begin-download.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain begin-download.com is registered by proxy through GODADDY.COM, LLC and was originally registered in March of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Chicago, Illinois within the United States which resides on the GigeNET network.
Registrar:
GODADDY.COM, LLC

Server location:
Illinois, United States (US)

Create date:
Wednesday, March 06, 2013

Expires date:
Monday, March 06, 2017

Updated date:
Friday, March 18, 2016

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Conduit.I, PUP.Conduit.R, PUP.Conduit.W, PUP.4323.Conduit.V, PUP.ClientConnect.W, PUP.4218.Conduit.V, PUP.43015.Conduit.V, PUP.Perion.Bundler.Conduit (M), PUP.Conduit.Bundler (M), PUP.Perion.Bundler (M)
100.00%

Dr.Web
Adware.Conduit.6, Adware.Conduit.27, Adware.BGuard.15, Adware.Toolbar.156, Adware.Conduit.87, Adware.Conduit.3, Threat.Undefined
56.82%

VIPRE Antivirus
Conduit, Threat.4786236
52.27%

ESET NOD32
Win32/OpenCandy, Win32/Wajam (variant), Win32/Conduit.SearchProtect, Win32/Toolbar.Conduit.AE, Win32/ClientConnect (variant)
47.73%

Malwarebytes
PUP.Optional.OpenCandy, PUP.Optional.Conduit.A, PUP.Optional.ClientConnect
40.91%

Trend Micro House Call
TROJ_GEN.F47V1208, TROJ_GEN.F47V0127, TROJ_GEN.F47V0224, TROJ_GEN.F47V0402, TROJ_GEN.F47V0107, TROJ_GEN.F47V0427, TROJ_GEN.F47V0508
34.09%

McAfee
Artemis!7F8D9F6D659C, Artemis!80AA71F1BB9D, Artemis!1EA8A14F590F, Artemis!AA333DF23510, Artemis!9ECC2E70C25B, Artemis!B19EDECC1504, Artemis!98F943050B40, Artemis!ED269DAAB52F, Artemis!F6FF4DF8E4AD, Artemis!103BEF0F2665, Artemis!CD6CAF52E289, Artemis!4349B6B7C799, Artemis!DEEE5215BEDA
34.09%

McAfee Web Gateway
Artemis!7F8D9F6D659C, Artemis!80AA71F1BB9D, Artemis!1EA8A14F590F, Artemis!AA333DF23510, Artemis!9ECC2E70C25B, Artemis!B19EDECC1504
34.09%

Fortinet FortiGate
Riskware/Wajam, Riskware/Toolbar_Conduit, Riskware/Conduit_SearchProtect, Riskware/ClientConnect
29.55%

avast!
Win32:Dropper-gen [Drp], Win32:Adware-BRM [PUP]
25.00%

AVG
Generic
25.00%

Baidu Antivirus
Adware.Win32.Conduit, Trojan.Win32.ClientConnect, PUA.Win32.ClientConnect, Adware.Win32.Toolbar
18.18%

Panda Antivirus
Adware/Conduit, PUP/Conduit.A
15.91%

IKARUS anti.virus
PUA.Toolbar.Conduit, PUA.ClientConnect, AdWare.Win32.Toolbar
11.36%

G Data
Win32.Adware.Conduit, Gen:Variant.Strictor.63226
11.36%

The domain begin-download.com has been seen to resolve to the following 5 IP addresses.

ip-69.39.236.56.hosted.by.gigenet.com
June 3, 2016

May 19, 2016

ip-184-168-221-96.ip.secureserver.net
April 19, 2016

ip-50-63-202-62.ip.secureserver.net
April 9, 2016

208.43.0.16-static.reverse.softlayer.com
February 5, 2014

File downloads found at URLs served by begin-download.com.

1 / 68      (Adware)
http://begin-download.com/.../c_downloadsp.php  (beginconvert_tsv1abfx9.exe)

2 / 68      (PUP)

13 / 68    (PUP)
http://begin-download.com/.../c_download.php  (begin_download_flv_brch.exe)

13 / 68    (PUP)
http://begin-download.com/.../download.php  (begin_download_flv_b2.exe)

The following 667 files have been seen to comunicate with begin-download.com in live environments.

 
Latest 20 of 719 files

February 1, 2016

URL:
http://begin-download.com/

Web server:
Microsoft-IIS/7.5 (ASP.NET) (Version: 4.0.30319)

Facebook:
Likes:  3,242
Shares:  173
Comments:  5

Statistics above are for the previous month of March 2017.