» winrar.todownload.com
Overview
Analysis
IPs Addresses (11)
Downloads (10)
Website Detail
Related Domains (2)

winrar.todownload.com

Domains By Proxy, LLC (Proxy Registrant)

Domain Information

The domain winrar.todownload.com is registered by proxy through GODADDY.COM, LLC and was originally registered in February of 2005. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States. The domain uses the Amazon Web Services (AWS) cloud computing platform.

Registrant:

Domains By Proxy, LLC

Registrar:

GODADDY.COM, LLC

Server location:

Virginia, United States (US)

Create date:

Sunday, February 13, 2005

Expires date:

Monday, February 13, 2017

Updated date:

Sunday, September 14, 2014

ASN:

AS14618 AMAZON-AES - Amazon.com, Inc.,US

Root domain:

todownload.com

Whois:

1 todownload.com record

Google Safe Browsing:

unwanted

Scanner detections:

Detections (90% detected)

Scan engine

Details

Detections

F-Prot

W32/InstallCore.I2.gen, W32/InstallCore.S.gen, W32/InstallCore.W.gen, W32/InstallCore.W2.gen, W32/InstallCore.I.gen

80.00%

Sophos

InstallCore ToDownload, Install Core Click run software, Generic PUA HB, PUA 'Install Core Click run software'

80.00%

VIPRE Antivirus

Trojan.Win32.Generic, InstallCore, Threat.5063361

80.00%

Avira AntiVirus

ADWARE/InstallCore.Gen, APPL/Downloader.Gen, PUA/InstallCore.Gen

80.00%

K7 AntiVirus

Unwanted-Program, Unwanted-Program , Trojan

70.00%

Dr.Web

BackDoor.BlackHole.10549, Adware.InstallCore.82

70.00%

AhnLab V3 Security

PUP/Win32.InstallCore

70.00%

Panda Antivirus

PUP/MultiToolbar.A, Trj/Chgt.G, Suspicious file

70.00%

avast!

Win32:Installer-I [PUP]

60.00%

AVG

Generic

60.00%

ESET NOD32

Win32/InstallCore.KN potentially unwanted application, MSIL/Soft32Downloader.C potentially unwanted application, Win32/InstallCore.AZ potentially unwanted application

50.00%

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

50.00%

Comodo Security

UnclassifiedMalware, ApplicUnwnt

50.00%

NANO AntiVirus

Trojan.Win32.Soft32Downloader.dgyrxf, Riskware.Win32.InstallCore.dfmywd, Trojan.Win32.BlackHole.dfmzma

50.00%

McAfee

Artemis!56900EC0EEA9, Artemis!B014371911DD, Trojan.Artemis!CFAA9F79EAAB, Artemis!CFBF87D24AE1

40.00%

The domain winrar.todownload.com has been seen to resolve to the following 11 IP addresses.

50.19.214.118

ec2-50-19-214-118.compute-1.amazonaws.com

June 24, 2016

50.16.204.217

ec2-50-16-204-217.compute-1.amazonaws.com

June 24, 2016

50.16.236.171

ec2-50-16-236-171.compute-1.amazonaws.com

January 29, 2016

54.235.131.224

ec2-54-235-131-224.compute-1.amazonaws.com

January 29, 2016

184.73.238.150

ec2-184-73-238-150.compute-1.amazonaws.com

May 3, 2015

23.23.167.169

ec2-23-23-167-169.compute-1.amazonaws.com

May 3, 2015

54.225.254.181

ec2-54-225-254-181.compute-1.amazonaws.com

May 3, 2015

December 2, 2014

December 2, 2014

November 30, 2014

November 30, 2014

File downloads found at URLs served by winrar.todownload.com.

1 / 68 (Adware)

http://winrar.todownload.com/get/file/.../842156?lp=adwords&gclid=CLHjvaWk3LQCFQ3nnAodFXQAvA&s=dlipktwfUC51Za214YAaFQ&t=1375049164&ext=.exe (winrar setup.exe)

1 / 68 (Adware)

http://winrar.todownload.com/get/file/.../809786?lp=adwords&gclid=CNeEp82dw7QCFY1DMgodVDcAYw&s=DrSSbVi2-O_NIUXVPutJ9Q&t=1374188375&ext=.exe (winrar setup.exe)

15 / 68 (PUP)

http://winrar.todownload.com/get/file/.../809786?lp=adwords&gclid=CPzb0sTa77QCFcqY4AodJxQAeg&s=vtjOfr_X34LAxnaJHSqiLA&t=1375716559&ext=.exe (winrar setup.exe)

16 / 68 (PUP)

http://winrar.todownload.com/get/file/.../809786?lp=adwords&gclid=CLDw892ctrQCFUd66wod21UAKg&s=71OPg-afE-hwUW9KjMsffQ&t=1373741465&ext=.exe (winrar setup.exe)

8 / 68 (PUP)

http://winrar.todownload.com/get/file/.../842156?lp=adwords&gclid=CNj588OQjrUCFQ7LtAodYysA1w&s=xoY4o2vdS8iHelZIPi5GGw&t=1376761860&ext=.exe (winrar setup.exe)

22 / 68 (PUP)

http://winrar.todownload.com/get/file/.../809786?lp=adwords&gclid=CNj588OQjrUCFQ7LtAodYysA1w&s=HJLKIuKVzwqC6D_16b2ZMg&t=1376761846&ext=.exe (winrar setup.exe)

16 / 68 (PUP)

http://winrar.todownload.com/get/file/.../809786?lp=adwords&gclid=COOXxuO1urQCFQu7zAodJBEAfQ&s=_gO2cNhHRgwbJw2EepWC0A&t=1373885627&ext=.exe (winrar setup.exe)

11 / 68 (PUP)

http://winrar.todownload.com/get/file/.../810682?lp=adwords&gclid=CLDw892ctrQCFUd66wod21UAKg& (winrar setup.exe)

21 / 68 (PUP)

http://winrar.todownload.com/get/file/.../810682?gclid=CP-chqe18bQCFUbKtAodGwwA3Q& (winrar setup.exe)

19 / 68 (inconclusive)

http://winrar.todownload.com/get/file/id/.../?lp=adwords&uid=141185218880327e7b2d5900fd97827688cbc64112&_ga=49840383.1411852187&gclid=CNyy6P6DubUCFUnMtAodU2AAUw (winrar setup.exe)

URL:

http://winrar.todownload.com/

Google Analytics:

UA-32025223

Title:

“Download WinRAR Free”

Network:

Amazon Web Services (AWS), running an EC2 instance

Web server:

nginx

Related Domains

us.com

wedownload.info

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.