home

raidcall.joydownload.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain raidcall.joydownload.com is registered by proxy through GODADDY.COM, LLC and was originally registered in March of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon.com, Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Registrar:
GODADDY.COM, LLC

Server location:
Virginia, United States (US)

Create date:
Monday, March 18, 2013

Expires date:
Friday, March 18, 2016

Updated date:
Friday, May 1, 2015

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US

Root domain:
joydownload.com

Whois:
1 joydownload.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Installer.InnovativeSystems, PUP.InnovativeSystems.Installer (M)
100.00%

AVG
Adware AdLoad.OpenCandy, Generic
100.00%

Dr.Web
Threat.Undefined
100.00%

VIPRE Antivirus
Threat.4150696, Opencandy
100.00%

McAfee
Trojan.Artemis!C5E8D0BFF605, Artemis!4F11C9D0527A
100.00%

Bkav FE
W32.HfsAdware
100.00%

Malwarebytes
PUP.Optional.OpenCandy
100.00%

K7 AntiVirus
Trojan
100.00%

Clam AntiVirus
Win.Trojan.Agent-803351
100.00%

Agnitum Outpost
Riskware.Agent
100.00%

G Data
Win32.Adware.OpenCandy
100.00%

AhnLab V3 Security
PUP/Win32.OpenCandy
100.00%

Baidu Antivirus
Adware.Win32.OpenCandy
100.00%

ESET NOD32
Win32/JoyDownloader.D potentially unwanted application
50.00%

Trend Micro House Call
Suspicious_GEN.F47V0716
50.00%

The domain raidcall.joydownload.com has been seen to resolve to the following 3 IP addresses.

54.235.130.12
ec2-54-235-130-12.compute-1.amazonaws.com
September 21, 2015

23.23.159.111
ec2-23-23-159-111.compute-1.amazonaws.com
May 2, 2015

23.21.241.197
ec2-23-21-241-197.compute-1.amazonaws.com
May 2, 2015

File downloads found at URLs served by raidcall.joydownload.com.

21 / 68    (Adware)
http://raidcall.joydownload.com/get_file/wUia6yjQOMzI2nSzUbjxCggkkkU3PCqsWxLwas6X8fE9rm//qHpz2dBNJ0Pteu2lYyauyxdSM2qGCav2QeFkkuU8q4CaGQ P TGtRBPlszi1ivXbvI2B0iMX8Nx1wQlQXzWtAjRn1pJwqnirBj LS/.../D226t17JnvlvBpn esGkfTIFi9O2ROMllF4f7oLvzQGsfKE2nSqsEc5d7c69QWvi8JuWkD52OOoXEMYvMjwpsui1HBNzhVs=  (raidcall_v7.3.6.exe)

14 / 68    (Adware)
http://raidcall.joydownload.com/get_azure_file/wUiS4WnYccXEwj 8WvauHEA0kxQ8PTK1GRHga5/ZtOM8/zGn4SgumpJLbxv1Y/j2N3muggUBZjDdR7W1E/Y9xbNykY7dXk7E7SShBkfzuXm4g/HRrtvT0mlPq4dm2gkXRn3kAD98ntFrr3KuCTLFHNMaz9niKTEZPfFnPRNMOaz9RDwmLNzFZREkhrPmECchfILg2q4/DGOo7Rndl7xmA5ivN5vwOy4bnNO2XuMnlQ9VtNzvhhvyaKBnliylCslf/.../5sd6g1QRmNHPOqmsG1pQ=  (raidcall_v7.3.6.exe)

The following file have been seen to comunicate with raidcall.joydownload.com in live environments.

TCP » 23.21.241.197:80
install_flash_player-oc-jd.exe

URL:
http://raidcall.joydownload.com/

Title:
“Raidcall - Download Raidcall 7.3 in english on JoyDownload”

Description:
“RaidCall is a free, elegant and simple application that allows you to communicate with people via the internet using microphone - Download Raidcall latest version here.”

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
nginx/1.7.6 (PHP/5.3.10-1ubuntu3.8)

Facebook:
Likes:  22
Shares:  215
Comments:  18

Statistics are for the previous month.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.