home

www.dtdownloads.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain www.dtdownloads.com is registered by proxy through GODADDY.COM, LLC and was originally registered in August of 2011. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Portland, Oregon within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Oregon) region datacenter.
Registrar:
GODADDY.COM, LLC

Server location:
Oregon, United States (US)

Create date:
Friday, August 12, 2011

Expires date:
Wednesday, August 12, 2015

Updated date:
Monday, April 27, 2015

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
dtdownloads.com

Whois:
1 dtdownloads.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Bundler.Tightrope, PUP.Tightrope.Bundler, PUP.Tightrope.PourOver.Bundler (M), PUP.Tightrope.Blueis.Bundler (M), PUP.TightRope.Bundler.Installer.Meta (M)
100.00%

Sophos
Generic PUA JL, Generic PUA FH
60.00%

Avira AntiVirus
APPL/DownAdmin.prfb, PUA/DownloadAdmin.P
60.00%

G Data
Win32.Application.DownloadAdmin, Win32.Application.Agent.9M59CV
60.00%

Total Defense
Win32/Tnega.TNECKHC
60.00%

Vba32 AntiVirus
Downloader.Agent
60.00%

Fortinet FortiGate
Riskware/DownloadAdmin
60.00%

AVG
Generic
60.00%

McAfee
Artemis!4F831B9A0134, Artemis!549B160834CD
40.00%

K7 AntiVirus
Adware
40.00%

Trend Micro House Call
TROJ_GEN.R0C1C0ED115, TROJ_GEN.F0C2C00DC15
40.00%

avast!
Win32:DownloadAdmin-H [PUP]
40.00%

NANO AntiVirus
Trojan.Win32.XPACK.dprfbr
40.00%

Comodo Security
Application.Win32.DownloadAdmin.DAGL
40.00%

Dr.Web
Trojan.Vittalia.27
40.00%

The domain www.dtdownloads.com has been seen to resolve to the following IP address.

52.10.87.100
ec2-52-10-87-100.us-west-2.compute.amazonaws.com
June 19, 2015

File downloads found at URLs served by www.dtdownloads.com.

1 / 68      (PUP)
http://www.dtdownloads.com/f5/.../vlcmediaplayer-setup.exe  (f048f50c3fd5f42937fe318b4039f8e4)

1 / 68      (Adware)
http://www.dtdownloads.com/f5/.../vlcmediaplayer-setup.exe  (c8eb639a0353797f0386fdbf2c4e241f)

1 / 68      (Adware)
http://www.dtdownloads.com/f5/.../vlcmediaplayer-setup.exe  (7cf2e98fa5ba4cc2e81c8afde4987110)

26 / 68    (Adware)
http://www.dtdownloads.com/f5/.../vlcmediaplayer-setup.exe  (549b160834cdc384445a75effe9f074d)

29 / 68    (Adware)
http://www.dtdownloads.com/f5/.../vlcmediaplayer-setup.exe  (4f831b9a01340ee51cedc5799a842127)

The following 11 files have been seen to comunicate with www.dtdownloads.com in live environments.

TCP » 52.10.87.100:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.10.87.100:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.10.87.100:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.10.87.100:80
pi1vgjqw.exe

TCP » 52.10.87.100:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.10.87.100:80
UCBrowser.exe (by UCWeb)

TCP » 52.10.87.100:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.10.87.100:80
UCBrowser.exe (by UCWeb)

TCP » 52.10.87.100:80
Client.exe

TCP » 52.10.87.100:80
ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 52.10.87.100:80
WajamInternetEnhancer.exe (Wajam Internet Enhancer by Wajam Internet Technologies)

URL:
http://www.dtdownloads.com/

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
Apache

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.