updated date:
Thursday, January 21, 2016

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc., US

Root domain:

Scanner detections:
Detections  (92% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.ZGameToolbarInstaller.VisicomMedia.M, PUP.DLSecureToolbarInstaller.VisicomMedia.P, (M), Win32.Generic, PUP.Visicom.VisicomM.Installer.Meta (M), PUP.Visicom (M)
92.31%

Trend Micro House Call
TROJ_GE.DAB0F271, TROJ_GEN.F47V1219, Suspicious_GEN.F47V1113, Suspicious_GEN.F47V1125, TROJ_GEN.R047H07BF15, Suspicious_GEN.F47V0302
46.15%

Dr.Web
Tool.InstallToolbar.129, Adware.Toolbar.272, Adware.Toolbar.283
46.15%

ESET NOD32
Win32/Toolbar.Visicom (variant), Win32/Toolbar.Visicom.A potentially unwanted (variant)
46.15%

McAfee
Artemis!00B6A8C35C6A, Artemis!407DF097C21F, Artemis!AB7A0A813215, Artemis!51720125B35F
30.77%

McAfee Web Gateway
Heuristic.BehavesLike.Win32.Suspicious-PKR.O, Artemis
30.77%

Malwarebytes
PUP.Optional.DLSecure.A
30.77%

Agnitum Outpost
PUA.Toolbar.Visicom, PUA.Toolbar.Agent
23.08%

Fortinet FortiGate
Riskware/Visicom, Riskware/Agent
23.08%

K7 Gateway Antivirus
Trojan , DoS-Trojan
15.38%

K7 AntiVirus
Trojan , Unwanted-Program
15.38%

Sophos
Generic PUA CG, Generic PUA LM
15.38%

VIPRE Antivirus
Trojan.Win32.Generic!SB.0
7.69%

Zillya! Antivirus
Adware.Agent.Win32.43878
7.69%

Kaspersky
not-a-virus:WebToolbar.Win32.Agent
7.69%

The domain www.idownloadsnow.com has been seen to resolve to the following 8 IP addresses.

ec2-52-73-167-100.compute-1.amazonaws.com
August 20, 2016

ec2-52-7-27-12.compute-1.amazonaws.com
July 21, 2016

ec2-52-72-131-1.compute-1.amazonaws.com
June 29, 2016

ec2-52-7-31-45.compute-1.amazonaws.com
June 25, 2016

ec2-52-3-62-61.compute-1.amazonaws.com
June 4, 2016

ec2-54-173-46-97.compute-1.amazonaws.com
May 28, 2016

ec2-107-23-9-9.compute-1.amazonaws.com
February 26, 2016

May 31, 2014

File downloads found at URLs served by www.idownloadsnow.com.

1 / 68      (Adware)
http://www.idownloadsnow.com/.../dlsecureTb_1.0.4.1.exe  (fd7969a5899f16d6beb0a36c3911efe2)

2 / 68      (Malware)

1 / 68      (Malware)

1 / 68      (Adware)
http://www.idownloadsnow.com/.../dlsecureTb_1.0.4.1.exe  (55dcf411d41c15ec868897ea822aa5f3)

4 / 68      (PUP)
http://www.idownloadsnow.com/.../dlsecureTb_1.0.1.2.exe  (8190a2b9da27b453f84789505d9f35f8)

1 / 68      (Adware)
http://www.idownloadsnow.com/.../dlsecureTb_1.0.4.1.exe  (287ed3feac36e57f50690dc77e49c8af)

1 / 68      (Adware)
http://www.idownloadsnow.com/.../dlsecureTb_1.0.1.5.exe  (a7d53882f1b292deda077eded29da722)

3 / 68      (inconclusive)
http://www.idownloadsnow.com/.../dlsecureTb_1.0.1.5.exe  (957c4181a922b7405a0d92b794387572)

20 / 68    (PUP)
http://www.idownloadsnow.com/.../dlsecureTb_1.0.4.1.exe  (51720125b35fc99fc54fe3d534326cf9)

9 / 68      (PUP)
http://www.idownloadsnow.com/.../dlsecureTb_1.0.1.5.exe  (ab7a0a813215575d287c738ac8cc8a84)

4 / 68      (PUP)
http://www.idownloadsnow.com/.../dlsecureTb_1.0.0.2.exe  (8fad8d914514025e79b99a7cc8e4bf60)

9 / 68      (PUP)
http://www.idownloadsnow.com/.../dlsecureTb_1.0.1.3.exe  (407df097c21f4b6f2bb63858f8562cd2)

9 / 68      (PUP)
http://www.idownloadsnow.com/.../z_downloader.exe  (00b6a8c35c6a868d53b29cfec94da42e)

URL:
http://www.idownloadsnow.com/

Title:
“#1 Search Engine - idownloadsnow”

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
nginx/1.9.10 (PHP/5.5.9-1ubuntu4.14)

Facebook:
Shares:  1

Statistics are for the previous month.