The domain download.ez-downloads.com is registered by proxy through ENOM, INC. and was originally registered in March of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Strasbourg, Alsace within France which resides on the RIPE Network Coordination Centre network.
Registrant:
WHOISGUARD, INC.
Server location:
Alsace, France (FR)
Create date:
Friday, March 14, 2014
Expires date:
Tuesday, March 14, 2017
Updated date:
Monday, March 14, 2016
ASN:
AS8972 PLUSSERVER-AS PlusServer AG,DE
Scanner detections:
Detections (100% detected)
Scan engine
Details
Detections
Reason Heuristics
DownloadManager.AirSoftware.F, PUP.Optional.Installer.F, PUP.Installer.InstallManager.F, PUP.Installer.InstallManager.P, PUP.Installer.Fileangels.F, PUP.Installer.InstallManager.J, PUP.Adknowledge.InstallManager.Installer (M), PUP.AdKnowledge.Bundler.Installer.Meta (M), PUP.Air Software.AirSoftw.Bundler (M), PUP.Adknowledge.InstallM.Installer (M), PUP.Adknowledge (M)
95.65%
Malwarebytes
PUP.Optional.AirInstaller, PUP.Optional.OutBrowse, PUP.Optional.AirAdInstaller, PUP.Optional.OptimumInstaller.A
52.17%
VIPRE Antivirus
Iminent, OutBrowse, Threat.4665102, Threat.4784938, Threat.4778314, Threat.4150696
52.17%
avast!
Win32:Installer-L [PUP], Win32:Adware-BZI [PUP], Adware-gen [Adw]
47.83%
Dr.Web
Adware.Downware.2035, Trojan.SMSSend.5492, Trojan.SMSSend.5436, Trojan.SMSSend.5502, Adware.iBryte.473, Trojan.SMSSend.5402
47.83%
Sophos
AirInstaller, iBryte Optimum Installer
47.83%
Rising Antivirus
PE:PUF.Airinstall!1.9C4C, PE:Malware.iBryte!6.192B
47.83%
Agnitum Outpost
PUA.AirAd, PUA.AirAdInstaller, PUA.Agent
47.83%
Avira AntiVirus
ADWARE/Adware.Gen, ADWARE/Adware.Gen7
47.83%
Vba32 AntiVirus
AdWare.AirAdInstaller.ajov, AdWare.iBryte
47.83%
IKARUS anti.virus
Win32.Malware, not-a-virus:AdWare.AirAdInstaller, PUA.AirAdInstaller, AdWare.iBryte
47.83%
AVG
Generic_r, Adware BundleApp_r, Adware AdPlugin
47.83%
K7 AntiVirus
Unwanted-Program
47.83%
NANO AntiVirus
Riskware.Win32.AirAdInstaller.cwbkcs, Riskware.Win32.AirAdInstaller.deblit, Trojan.Win32.SMSSend.ddvfxt, Trojan.Win32.Agent.cxjjsz
47.83%
MicroWorld eScan
Dropped:Adware.Generic.955625, Gen:Variant.Application.Bundler.Graftor.155900, Gen:Variant.Adware.Graftor.153852, Application.Bundler.Agent.B
47.83%
The domain download.ez-downloads.com has been seen to resolve to the following 6 IP addresses.
static-ip-62-75-207-166.inaddr.ip-pool.com
April 2, 2016
108.168.218.35-static.reverse.softlayer.com
October 9, 2014
justice.airinstaller.com
September 27, 2014
173.192.195.228-static.reverse.softlayer.com
September 27, 2014
empire.airinstaller.com
September 4, 2014
chicago.airinstaller.com
April 4, 2014
File downloads found at URLs served by download.ez-downloads.com.
The following file have been seen to comunicate with download.ez-downloads.com in live environments.
URL:
http://download.ez-downloads.com/
Web server:
nginx/1.0.15 (PHP/5.3.3)