www.idownloadplay.com

George Memphis

Domain Information

The domain www.idownloadplay.com registered by George Memphis was initially registered in January of 2014 through WILD WEST DOMAINS, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Registrar:
WILD WEST DOMAINS, LLC

Server location:
Virginia, United States (US)

Create date:
Thursday, January 09, 2014

Expires date:
Monday, January 09, 2017

Updated date:
Thursday, January 21, 2016

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc., US

Root domain:

Scanner detections:
Detections  (95% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.ZGameToolbarInstaller.VisicomMedia.M, PUP.DLSecureToolbarInstaller.VisicomMedia.P, PUP.Installer.Visicom, PUP.Visicom.VisicomMedia.Installer (M), Win32.Generic, PUP.Visicom.Toolbar.Installer.Meta (M), PUP.Visicom.VisicomM.Installer.Meta (M)
100.00%

Dr.Web
Tool.InstallToolbar.129, Adware.Toolbar.272, Adware.Toolbar.283, Adware.Shopper.489
42.11%

ESET NOD32
Win32/Toolbar.Visicom (variant), Win32/Toolbar.Visicom.A potentially unwanted (variant)
42.11%

McAfee
Artemis!00B6A8C35C6A, Artemis!B78A70A956AD, Artemis!407DF097C21F, Artemis!AB7A0A813215, Artemis!51720125B35F, Artemis!00A70059E1AD
31.58%

Trend Micro House Call
TROJ_GE.DAB0F271, TROJ_GEN.F47V1219, Suspicious_GEN.F47V1113, Suspicious_GEN.F47V1125, TROJ_GEN.R047H07BF15, Suspicious_GEN.F47V0201
31.58%

McAfee Web Gateway
Heuristic.BehavesLike.Win32.Suspicious-PKR.O, Artemis
31.58%

Malwarebytes
PUP.Optional.DLSecure.A
31.58%

Fortinet FortiGate
Riskware/Visicom, Riskware/Agent
26.32%

Agnitum Outpost
PUA.Toolbar.Visicom, PUA.Toolbar.Agent
15.79%

K7 Gateway Antivirus
Trojan , DoS-Trojan
10.53%

K7 AntiVirus
Trojan , Unwanted-Program
10.53%

Kaspersky
not-a-virus:WebToolbar.Win32.Agent
10.53%

NANO AntiVirus
Riskware.Nsis.Adware.dmihbl
10.53%

Antiy Labs AVL
RiskWare[WebToolbar:not-a-virus]/Win32.Agent, Trojan/Win32.TSGeneric
10.53%

VIPRE Antivirus
Trojan.Win32.Generic!SB.0
5.26%

The domain www.idownloadplay.com has been seen to resolve to the following 12 IP addresses.

ec2-52-7-27-12.compute-1.amazonaws.com
August 4, 2016

ec2-52-7-31-45.compute-1.amazonaws.com
June 28, 2016

ec2-52-72-131-1.compute-1.amazonaws.com
June 24, 2016

ec2-52-7-109-171.compute-1.amazonaws.com
May 25, 2016

ec2-54-165-84-201.compute-1.amazonaws.com
May 18, 2016

ec2-52-201-139-90.compute-1.amazonaws.com
May 17, 2016

ec2-52-86-66-240.compute-1.amazonaws.com
April 21, 2016

ec2-54-88-99-221.compute-1.amazonaws.com
April 20, 2016

ec2-54-174-46-104.compute-1.amazonaws.com
April 5, 2016

ec2-52-86-75-145.compute-1.amazonaws.com
April 2, 2016

ec2-52-21-167-199.compute-1.amazonaws.com
February 19, 2016

April 29, 2014

File downloads found at URLs served by www.idownloadplay.com.

1 / 68      (Adware)
http://www.idownloadplay.com/.../dlsecureTb_1.0.0.2.exe  (9b36020f6aeac1ddef154886f020cb67)

1 / 68      (Adware)
http://www.idownloadplay.com/.../dlsecureTb_1.0.4.1.exe  (a979d610ec4e3541673671a1e9ac0ce7)

1 / 68      (Malware)
http://www.idownloadplay.com/.../dlsecureTb_1.0.4.1.exe  (לא מאושר 367346.crdownload)

1 / 68      (Adware)
http://www.idownloadplay.com/.../dlsecureTb_1.0.1.5.exe  (3f86e2aa30b101316b468b952aa2d6aa)

1 / 68      (Adware)
http://www.idownloadplay.com/.../dlsecureTb_1.0.1.5.exe  (f4d89fd96d3cb14ab605d5d85dd8f796)

1 / 68      (Malware)

1 / 68      (Adware)
http://www.idownloadplay.com/.../dlsecureTb_1.0.1.5.exe  (5c0845df24432a3304f8308ca27ca72c)

1 / 68      (Adware)
http://www.idownloadplay.com/.../dlsecureTb_1.0.1.5.exe  (a66e30e06dabeaf92b215657f9eccad0)

13 / 68    (Adware)
http://www.idownloadplay.com/.../dlsecureTb_1.0.1.5.exe  (00a70059e1ad3c9d471b6ec78d6890fc)

20 / 68    (PUP)
http://www.idownloadplay.com/.../dlsecureTb_1.0.4.1.exe  (51720125b35fc99fc54fe3d534326cf9)

1 / 68      (Malware)

1 / 68      (Adware)
http://www.idownloadplay.com/.../dlsecureTb_1.5.0.1.exe  (67407b37d47d496fdd2440bcaa660524)

1 / 68      (PUP)
http://www.idownloadplay.com/.../dlsecureTb_1.5.0.1.exe  (d6b60781b82c5c989e83cbf3f32b1387)

9 / 68      (PUP)
http://www.idownloadplay.com/.../dlsecureTb_1.0.1.5.exe  (ab7a0a813215575d287c738ac8cc8a84)

9 / 68      (PUP)
http://www.idownloadplay.com/.../dlsecureTb_1.0.1.3.exe  (407df097c21f4b6f2bb63858f8562cd2)

4 / 68      (PUP)
http://www.idownloadplay.com/.../dlsecureTb_1.0.1.2.exe  (8190a2b9da27b453f84789505d9f35f8)

7 / 68      (PUP)
http://www.idownloadplay.com/.../dlsecureTb_1.0.1.0.exe  (b78a70a956adb2d42dce026cc0f6f7bb)

4 / 68      (PUP)
http://www.idownloadplay.com/.../dlsecureTb_1.0.0.2.exe  (8fad8d914514025e79b99a7cc8e4bf60)

9 / 68      (PUP)
http://www.idownloadplay.com/.../z_downloader.exe  (00b6a8c35c6a868d53b29cfec94da42e)

URL:
http://www.idownloadplay.com/

Title:
“#1 Search Engine - idownloadplay”

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
nginx/1.9.10 (PHP/5.5.9-1ubuntu4.14)

Facebook:
Shares:  9
Comments:  4

Statistics are for the previous month.