home

i1.megagetnews.net

Whois Privacy Protection Service, Inc.  (Proxy Registrant)

Domain Information

The domain i1.megagetnews.net is registered by proxy through NAME.COM, INC. and was originally registered in March of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Manassas, Virginia within the United States which resides on the Leaseweb USA, Inc. network.
Registrar:
NAME.COM, INC.

Server location:
Virginia, United States (US)

Create date:
Thursday, March 27, 2014

Expires date:
Friday, March 27, 2015

Updated date:
Saturday, May 10, 2014

Root domain:
megagetnews.net

Whois:
1 megagetnews.net record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.EliDahan.J, PUP.EZDownloader.Installer.M, Unnamed.Threat.75, Threat.Win.Reputation, Adware.SInstaller.I, Threat.Win.Reputation.IMP, PUP.SkytouchTechnologyCoLimited.O
88.89%

Trend Micro House Call
ADW_EMOTICONS, TROJ_GEN.F47V0611, TROJ_SPNR.29L213, TROJ_GEN.R03WB01C614, TROJ_GEN.F47V0130, TROJ_GEN.F47V0606
66.67%

Dr.Web
Trojan.DownLoad3.30962, Trojan.Searcher.1197, Adware.Mutabaha.42, Adware.Mutabaha.53, Trojan.WebPick.35
55.56%

ESET NOD32
Win32/TrojanDownloader.Agent.AFD (variant), Win32/Duckegg, Win32/SProtector (variant), Win32/ELEX, Win32/ELEX.AJ (variant)
55.56%

Baidu Antivirus
Trojan.Win32.Agent, Trojan.Win32.Duckegg, Trojan.Win32.SProtector, Adware.Win32.ELEX
55.56%

Bkav FE
W32.Cloddb2.Trojan, W32.Clodd3f.Trojan, HW32.Stranacty
44.44%

avast!
Win32:Adware-AYT [PUP], Win32:SProtector-G [PUP], Win32:Malware-gen, Win32:Patched-JI
44.44%

Malwarebytes
PUP.Optional.EZDownloader.A, PUP.Optional.MultiPlug.A, Trojan.SProtector, PUP.Optional.SkyTech.A
44.44%

McAfee
Artemis!1D283DD3AE23, Generic-FAOD!23912DF27A61, Artemis!9CDEAD920A06, Trojan.Generic-FAOD!23912DF27A61
44.44%

Fortinet FortiGate
W32/Agent.AFD!tr.dldr, W32/Agent.AEAIQ!tr, Riskware/Elex
44.44%

XVirus List
Win.Detected
44.44%

Emsisoft Anti-Malware
Application.MPlug, Gen:Variant.Dropper.99, Adware.Win32.AppInstall, Win32.SlugIn
44.44%

Comodo Security
Heur.Suspicious, UnclassifiedMalware, Application.Win32.Preload.A
33.33%

VIPRE Antivirus
Trojan.Win32.Generic!SB.0
33.33%

Panda Antivirus
Adware/TSUploader, Trj/Genetic.gen
33.33%

The domain i1.megagetnews.net has been seen to resolve to the following IP address.

198.7.61.118
hosted-by.leaseweb.com
July 7, 2014

File downloads found at URLs served by i1.megagetnews.net.

6 / 68      (Malware)
http://i1.megagetnews.net/.../duckegg.exe  (fastdownload.exe)

9 / 68      (Malware)
http://i1.megagetnews.net/addons/dfndr/.../tpq.exe  (7830e51374681d8aa92e26e621d26ddd)

8 / 68      (Adware)
http://i1.megagetnews.net/.../sSetup-se.exe  (ef7d5227360e42058d25f27d9db95de0)

26 / 68    (PUP)
http://i1.megagetnews.net/addons/dfndr/.../tpq.exe  (assistant_v3.exe)

14 / 68    (Adware)
http://i1.megagetnews.net/.../wpc_sweet-page.exe  (f9af7229398fa61d76eca2186b5769b7)

22 / 68    (PUP)
http://i1.megagetnews.net/.../agup.exe  (sk.enhancer.exe)

8 / 68      (Adware)
http://i1.megagetnews.net/.../sinstall.exe  (71c2ea2b936ba80f4bad80937b369adf)

3 / 68      (Adware)
http://i1.megagetnews.net/.../ezdownloader.exe  (71f784969d24240764d5e5d752d55a41)

9 / 68      (PUP)
http://i1.megagetnews.net/.../wpc_sweet-page.exe  (29d3bf4c760843643a66ecd87ee602a9)

The following 2 files have been seen to comunicate with i1.megagetnews.net in live environments.

TCP » 198.7.61.118:80
pour communiquer.rar.exe (SoftApp by SetApp)

TCP » 198.7.61.118:80
rayman legends-black box.exe (Right Soft)

URL:
http://i1.megagetnews.net/

Web server:
ngx_openresty

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.