home

dl.yontoo.com

Yontoo LLC  (via a Proxy Registrant)

Domain Information

dl.yontoo.com is operated by Sambreel's (now QuestPoint) subsidiary Yontoo. The domain dl.yontoo.com is registered by proxy through GODADDY.COM, LLC and was originally registered in March of 2007. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Broomfield, Colorado within the United States which resides on the Level 3 Communications, Inc. network. The domain is associated with the publisher Yontoo LLC who is located in Carlsbad, California in the United States.
Registrar:
GODADDY.COM, LLC

Server location:
Colorado, United States (US)

Create date:
Friday, March 30, 2007

Expires date:
Wednesday, March 30, 2016

Updated date:
Monday, April 27, 2015

ASN:
AS54761 ARIN-SAMBREEL-SVCS - Sambreel Services, LLC

Root domain:
yontoo.com

Whois:
2 yontoo.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Yontoo.R, PUP.Installer.Yontoo.L, PUP.Installer.Yontoo.R, Win32.Generic
100.00%

Trend Micro House Call
ADW_YONTOO, TROJ_GEN.RCBH1ET13, TROJ_GEN.F47V1220
93.33%

VIPRE Antivirus
Yontoo
93.33%

Boost by Reason
Trojan.Adw.Yontoo.R, Optional.Yontoo.L
93.33%

McAfee
Artemis!2530E5D03504, Artemis!B1A9C17E5529
86.67%

Comodo Security
ApplicUnwnt.Win32.AdWare.Yontoo.~, UnclassifiedMalware
86.67%

Dr.Web
Adware.Siggen.24249, Adware.Plugin.11, Adware.Yontoo.3
86.67%

Avira AntiVirus
ADWARE/Yontoo.Gen
86.67%

Trend Micro
ADW_YONTOO, BKDR_BIFROSE.BMC
86.67%

Rising Antivirus
Trojan.InstallRex!562A, PE:Trojan.InstallRex!1.9CB0
86.67%

IKARUS anti.virus
AdWare.Yontoo
86.67%

Bkav FE
HW32.Laneul, W32.Clod764.Trojan
86.67%

Baidu Antivirus
AdWare.Win32.Yontoo, Adware.Win32.Agent
86.67%

Agnitum Outpost
Adware.Yontoo
86.67%

AVG
AdInject.Yontoo
86.67%

The domain dl.yontoo.com has been seen to resolve to the following 2 IP addresses.

8.25.35.136
January 5, 2016

93.184.215.163
November 16, 2013

File downloads found at URLs served by dl.yontoo.com.

2 / 68      (Adware)
http://dl.yontoo.com/Install/.../yontoosetup.exe  (b767e07dadacbc504f8e901a6c37d094)

20 / 68    (Adware)
http://dl.yontoo.com/Install/.../yontoosetup.exe  (3bf9a2450929e5f2436ab68dbfec5af2)

20 / 68    (Adware)
http://dl.yontoo.com/Install/.../yontoosetup.exe  (3366dcc4c926d6c984691c1ba682fd5d)

4 / 68      (Adware)
http://dl.yontoo.com/YontooUninstaller.exe  (f473f6e32b773edee97950d2746fd088)

20 / 68    (Adware)
http://dl.yontoo.com/yontoosetup.exe  (cfcd932eca92650448e2b2ce509508fb)

20 / 68    (Adware)
http://dl.yontoo.com/install/.../yontoosetup.exe  (c6fc915e6ce1e8f7c8ebea9082f789fc)

20 / 68    (Adware)
http://dl.yontoo.com/Install/.../yontoosetup.exe  (3e17725d0771f903eb5cd13c091d7a2f)

20 / 68    (Adware)
http://dl.yontoo.com/Install/4/.../yontoosetup.exe  (58e27e8d9078e0189a5d15b7f7123e5d)

20 / 68    (Adware)
http://dl.yontoo.com/Install/4/.../yontoosetup.exe  (f41cc57195aa9ca6391936789aedec47)

20 / 68    (Adware)
http://dl.yontoo.com/Install/.../yontoosetup.exe  (b1a9c17e5529c00e6a12ffeb37690e1e)

20 / 68    (Adware)
http://dl.yontoo.com/Install/.../yontoosetup.exe  (c74233f1e1fe1ff32af28fab1fc77054)

20 / 68    (Adware)
http://dl.yontoo.com/Install/.../yontoosetup.exe  (280e9d0d3311cc57c7d3dd7f5e437cfc)

20 / 68    (Adware)
http://dl.yontoo.com/Install/.../yontoosetup.exe  (932e3d21a38cc7adf9ce4e1f304d5dcf)

20 / 68    (Adware)
http://dl.yontoo.com/Install/.../yontoosetup.exe  (5b4b2a705b95c18cc1a3c7d76fb2ea11)

18 / 68    (Adware)
http://dl.yontoo.com/YontooUninstaller.exe  (2530e5d035047b8533401512fdef9060)

The following 576 files have been seen to comunicate with dl.yontoo.com in live environments.

TCP » 8.25.35.136:443
yontoolayers.crx

TCP » 8.25.35.136:443
yontoolayers.crx

TCP » 8.25.35.136:443
yontoolayers.crx

TCP » 8.25.35.136:443
yontoolayers.crx

TCP » 8.25.35.136:443
yontoolayers.crx

TCP » 8.25.35.136:443
yontoolayers.crx

TCP » 8.25.35.136:443
yontoolayers.crx

TCP » 8.25.35.136:443
yontoolayers.crx

TCP » 8.25.35.136:443
yontoolayers.crx

TCP » 8.25.35.136:443
yontoolayers.crx

TCP » 8.25.35.136:443
yontoolayers.crx

TCP » 8.25.35.136:443
yontoolayers.crx

TCP » 8.25.35.136:443
yontoolayers.crx

TCP » 8.25.35.136:443
yontoolayers.crx

TCP » 8.25.35.136:443
yontoolayers.crx

TCP » 8.25.35.136:443
yontoolayers.crx

TCP » 8.25.35.136:443
yontoolayers.crx

TCP » 8.25.35.136:443
yontoolayers.crx

TCP » 8.25.35.136:443
yontoolayers.crx

TCP » 8.25.35.136:443
yontoolayers.crx

 
Latest 20 of 576 files

URL:
http://dl.yontoo.com/

Title:
“Untitled Page”

SSL certificate subject:
CN=*.yontoo.com, OU=Domain Control Validated

SSL certificate issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc."

Web server:
Microsoft-IIS/7.5 (ASP.NET) (Version: 4.0.30319)

luckyleap.net

amasvc.com

dropdowndeals.com

jeetyetmedia.com

jumpflip.net

webconnect.co

outobox.net

browsefox.com

whilokii.net

browsesmart.net

lemurleap.info

divapton.biz

secretsauce.biz

betterbrowse.net

greygray.biz

diamondata.net

glindorus.net

websparkle.biz

kozaka.net

clingclang.biz

serialtrunc.com

batbrowse.com

pagerage.com

facebooklayouts.com

buzzdock.com

surftastic.net

myfindright.com

lookinglink.info

viewplay.net

pacfunction.info

30 of 37 related domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.