» download.doubletwist.com
Overview
Analysis
IPs Addresses (22)
Downloads (27)
Network (70)
Website Detail

download.doubletwist.com

doubleTwist Corporation

Domain Information

The domain download.doubletwist.com registered by doubleTwist Corporation was initially registered in September of 2004 through Moniker Online Services. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dublin, Dublin City within Ireland which resides on the RIPE Network Coordination Centre network. The domain uses the Amazon Web Services (AWS) cloud computing platform.

Registrant:

doubleTwist Corporation

Registrar:

Moniker Online Services

Server location:

Dublin City, Ireland (IE)

Create date:

Thursday, September 30, 2004

Expires date:

Monday, September 30, 2019

Updated date:

Monday, August 4, 2014

ASN:

AS16509 AMAZON-02 - Amazon.com, Inc.

Root domain:

doubletwist.com

Whois:

3 doubletwist.com records

Scanner detections:

Detections (96% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.Installer.doubleTwistCorporation.Q, PUP.Installer.doubleTwistCorporation.U, PUP.doubleTwistCorporation.K, PUP.doubleTwistCorporation.L, PUP.Installer.doubleTwistCorporation.T, PUP.doubleTwistCorporation.Installer (M), PUP.Installer.doubleTwistCorporation.Y, PUP.Installer.doubleTwistCorporation.X

95.83%

ESET NOD32

Win32/OpenCandy, Win32/OpenCandy.C potentially unsafe (variant)

41.67%

Malwarebytes

PUP.Optional.OpenCandy

41.67%

Kaspersky

not-a-virus:AdWare.Win32.OpenCandy, Trojan.Win32.Crypt

29.17%

Vba32 AntiVirus

AdWare.OpenCandy

25.00%

Rising Antivirus

PE:PUF.OpenCandy!1.9DE5

25.00%

K7 AntiVirus

Unwanted-Program , Riskware , Trojan

25.00%

Fortinet FortiGate

Adware/OpenCandy, W32/Crypt.CSB!tr, W32/Adware_fam.NB, Riskware/OpenCandy

25.00%

Trend Micro House Call

TROJ_GEN.F47V1105, TROJ_GEN.F47V0215, ADW_OPENCANDY, Suspicious_GEN.F47V0204

16.67%

Quick Heal

Trojan.Crypt.csb, Adware.OpenCandy.c (Not a Virus), AdWare.OpenCandy.g5 (Not a Virus)

12.50%

IKARUS anti.virus

Trojan.Win32.Crypt, not-a-virus:AdWare.Win32

12.50%

Baidu Antivirus

Trojan.Win32.Crypt, Trojan.Win32.OpenCandy

8.33%

Agnitum Outpost

PUA.OpenCandy

8.33%

XVirus List

Win32.Detected

8.33%

G Data

Win32.Adware.OpenCandy

8.33%

The domain download.doubletwist.com has been seen to resolve to the following 22 IP addresses.

54.231.12.161

s3-1-w.amazonaws.com

May 26, 2016

54.231.82.251

s3-1-w.amazonaws.com

April 19, 2016

54.231.80.160

s3-1-w.amazonaws.com

April 14, 2016

54.231.49.130

s3-1-w.amazonaws.com

February 23, 2016

54.231.0.177

January 5, 2016

54.231.114.170

s3-1-w.amazonaws.com

January 5, 2016

54.231.10.105

s3-1-w.amazonaws.com

January 4, 2016

54.231.48.128

s3-1-w.amazonaws.com

January 4, 2016

54.231.9.33

s3-1-w.amazonaws.com

January 4, 2016

54.231.114.146

s3-1-w.amazonaws.com

January 3, 2016

54.231.18.201

s3-1-w.amazonaws.com

July 16, 2015

54.231.10.129

s3-1-w.amazonaws.com

May 5, 2015

54.231.0.233

s3-1-w.amazonaws.com

May 5, 2015

54.231.13.17

s3-1-w.amazonaws.com

May 4, 2015

54.231.13.113

May 3, 2015

54.231.16.73

s3-1-w.amazonaws.com

September 2, 2014

207.171.163.132

s3-1-w.amazonaws.com

July 10, 2014

176.32.99.47

s3-1-w.amazonaws.com

May 21, 2014

176.32.99.104

s3-1-w.amazonaws.com

April 29, 2014

176.32.102.89

s3-1-w.amazonaws.com

April 25, 2014

207.171.163.226

s3-1-w.amazonaws.com

March 14, 2014

72.21.214.160

s3-1-w.amazonaws.com

August 4, 2013

File downloads found at URLs served by download.doubletwist.com.

1 / 68 (PUP)

http://download.doubletwist.com/doubleTwistSetup.exe (doubletwistsetupfull.exe)

1 / 68 (PUP)

http://download.doubletwist.com/.../doubleTwistSetupFull.exe (d8e74e65c2172416700bd5754d03e8ee)

1 / 68 (PUP)

http://download.doubletwist.com/.../ffdshow.exe (5a4b39f4faf3164ebd77a6820847a4ae)

1 / 68 (PUP)

http://download.doubletwist.com/.../Application.exe (7cd5fc5eb56a34304622f7f169228309)

9 / 68 (PUP)

http://download.doubletwist.com/.../Database.exe (0528394195e045205c606903ec1ac13f)

1 / 68 (PUP)

http://download.doubletwist.com/.../ThirdParty.exe (d918ec6b9e4d3a9cb4816a588b9a50c2)

0 / 68

http://download.doubletwist.com/.../vcredist_x86.exe (5689d43c3b201dd3810fa3bba4a6476a)

1 / 68 (PUP)

http://download.doubletwist.com/.../Application.exe (ba7e1cc293ce38a10593c1104b8fac5f)

5 / 68 (PUP)

http://download.doubletwist.com/.../Database.exe (4c0ad27d96c5869aaebd6329ae52a1a5)

1 / 68 (PUP)

http://download.doubletwist.com/.../ThirdParty.exe (5eff5873b04c08b9624e27f4cfc8b2a7)

1 / 68 (PUP)

http://download.doubletwist.com/.../ffdshow.exe (8060926a26bd553ee4c4b992c039eaba)

1 / 68 (PUP)

http://download.doubletwist.com/doubleTwistSetup.exe (2bdd1bfbf6c3e7a27a64b48c92dd9c46)

1 / 68 (PUP)

http://download.doubletwist.com/doubleTwistSetup.exe (86fbaaff290b8df72706d799ef6a0839)

1 / 68 (PUP)

http://download.doubletwist.com/doubleTwistSetup.exe (doubletwist313setup.exe)

7 / 68 (PUP)

http://download.doubletwist.com/.../doubleTwistSetupFull.exe (8cdaa8280b36bd96a296538de10cb564)

1 / 68 (PUP)

http://download.doubletwist.com/doubleTwistSetup.exe (doubletwistsetup_3.0.0.6339.exe)

14 / 68 (PUP)

http://download.doubletwist.com/doubleTwistSetup.exe (b00e55596c022249488ffabf5911eece)

5 / 68 (PUP)

http://download.doubletwist.com/.../doubleTwistSetupFull.exe (59ce5c0aace18c4e13c0684ae5a2df5b)

3 / 68 (PUP)

http://download.doubletwist.com/.../doubleTwistSetupFull.exe (74cc170a1bbce93ecf011eccba440597)

1 / 68 (PUP)

http://download.doubletwist.com/.../doubleTwistSetupFull.exe (81f1a8de0e9f52bbb6ff709fb9012dbf)

7 / 68 (PUP)

http://download.doubletwist.com/.../doubleTwistSetupFull.exe (0d8b671cc8a99c989a3e3a523c05f873)

7 / 68 (PUP)

http://download.doubletwist.com/doubleTwistSetup.exe (fc44368d41e37efc3ae810f35009de38)

7 / 68 (PUP)

http://download.doubletwist.com/windows/.../doubleTwistSetup.exe (c2e648c951463e67496c24de0995fac6)

10 / 68 (PUP)

http://download.doubletwist.com/doubleTwistSetup.exe (f784409249c116ba5eab9bfe8101e393)

8 / 68 (PUP)

http://download.doubletwist.com/.../doubleTwistSetupFull.exe (6d00a22b66a83a979d3906f43ba8f039)

9 / 68 (PUP)

http://download.doubletwist.com/.../doubleTwistSetupFull.exe (ba84e370ec10823e51c0170afec8e37e)

7 / 68 (PUP)

http://download.doubletwist.com/doubleTwistSetup.exe (c2e648c951463e67496c24de0995fac6)

The following 70 files have been seen to comunicate with download.doubletwist.com in live environments.

TCP » 54.231.114.146:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.231.49.130:443

UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.231.114.170:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.231.49.130:443

produpd.exe (produpd.exe by Vested Development, Inc)

TCP » 54.231.82.251:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.231.114.146:443

apptrailers.exe

TCP » 176.32.99.47:80

imf.exe (IObit Malware Fighter by IObit)

TCP » 54.231.114.146:443

online-guardian-v2.0.9.exe

TCP » 54.231.114.170:443

browserairexec.exe (BrowserAir by Goobzo)

TCP » 54.231.49.130:443

UCBrowser.exe (UC Browser by UCWeb)

TCP » 207.171.163.132:80

imf.exe (IObit Malware Fighter by IObit)

TCP » 54.231.114.170:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.231.82.251:443

UCBrowser.exe (UC Browser by UCWeb)

TCP » 176.32.99.104:80

imf.exe (IObit Malware Fighter by IObit)

TCP » 54.231.114.146:443

browser.exe (speed browser by Smart Applications)

TCP » 54.231.82.251:443

online-guardian-v2.0.9.exe

TCP » 176.32.102.89:80

imf.exe (IObit Malware Fighter by IObit)

TCP » 54.231.114.170:80

Weather.exe (WeatherBug Desktop by AWS Convergence Technologies)

TCP » 54.231.49.130:443

online-guardian-v2.0.9.exe

TCP » 54.231.82.251:443

UCBrowser.exe (UC Browser by UCWeb)

Latest 20 of 115 files

URL:

http://download.doubletwist.com/

Network:

Amazon Web Services (AWS)

Web server:

AmazonS3

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.