See: http://urlquery.net/report.php?id=1498077559159
Adware application from IP reported: https://www.scumware.org/report/101.201.62.45.html
See download analyis here for -https://www.scumware.org/report/101.201.62.45.html @ http://www.rexswain.com/cgi-bin/httpview.cgi
errors: http://www.dnsinspect.com/tudown.com/10134925
but → Content-Disposition:·attachment;·filename="%E4%B8%8B%E8%BD%BD%E5%99%A8.exe
Nameserver: http://toolbar.netcraft.com/site_report?url=dns9.hichina.com
Not available: http://whois.domaintools.com/tudown.com (8 registras spreading this,
so we do not know whether adware is from Alibaba or Kassim?
Consider: http://whois.domaintools.com/aliyun.com
Alibaba Cloud Abuse. → https://www.virustotal.com/pl/url/2529758889f981dc1db69879868ab2e7534347875ff311dbee9f0ee6f35978e3/analysis/1498081514/
Does avast detect in PUP-mode? → https://www.virustotal.com/pl/file/7ae28b45b927b1634bdae314b2569f9bd3383c20d61dd660d8d6f3f0289a5c35/analysis/1498073385/

polonus (volunteer website security analyst and website error-hunter)