download.doubletwist.com

doubleTwist Corporation

Domain Information

The domain download.doubletwist.com registered by doubleTwist Corporation was initially registered in September of 2004 through Moniker Online Services. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dublin, Dublin City within Ireland which resides on the RIPE Network Coordination Centre network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Registrar:
Moniker Online Services

Server location:
Dublin City, Ireland (IE)

Create date:
Thursday, September 30, 2004

Expires date:
Monday, September 30, 2019

Updated date:
Monday, August 04, 2014

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.

Root domain:

Scanner detections:
Detections  (96% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.doubleTwistCorporation.Q, PUP.Installer.doubleTwistCorporation.U, PUP.doubleTwistCorporation.K, PUP.doubleTwistCorporation.L, PUP.Installer.doubleTwistCorporation.T, PUP.Installer.doubleTwistCorporation.Y, PUP.Installer.doubleTwistCorporation.X, PUP.doubleTwistCorporation.Installer (M)
95.83%

ESET NOD32
Win32/OpenCandy, Win32/OpenCandy.C potentially unsafe (variant)
41.67%

Malwarebytes
PUP.Optional.OpenCandy
41.67%

Kaspersky
not-a-virus:AdWare.Win32.OpenCandy, Trojan.Win32.Crypt
29.17%

Vba32 AntiVirus
AdWare.OpenCandy
25.00%

Rising Antivirus
PE:PUF.OpenCandy!1.9DE5
25.00%

K7 AntiVirus
Unwanted-Program , Riskware , Trojan
25.00%

Fortinet FortiGate
Adware/OpenCandy, W32/Crypt.CSB!tr, W32/Adware_fam.NB, Riskware/OpenCandy
25.00%

K7 Gateway Antivirus
Unwanted-Program , Riskware , Trojan
20.83%

Trend Micro House Call
TROJ_GEN.F47V1105, TROJ_GEN.F47V0215, ADW_OPENCANDY, Suspicious_GEN.F47V0204
16.67%

Quick Heal
Trojan.Crypt.csb, Adware.OpenCandy.c (Not a Virus), AdWare.OpenCandy.g5 (Not a Virus)
12.50%

IKARUS anti.virus
Trojan.Win32.Crypt, not-a-virus:AdWare.Win32
12.50%

Baidu Antivirus
Trojan.Win32.Crypt, Trojan.Win32.OpenCandy
8.33%

Agnitum Outpost
PUA.OpenCandy
8.33%

XVirus List
Win32.Detected
8.33%

The domain download.doubletwist.com has been seen to resolve to the following 22 IP addresses.

s3-1-w.amazonaws.com
May 26, 2016

s3-1-w.amazonaws.com
April 19, 2016

s3-1-w.amazonaws.com
April 14, 2016

s3-1-w.amazonaws.com
February 23, 2016

January 5, 2016

s3-1-w.amazonaws.com
January 5, 2016

s3-1-w.amazonaws.com
January 4, 2016

s3-1-w.amazonaws.com
January 4, 2016

s3-1-w.amazonaws.com
January 4, 2016

s3-1-w.amazonaws.com
January 3, 2016

s3-1-w.amazonaws.com
July 16, 2015

s3-1-w.amazonaws.com
May 5, 2015

s3-1-w.amazonaws.com
May 5, 2015

s3-1-w.amazonaws.com
May 4, 2015

May 3, 2015

s3-1-w.amazonaws.com
September 2, 2014

s3-1-w.amazonaws.com
July 10, 2014

s3-1-w.amazonaws.com
May 21, 2014

s3-1-w.amazonaws.com
April 29, 2014

s3-1-w.amazonaws.com
April 25, 2014

s3-1-w.amazonaws.com
March 14, 2014

s3-1-w.amazonaws.com
August 4, 2013

File downloads found at URLs served by download.doubletwist.com.

1 / 68      (PUP)

1 / 68      (PUP)

1 / 68      (PUP)
http://download.doubletwist.com/.../ffdshow.exe  (5a4b39f4faf3164ebd77a6820847a4ae)

1 / 68      (PUP)
http://download.doubletwist.com/.../Application.exe  (7cd5fc5eb56a34304622f7f169228309)

11 / 68    (PUP)
http://download.doubletwist.com/.../Database.exe  (0528394195e045205c606903ec1ac13f)

1 / 68      (PUP)
http://download.doubletwist.com/.../ThirdParty.exe  (d918ec6b9e4d3a9cb4816a588b9a50c2)

0 / 68
http://download.doubletwist.com/.../vcredist_x86.exe  (5689d43c3b201dd3810fa3bba4a6476a)

1 / 68      (PUP)
http://download.doubletwist.com/.../Application.exe  (ba7e1cc293ce38a10593c1104b8fac5f)

5 / 68      (PUP)
http://download.doubletwist.com/.../Database.exe  (4c0ad27d96c5869aaebd6329ae52a1a5)

2 / 68      (PUP)
http://download.doubletwist.com/.../ThirdParty.exe  (5eff5873b04c08b9624e27f4cfc8b2a7)

1 / 68      (PUP)
http://download.doubletwist.com/.../ffdshow.exe  (8060926a26bd553ee4c4b992c039eaba)

1 / 68      (PUP)
http://download.doubletwist.com/doubleTwistSetup.exe  (2bdd1bfbf6c3e7a27a64b48c92dd9c46)

1 / 68      (PUP)
http://download.doubletwist.com/doubleTwistSetup.exe  (86fbaaff290b8df72706d799ef6a0839)

1 / 68      (PUP)

7 / 68      (PUP)

1 / 68      (PUP)
http://download.doubletwist.com/doubleTwistSetup.exe  (doubletwistsetup_3.0.0.6339.exe)

17 / 68    (PUP)
http://download.doubletwist.com/doubleTwistSetup.exe  (b00e55596c022249488ffabf5911eece)

5 / 68      (PUP)

3 / 68      (PUP)

1 / 68      (PUP)

7 / 68      (PUP)

7 / 68      (PUP)
http://download.doubletwist.com/doubleTwistSetup.exe  (fc44368d41e37efc3ae810f35009de38)

8 / 68      (PUP)

10 / 68    (PUP)
http://download.doubletwist.com/doubleTwistSetup.exe  (f784409249c116ba5eab9bfe8101e393)

10 / 68    (PUP)

10 / 68    (PUP)

8 / 68      (PUP)
http://download.doubletwist.com/doubleTwistSetup.exe  (c2e648c951463e67496c24de0995fac6)

The following 70 files have been seen to comunicate with download.doubletwist.com in live environments.

 
Latest 20 of 115 files

URL:
http://download.doubletwist.com/

Network:
Amazon Web Services (AWS)

Web server:
AmazonS3