home

download-fast.net

Whois Privacy Corp.

Domain Information

The domain download-fast.net registered by Whois Privacy Corp. was initially registered in June of 2013 through INTERNET.BS CORP.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dublin, Dublin City within Ireland which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the EU (Ireland) region datacenter.
Registrar:
INTERNET.BS CORP.

Server location:
Dublin City, Ireland (IE)

Create date:
Wednesday, June 19, 2013

Expires date:
Friday, June 19, 2015

Updated date:
Thursday, January 22, 2015

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.

Whois:
3 download-fast.net records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

ESET NOD32
Win32/Amonetize (variant), Win32/Amonetize.AA (variant), Win32/Amonetize.AE (variant), Win32/Amonetize.AJ (variant)
100.00%

Malwarebytes
PUP.Optional.InstallMonetizer, PUP.Optional.Amonetize.A
100.00%

Sophos
Amonetize
100.00%

VIPRE Antivirus
Amonetize, Trojan.Win32.Generic
100.00%

Avira AntiVirus
ADWARE/Adware.Gen2
100.00%

McAfee
Artemis!0FA6618F5009, Adware-Amonetize!A217E1B02F92, Artemis!BB642371CFD8, Artemis!EE825659E674, Artemis!78AA7F4428FB, Adware-Amonetize!89E8D845DD8A, Adware-Amonetize!A522E0EDF274
87.50%

Trend Micro House Call
TROJ_GEN.F47V1205, TROJ_GEN.F47V0106, TROJ_GEN.F47V0206, TROJ_GEN.F47V0409, TROJ_GEN.F47V0102, TROJ_GEN.F47V1230
87.50%

Dr.Web
Adware.Downware.1655, Adware.Downware.1528, Adware.Downware.2467
87.50%

AhnLab V3 Security
PUP/Win32.Amonetiz
87.50%

Reason Heuristics
PUP.Installer.Amonetizeltd.?, PUP.Installer.Amonetizeltd.j, PUP.Installer.Amonetizeltd.F, PUP.Installer.Amonetizeltd., PUP.Installer.Amonetizeltd.FF
75.00%

AVG
Generic_r
75.00%

K7 AntiVirus
Trojan , Unwanted-Program
62.50%

Fortinet FortiGate
Riskware/Amonetize
62.50%

avast!
Win32:Amonetize-E [PUP], Win32:Amonetize-AM [PUP], Win32:Amonetize-AK [PUP], Win32:Amonetize-Q [PUP], Win32:Dropper-gen [Drp]
62.50%

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Amonetize
62.50%

The domain download-fast.net has been seen to resolve to the following 4 IP addresses.

85.17.25.242
May 5, 2015

54.72.9.51
ec2-54-72-9-51.eu-west-1.compute.amazonaws.com
September 3, 2014

108.162.199.248
(CloudFlare)
February 3, 2014

108.162.198.248
(CloudFlare)
February 3, 2014

File downloads found at URLs served by download-fast.net.

30 / 68    (Adware)
http://download-fast.net/b/download.php?id=gladd&title=Sonic Dash Hack v4.0.3&url=http://.../download.php?title=keyword_request&id=gladd  (scilors grooveshark__3502_il448.exe)

14 / 68    (PUP)
http://download-fast.net/.../download.php?id=eumariius&title=Realm of The Mad God Hack&url=google.ro  (downloader__3038_i577660040_il1681808.exe)

14 / 68    (PUP)
http://download-fast.net/.../download.php?id=eumariius&title=Realm of The Mad God Hack&url=google.ro  (downloader__3038_i577660040_il1681808.exe)

17 / 68    (Adware)
http://download-fast.net/b/download.php?id=farmec&title=Clash of Clans Tool 2013&url=http://.../PLaQyWQZdh  (revo uninstaller pro 3.0.1 full version crack is here !__2957_il17.exe)

17 / 68    (Adware)
http://download-fast.net/b/download.php?id=farmec&title=Clash of Clans Tool 2013&url=http://.../PLaQyWQZdh  (revo uninstaller pro 3.0.1 full version crack is here !__2957_il17.exe)

13 / 68    (Adware)
http://download-fast.net/.../download.php?id=popaytc  (setup.exe)

13 / 68    (Adware)
http://download-fast.net/b/download.php?id=bratua33&title=Fifa 14 KeyGen&url=http://software.com  (setup.exe)

13 / 68    (Adware)
http://download-fast.net/.../download.php?id=eumariius&title=BATTLE CAMP GOLD HACK&url=google.ro  (setup.exe)

11 / 68    (PUP)
http://download-fast.net/b/download.php?id=k3nshy&title=Tom Clancys Ghost Recon Future Soldier 1.8 Update&url=http://idlprovider.com/.../download.php?id=k3nshy  (cityville hack gold cash level xp energy__2681_i336505601_il2062201.exe)

8 / 68      (Adware)
http://download-fast.net/.../download.php?id=popaytc  (plants vs. zombies 2 theme__3215_il2117854.exe)

14 / 68    (Adware)
http://download-fast.net/b/download.php?id=newacc&title=HhearthstoneBetaKeyGenerator&url=Http://mysite.com  (internet download manager 6.18 build 11 latest version crack is here !__2957_il17.exe)

16 / 68    (Adware)
http://download-fast.net/b/download.php?id=socardea&title=SurveyKiller&url=http://.../download.php?title=keyword_request&id=socardea  (cmi8738pci6chlxhrtf3daudiodriverfree__2681_i178209098_il7568691.exe)

16 / 68    (Adware)
http://download-fast.net/b/download.php?id=CostynelUcV&title=Mighty Monsters Hack&url=http://.../  (cmi8738pci6chlxhrtf3daudiodriverfree__2681_i178209098_il7568691.exe)

The following 216 files have been seen to comunicate with download-fast.net in live environments.

TCP » 54.72.9.51:80
toolbarupdaterservice.exe

TCP » 54.72.9.51:80
hdnInstaller.exe (hdnInstaller)

TCP » 54.72.9.51:80
onedrvup.exe

TCP » 54.72.9.51:80
hdnInstaller.exe (hdnInstaller)

TCP » 54.72.9.51:80
247843.ftf (Optimizer Pro v3.2 by PC Utilities Software Limited)

TCP » 54.72.9.51:80
1799877.exe

TCP » 54.72.9.51:80
IEError.exe (IEError)

TCP » 54.72.9.51:80
install_flashplayer14x32_x64md_aaa_aih.exe (bon joueur)

TCP » 54.72.9.51:80
optimizerproinstaller.exe (Optimizer Pro v3.2 by PCUtilities Software Limited)

TCP » 54.72.9.51:80
charles.exe (by Apple)

TCP » 85.17.25.242:80
sm.exe (System Monitor)

TCP » 54.72.9.51:80
onedrv.exe

TCP » 54.72.9.51:80
IEError.exe (IEError)

TCP » 54.72.9.51:80
updater27793.exe (CouponDropDown Plugin by Innovative Apps)

TCP » 54.72.9.51:80
install_flashplayer16x33_masp_aaa_aih.exe (by Apple)

TCP » 54.72.9.51:80
toolbarupdaterservice.exe

TCP » 54.72.9.51:80
hdnInstaller.exe (hdnInstaller)

TCP » 54.72.9.51:80
g.jpg

TCP » 54.72.9.51:80
smlb.jpg

TCP » 54.72.9.51:80
smlb.jpg

 
Latest 20 of 220 files

February 7, 2014
www.download-fast.net

URL:
http://download-fast.net/

Title:
“Loading....”

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
Apache-Coyote/1.1

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.