home

downtoad.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain downtoad.com is registered by proxy through GODADDY.COM, LLC and was originally registered in April of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Beaumaris, Victoria within Australia which resides on the Asia Pacific Network Information Centre network.
Registrar:
GODADDY.COM, LLC

Server location:
Victoria, Australia (AU)

Create date:
Monday, April 22, 2013

Expires date:
Friday, April 22, 2016

Updated date:
Thursday, April 23, 2015

ASN:
AS133618 TRELLIAN-AS-AP Trellian Pty. Limited,AU

Whois:
2 downtoad.com records

Scanner detections:
Detections  (88% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.installCore, PUP.Installer.ironSource, PUP.Bundler.Air Software, PUP.installCore.Installer, PUP.installCore.DarwenMarketing.Installer (M), PUP.Vittalia.InstallAssistant.Installer (M), PUP.Air Software.DownloadAssistant.Bundler (M), PUP.installCore.DarwenMa.Installer (M), PUP.Vittalia.InstallH (M), PUP.Vittalia (M), PUP.Air Software (M)
91.67%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4786018, Threat.4782985, InstallCore
41.67%

Avira AntiVirus
ADWARE/InstallCore.Gen4, Adware/InstallCore.683840, TR/Crypt.XPACK.Gen, ADWARE/InstallCore.A.284, ADWARE/InstallCore.A.249
37.50%

ESET NOD32
Win32/InstallCore.UZ potentially unwanted application, Win32/InstallCore.WI potentially unwanted application, Win32/InstallCore.WQ potentially unwanted application, Win32/InstallCore.ADX.gen potentially unwanted application
33.33%

Baidu Antivirus
Adware.Win32.InstallCore
33.33%

ESET NOD32
Win32/InstallCore.WC potentially unwanted (variant), Win32/InstallCore.UZ (variant), Win32/InstallCore.WQ potentially unwanted (variant)
33.33%

K7 AntiVirus
Riskware , Trojan , Adware
25.00%

Fortinet FortiGate
W32/AdkDLLWrapper.A, Riskware/InstallCore
20.83%

Comodo Security
Application.Win32.FriedCookie.CIRK, Application.Win32.InstallCore.DWS, ApplicUnwnt, Application.Win32.DownloadAssistant.S
20.83%

AVG
Generic, InstallCore
20.83%

Trend Micro House Call
Suspicious_GEN.F47V0127, Suspicious_GEN.F47V0202, Suspicious_GEN.F47V0122, Suspicious_GEN.F47V0216, Suspicious_GEN.F47V0228
20.83%

Bkav FE
W32.Cloddfe.Trojan, W32.HfsAdware
16.67%

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
12.50%

Dr.Web
Trojan.InstallCore.39, Trojan.Vittalia.30
8.33%

G Data
Win32.Application.InstallCore.DI, Gen:Variant.Application.Bundler.AirInstaller
8.33%

The domain downtoad.com has been seen to resolve to the following 3 IP addresses.

103.224.182.241
lb-182-241.above.com
July 29, 2016

50.63.202.58
ip-50-63-202-58.ip.secureserver.net
May 22, 2016

70.32.68.113
aamoiaqmqe.c05.gridserver.com
June 13, 2014

File downloads found at URLs served by downtoad.com.

1 / 68      (Adware)
http://downtoad.com/landing/bing2/.../downloadfile.php  (Curse Client.exe)

1 / 68      (Adware)
http://downtoad.com/landing/bing2/.../download.php  (uTorrent.exe)

1 / 68      (Adware)
http://downtoad.com/landing/bing2/.../download.php  (uTorrent.exe)

9 / 68      (Adware)
http://downtoad.com/landing/bing2-uk/.../download.php  (adobe flash player setup.exe)

1 / 68
http://downtoad.com/landing/bing2-uk/.../download.php  (Minecraft.exe)

9 / 68      (Adware)
http://downtoad.com/landing/bing2-uk/.../download.php  (minecraft setup.exe)

1 / 68      (Adware)
http://downtoad.com/landing/bing2/.../download.php  (minecraft setup.exe)

10 / 68    (Adware)
http://downtoad.com/landing/google/.../download.php  (icreinstall_utorrent setup.exe)

8 / 68      (Adware)
http://downtoad.com/landing/google/.../download.php  (utorrent setup.exe)

4 / 68      (Adware)
http://downtoad.com/landing/google/.../download.php  (utorrent setup.exe)

1 / 68      (Adware)
http://downtoad.com/landing/bing2/.../downloadfile.php  (Windows Media Player.exe)

15 / 68    (Adware)
http://downtoad.com/landing/bing2/.../setup.php  (FrostWire Setup.exe)

2 / 68      (PUP)
http://downtoad.com/landing/google/.../download.php  (utorrent setup.exe)

9 / 68      (Adware)
http://downtoad.com/landing/google/.../download.php  (utorrent setup.exe)

4 / 68      (Adware)
http://downtoad.com/landing/google/utorrent/.../download.php  (utorrent setup.exe)

9 / 68      (Adware)
http://downtoad.com/landing/google/.../download.php  (icreinstall_utorrent setup.exe)

4 / 68
http://downtoad.com/landing/google/utorrent/.../download.php  (uTorrent.exe)

6 / 68      (Adware)
http://downtoad.com/landing/bing2/.../downloadfile.php  (Adobe Flash Player.exe)

6 / 68      (Adware)
http://downtoad.com/landing/bing2/.../downloadfile.php  (WinRAR.exe)

3 / 68      (Adware)
http://downtoad.com/landing/bing2-uk/.../download.php  (minecraft setup.exe)

2 / 68      (Adware)
http://downtoad.com/landing/bing2-uk/.../download.php  (adobe flash player setup.exe)

2 / 68      (Adware)
http://downtoad.com/landing/google/.../download.php  (samsung kies setup.exe)

3 / 68      (Adware)
http://downtoad.com/landing/google/.../download.php  (utorrent setup.exe)

9 / 68      (Adware)
http://downtoad.com/landing/bing2-uk/adobeflashplayer/.../download.php  (adobe flash player setup.exe)

4 / 68
http://downtoad.com/landing/google/.../download.php  (uTorrent.exe)

0 / 68
http://downtoad.com/landing/google/.../download.php  (utorrent setup.exe)

The following 89 files have been seen to comunicate with downtoad.com in live environments.

TCP » 50.63.202.58:80
googleupdate.exe13d7b73 (globalUpdate Update by globalUpdate)

TCP » 50.63.202.58:80
47987731-a12b-4f43-9174-d5cfd40e9863-5.exe (HighD-V1.8 by HighD)

TCP » 50.63.202.58:80
thetorntv v10-codedownloader.exe (TheTorntv V10 by esc)

TCP » 50.63.202.58:80
47987731-a12b-4f43-9174-d5cfd40e9863-4.exe (HighD-V1.8 by HighD)

TCP » 50.63.202.58:80
9f09f8b9-cdbe-44ca-bbdf-bf3be4be9166-4.exe (iWebar)

TCP » 50.63.202.58:80
iwebar-codedownloader.exe (iWebar)

TCP » 50.63.202.58:80
t0newplayerw38.exe

TCP » 50.63.202.58:80
af590b1c-bcea-4f80-8232-243b9a704930-4.exe (iWebar)

TCP » 103.224.182.241:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 50.63.202.58:80
hd-v1.9-codedownloader.exe (HD-V1.9 by InfoHD-V1.8)

TCP » 50.63.202.58:80
1d47d9cb-6231-4d32-abdf-dcfb883b99eb-11.exe (TheTorntv V10 by esc)

TCP » 103.224.182.241:80
uplus.exe (LoadMoneyWebSite)

TCP » 50.63.202.58:80
iwebar-codedownloader.exe (iWebar)

TCP » 50.63.202.58:80
sense-codedownloader.exe (Sense by Object Browser)

TCP » 50.63.202.58:80
online-guardian-v2.0.9.exe

TCP » 50.63.202.58:80
5702ee7b-f299-41c0-9f12-65dd713368b9-5.exe (HD-V1.9 by InfoHD-V1.8)

TCP » 50.63.202.58:80
6416ed14-b1ed-4ce1-9a35-de70afc193e3-11.exe (PlusVid by Phoenix Media)

TCP » 103.224.182.241:80
7tkkmsa v1.5.1.exe (KMS Activator by 7pm Tech)

TCP » 103.224.182.241:80
y03fd24.tmp

TCP » 50.63.202.58:80
9f09f8b9-cdbe-44ca-bbdf-bf3be4be9166-11.exe (iWebar)

 
Latest 20 of 92 files

January 3, 2016
cdn.downtoad.com

March 25, 2015
download.downtoad.com

September 22, 2014
software.downtoad.com

June 13, 2014
www.downtoad.com

URL:
http://downtoad.com/

Title:
“DownToad.com - Free Software Downloads”

Description:
“#”

Web server:
Apache/2.2.22

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.