home

www.2downloadz.com

Whois Privacy Protection Service, Inc.  (Proxy Registrant)

Domain Information

The domain www.2downloadz.com is registered by proxy through NAME.COM, INC. and was originally registered in February of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Atlanta, Georgia within the United States which resides on the Namecheap, Inc. network.
Registrar:
NAME.COM, INC.

Server location:
Georgia, United States (US)

Create date:
Friday, February 15, 2013

Expires date:
Wednesday, February 15, 2017

Updated date:
Friday, March 4, 2016

ASN:
AS22612 NAMECHEAP-NET - Namecheap, Inc., US

Root domain:
2downloadz.com

Whois:
3 2downloadz.com records

Scanner detections:
Detections  (58% detected)

Scan engine
Details
Detections

avast!
Win32:Malware-gen, Win32:Rootkit-gen [Rtk], Win32:GenMalicious-JNL [Trj]
81.82%

McAfee
Artemis!26FD07A21939, Program.Artemis!81F651BD79F0, Trojan.Artemis!7F4647FDAE81
45.45%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4150696
45.45%

ESET NOD32
Win32/Packed.Autoit.H suspicious application
45.45%

Emsisoft Anti-Malware
Trojan.Generic.11352583, Trojan.Generic.12427773, Trojan.ScriptKD.555
45.45%

Trend Micro House Call
TROJ_GEN.F47V0220, TROJ_GE.337FE20B, TROJ_GE.54D5AFF7, TROJ_SPNR.3AGP14
36.36%

ESET NOD32
Win32/Somoto, Win32/Packed.Autoit
27.27%

Comodo Security
UnclassifiedMalware
27.27%

Kaspersky
Trojan.MSIL.Zapchast, not-a-virus:HEUR:Downloader.Win32.AutoIt
27.27%

nProtect
Adware/W32.Agent.237016, Trojan.Generic.11352583
18.18%

Panda Antivirus
PUP/MultiToolbar.A, Trj/CI.A
18.18%

G Data
Win32.Trojan.Agent.E786GE, Trojan.Generic.11352583
18.18%

Qihoo 360 Security
HEUR/Malware.QVM11.Gen, Win32/Trojan.997
18.18%

Avira AntiVirus
Rkit/Agent.1104912, TR/Rogue.11352583.1
18.18%

Norman
Trojan.ScriptKD.555
18.18%

The domain www.2downloadz.com has been seen to resolve to the following 3 IP addresses.

198.54.116.141
s198.web-hosting.com
April 20, 2016

185.25.48.3
hst-3-48-25-185.ist.lt
March 7, 2014

185.25.48.169
hst-169-48-25-185.ist.lt
December 26, 2013

File downloads found at URLs served by www.2downloadz.com.

1 / 68      (inconclusive)
http://www.2downloadz.com/download.php?id=roosbmwrcu1sw4h8j8nhwxyjgvta8b&j=2&c=817&dlr  (playing for keeps_downloader.exe)

3 / 68      (inconclusive)
http://www.2downloadz.com/download.php?id=asoy5do4rj89lfj5u0t5o8pn8rb0di&j=2&c=200&dlr  (f.a.t.c.dar downloader.exe)

7 / 68      (PUP)
http://www.2downloadz.com/download.php?id=76s23k7fh790epphrnpqurigy0rh70&j=2&c=546&dlr  (spring breakers downloader.exe)

6 / 68      (PUP)
http://www.2downloadz.com/download.php?id=hk50svxi1lg3i1xzuer6ksz428bct0&j=2&c=681&dlr  (h.t.t.y.d.web.2014.el.doctor downloader.exe)

3 / 68      (inconclusive)
http://www.2downloadz.com/auto_download.php?h=9a5y7zrps4  (myegy.com_internet.download.manager_6.17_build_6_by.maher_downloader.exe)

5 / 68      (PUP)
http://www.2downloadz.com/download.php?id=w84bohjhii0qte4b1zuss4jn0eq5wb&j=2&c=070&dlr  (اختبارات شهرية وفصلية ووظائف منزلية خاصة بالسنة الثالثة ابتدائي في جميع المواد downloader.exe)

23 / 68    (Malware)
http://www.2downloadz.com/download.php?id=3puxdopbgdw1jeyrmtxj4fwpt55kji&j=2&c=316&dlr  (by mayoufi tunisia-sat nitro pro v9.0.3.2 (x86 downloader.exe)

5 / 68      (Malware)
http://www.2downloadz.com/download.php?id=0ezv0v4o2v2min3oc6jh5whdccks2s&j=2&c=971&dlr  (spy-net v2.6 ara downloader.exe)

6 / 68      (Malware)
http://www.2downloadz.com/.../get_file.php?id=ac0t5rahe3v&uid=mfvvda2ocl  (adidas cccam.cfg cccam magazine-20_downloader.exe)

0 / 68
http://www.2downloadz.com/download.php?id=viz5kd85z9moty6a8g2s2ahr8ewf7k&j=2&c=665&dlr  (فروض و اختبارات اللغة الفرنسية السنة الخامسة ابتدائي لجميع الفصول collection devoirs et compositions)

13 / 68    (Adware)
http://www.2downloadz.com/.../2Downloadz_Fast_downloader-6hUv9z6v.exe  (26fd07a219399f2d5730109f70d4b7c7)

0 / 68
http://www.2downloadz.com/get_file.php?id=413e6b3a798295b2fd7763ddeed1903de48193ea&h=joxcdnd8s8  (jsc sport v6.0 by mohamed eddami.exe)

The following 2 files have been seen to comunicate with www.2downloadz.com in live environments.

TCP » 198.54.116.141:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 198.54.116.141:80
UCBrowser.exe (UC Browser by UCWeb)

URL:
http://www.2downloadz.com/

Google Analytics:
UA-45612191

Title:
“2Downloadz.com | Convert Your Files Into Cash.”

Description:
“Free and easy file upload. Earn money from uploading and sharing your files”

Web server:
Apache (PHP/5.6.19)

Facebook:
Likes:  1
Shares:  18
Comments:  1

Statistics are for the previous month.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.