home

www.twonext.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain www.twonext.com is registered by proxy through GODADDY.COM, LLC and was originally registered in June of 2012. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Washington, District of Columbia within the United States which resides on the SoftLayer Technologies Inc. network.
Registrar:
GODADDY.COM, LLC

Server location:
District of Columbia, United States (US)

Create date:
Friday, June 1, 2012

Expires date:
Friday, June 1, 2018

Updated date:
Friday, December 19, 2014

ASN:
AS36351 SOFTLAYER - SoftLayer Technologies Inc.

Root domain:
twonext.com

Whois:
1 twonext.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Kaspersky
Trojan.Win32.Staser
100.00%

VIPRE Antivirus
Elex Installer
100.00%

AhnLab V3 Security
Trojan/Win32.Staser
100.00%

ESET NOD32
Win32/ELEX (variant)
100.00%

AVG
Startpage.A, Win32/Heur, Generic34, Win32/DH{AB41DCcoXSAiJQ}, MalSign.Generic, Banan.B, Skodna.Generic_c
100.00%

Reason Heuristics
PUP.Service.BanyanTreeTechnologyLimited.H, PUP.BanyanTreeTechnologyLimited.H
100.00%

Dr.Web
Adware.Mutabaha.20, Adware.Mutabaha.25, Adware.Mutabaha.15, Adware.Mutabaha.14, Adware.Siggen.25992
88.89%

K7 AntiVirus
Riskware , Trojan
77.78%

McAfee
Adware-Bprotect, PUP-FCT!640D75DC77F6, PUP-FCT!7D8DD3520A5B, PUP-FCT!E536D1CDE3F6, PUP-FCT!F31572C8035E, Artemis!3E08DD78844C
77.78%

Vba32 AntiVirus
Trojan.Staser, Backdoor.ZAccess
77.78%

Comodo Security
Heur.Suspicious, Application.Win32.Agent.~WY, Application.Win32.Elex.A, TrojWare.Win32.Agent.COC
66.67%

Fortinet FortiGate
Adware/Agent, W32/Staser.FV!tr
66.67%

Agnitum Outpost
Trojan.Staser, Trojan.Wysotot, Trojan.TPM
66.67%

Microsoft Security Essentials
Trojan:Win32/Wysotot.A, Trojan:Win32/Wysotot.C
66.67%

Boost by Reason
Optional.Service.BanyanTreeTechnologyLimited.H, Optional.BanyanTreeTechnologyLimited.H
55.56%

The domain www.twonext.com has been seen to resolve to the following IP address.

174.36.200.167
174.36.200.167-static.reverse.softlayer.com
January 5, 2016

File downloads found at URLs served by www.twonext.com.

36 / 68    (Adware)
http://www.twonext.com/download/.../eGdpSvc.exe  (dd8227b330a018de8e8a92dbd66f7912)

10 / 68    (Adware)
http://www.twonext.com/download/.../eGdpSvc.exe  (a048327067d7bab53402b0cdc5a11754)

29 / 68    (Adware)
http://www.twonext.com/download/.../eGdpSvc.exe  (0acf3e8f9f84b1007e4da72e8fa4eb96)

15 / 68    (Adware)
http://www.twonext.com/download/.../eGdpSvc.exe  (e536d1cde3f600f49d606aded29a50e2)

20 / 68    (Adware)
http://www.twonext.com/download/.../eGdpSvc.exe  (640d75dc77f6d0cfe654f7ea5bfe1421)

30 / 68    (Adware)
http://www.twonext.com/download/.../eGdpSvc.exe  (6ff3cfb85b18c032af8f242498dfc8d9)

11 / 68    (Adware)
http://www.twonext.com/download/.../eGdpSvc.exe  (7d8dd3520a5b113a248b4867492e7dfe)

20 / 68    (Adware)
http://www.twonext.com/download/.../eGdpSvc.exe  (f31572c8035eeb5cfecfe406925ebadd)

27 / 68    (Adware)
http://www.twonext.com/download/.../eGdpSvc.exe  (256f569179d786680cd216c0240a42d3)

The following 9 files have been seen to comunicate with www.twonext.com in live environments.

TCP » 174.36.200.167:80
Downloader.exe (V9 Downloader)

TCP » 174.36.200.167:80
gdpanalytics.exe (GdpAnalutics by Soft365)

TCP » 174.36.200.167:80
Downloader.exe (V9 Downloader)

TCP » 174.36.200.167:80
Downloader.exe (V9 Downloader)

TCP » 174.36.200.167:80
Downloader.exe (V9 Downloader)

TCP » 174.36.200.167:80
svcgdp.exe (V9Svc by Beijing ELEX Technology Co.)

TCP » 174.36.200.167:80
downloader.exe (Download4.0 Module)

TCP » 174.36.200.167:80
Downloader.exe (V9 Downloader)

TCP » 174.36.200.167:80
downloader.exe (Download4.0 Module)

282208.com

60boy.com

soft365.com

virus-delete.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.