dl.yontoo.com

Yontoo LLC  (via a Proxy Registrant)

Domain Information

dl.yontoo.com is operated by Sambreel's (now QuestPoint) subsidiary Yontoo. The domain dl.yontoo.com is registered by proxy through GODADDY.COM, LLC and was originally registered in March of 2007. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Broomfield, Colorado within the United States which resides on the Level 3 Communications, Inc. network. The domain is associated with the publisher Yontoo LLC who is located in Carlsbad, California in the United States.
Registrar:
GODADDY.COM, LLC

Server location:
Colorado, United States (US)

Create date:
Friday, March 30, 2007

Expires date:
Wednesday, March 30, 2016

Updated date:
Monday, April 27, 2015

ASN:
AS54761 ARIN-SAMBREEL-SVCS - Sambreel Services, LLC

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Yontoo.R, PUP.Installer.Yontoo.L, PUP.Installer.Yontoo.R, Win32.Generic
100.00%

Trend Micro House Call
ADW_YONTOO, TROJ_GEN.RCBH1ET13, TROJ_GEN.F47V1220
93.33%

VIPRE Antivirus
Yontoo
93.33%

Boost by Reason
Trojan.Adw.Yontoo.R, Optional.Yontoo.L
93.33%

McAfee
Artemis!2530E5D03504, Artemis!B1A9C17E5529
86.67%

Comodo Security
ApplicUnwnt.Win32.AdWare.Yontoo.~, UnclassifiedMalware
86.67%

Dr.Web
Adware.Siggen.24249, Adware.Plugin.11, Adware.Yontoo.3
86.67%

Avira AntiVirus
ADWARE/Yontoo.Gen
86.67%

Trend Micro
ADW_YONTOO, BKDR_BIFROSE.BMC
86.67%

McAfee Web Gateway
Artemis!2530E5D03504, Artemis!B1A9C17E5529
86.67%

Rising Antivirus
Trojan.InstallRex!562A, PE:Trojan.InstallRex!1.9CB0
86.67%

IKARUS anti.virus
AdWare.Yontoo
86.67%

Bkav FE
HW32.Laneul, W32.Clod764.Trojan
86.67%

Baidu Antivirus
AdWare.Win32.Yontoo, Adware.Win32.Agent
86.67%

Agnitum Outpost
Adware.Yontoo
86.67%

The domain dl.yontoo.com has been seen to resolve to the following 2 IP addresses.

January 5, 2016

November 16, 2013

File downloads found at URLs served by dl.yontoo.com.

2 / 68      (Adware)
http://dl.yontoo.com/Install/.../yontoosetup.exe  (b767e07dadacbc504f8e901a6c37d094)

24 / 68    (Adware)
http://dl.yontoo.com/Install/.../yontoosetup.exe  (3bf9a2450929e5f2436ab68dbfec5af2)

24 / 68    (Adware)
http://dl.yontoo.com/Install/.../yontoosetup.exe  (3366dcc4c926d6c984691c1ba682fd5d)

4 / 68      (Adware)
http://dl.yontoo.com/YontooUninstaller.exe  (f473f6e32b773edee97950d2746fd088)

24 / 68    (Adware)
http://dl.yontoo.com/yontoosetup.exe  (cfcd932eca92650448e2b2ce509508fb)

24 / 68    (Adware)
http://dl.yontoo.com/install/.../yontoosetup.exe  (c6fc915e6ce1e8f7c8ebea9082f789fc)

24 / 68    (Adware)
http://dl.yontoo.com/Install/.../yontoosetup.exe  (3e17725d0771f903eb5cd13c091d7a2f)

24 / 68    (Adware)
http://dl.yontoo.com/Install/4/.../yontoosetup.exe  (58e27e8d9078e0189a5d15b7f7123e5d)

24 / 68    (Adware)
http://dl.yontoo.com/Install/4/.../yontoosetup.exe  (f41cc57195aa9ca6391936789aedec47)

24 / 68    (Adware)
http://dl.yontoo.com/Install/.../yontoosetup.exe  (b1a9c17e5529c00e6a12ffeb37690e1e)

24 / 68    (Adware)
http://dl.yontoo.com/Install/.../yontoosetup.exe  (c74233f1e1fe1ff32af28fab1fc77054)

24 / 68    (Adware)
http://dl.yontoo.com/Install/.../yontoosetup.exe  (280e9d0d3311cc57c7d3dd7f5e437cfc)

24 / 68    (Adware)
http://dl.yontoo.com/Install/.../yontoosetup.exe  (932e3d21a38cc7adf9ce4e1f304d5dcf)

24 / 68    (Adware)
http://dl.yontoo.com/Install/.../yontoosetup.exe  (5b4b2a705b95c18cc1a3c7d76fb2ea11)

20 / 68    (Adware)
http://dl.yontoo.com/YontooUninstaller.exe  (2530e5d035047b8533401512fdef9060)

The following 576 files have been seen to comunicate with dl.yontoo.com in live environments.

 
Latest 20 of 576 files

URL:
http://dl.yontoo.com/

Title:
“Untitled Page”

SSL certificate subject:
CN=*.yontoo.com, OU=Domain Control Validated

SSL certificate issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc."

Web server:
Microsoft-IIS/7.5 (ASP.NET) (Version: 4.0.30319)

30 of 37 related domains