esd.superdownloads.com.br

Financeiro GrupoNZN

Domain Information

This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon.com, Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Server location:
Virginia, United States (US)

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.

Scanner detections:
Detections  (98% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.W32Setup.i, PUP.InstallCore.Bundler (M), PUP.installCore.WorldSetup (M), PUP.installCore.Binstall (M), PUP.installCore.W32Setup (M), PUP.installCore.MaxSetup (M), PUP.installCore.WorldSet (M), PUP.installCore.Extended (M), PUP.installCore.SDInterN (M), PUP.installCore.SoftInst (M), PUP.installCore (M)
100.00%

F-Prot
W32/A-90d5f9a4, W32/InstallCore.R.gen, W32/InstallCore.R3.gen
18.37%

McAfee
CryptInno, Artemis!9593039B498E, Artemis!FC8A7FCB52D5, Artemis!E49E98DD24D8, Artemis!E86A3A34F7DD, Artemis!4A45A08A55AA, Artemis!BCAC2336C7A7, Artemis!6AD78CF07C4F
16.33%

Trend Micro House Call
TROJ_GEN.R0CBC0EGH14, TROJ_GEN.F47V1010, TROJ_GEN.F47V1015, TROJ_GEN.F47V1004, TROJ_GEN.F47V1026, TROJ_GEN.F47V1006
16.33%

VIPRE Antivirus
Threat.5063361, InstallCore.b
16.33%

Avira AntiVirus
ADWARE/InstallCore.Gen9, ADWARE/InstallCore.Gen7
16.33%

McAfee Web Gateway
CryptInno, Artemis!9593039B498E, Artemis!FC8A7FCB52D5, Artemis!E49E98DD24D8, Artemis!E86A3A34F7DD, Artemis!4A45A08A55AA
16.33%

Comodo Security
UnclassifiedMalware, ApplicUnwnt
14.29%

Dr.Web
Trojan.MulDrop5.10078, Adware.InstallCore.124
14.29%

Vba32 AntiVirus
Downware.InstallCore
14.29%

Malwarebytes
PUP.Optional.InstallCore.A
14.29%

SUPERAntiSpyware
PUP.InstallCore/Variant
14.29%

ESET NOD32
Win32/InstallCore.CU (variant)
14.29%

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
14.29%

Bkav FE
W32.Clod055.Trojan, W32.Clodfce.Trojan, W32.Clod09b.Trojan, W32.Cloda66.Trojan
8.16%

The domain esd.superdownloads.com.br has been seen to resolve to the following 21 IP addresses.

58.75.2da9.ip4.static.sl-reverse.com
June 3, 2016

ec2-107-23-21-160.compute-1.amazonaws.com
May 16, 2016

a23-0-160-83.deploy.static.akamaitechnologies.com
September 3, 2014

a23-0-160-25.deploy.static.akamaitechnologies.com
August 17, 2014

a23-0-160-42.deploy.static.akamaitechnologies.com
August 17, 2014

a23-15-9-153.deploy.static.akamaitechnologies.com
August 17, 2014

a23-15-9-161.deploy.static.akamaitechnologies.com
August 17, 2014

a23-15-7-147.deploy.static.akamaitechnologies.com
August 17, 2014

a23-15-7-152.deploy.static.akamaitechnologies.com
August 17, 2014

May 31, 2014

a23-67-243-33.deploy.static.akamaitechnologies.com
April 14, 2014

a23-67-244-176.deploy.static.akamaitechnologies.com
February 2, 2014

a23-67-244-200.deploy.static.akamaitechnologies.com
February 2, 2014

a96-17-197-25.deploy.akamaitechnologies.com
January 26, 2014

a96-17-197-34.deploy.akamaitechnologies.com
January 26, 2014

January 22, 2014

January 22, 2014

December 25, 2013

December 25, 2013

December 22, 2013

December 22, 2013

File downloads found at URLs served by esd.superdownloads.com.br.

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

 
Latest 30 of 134 download URLs

The following 446 files have been seen to comunicate with esd.superdownloads.com.br in live environments.

 
Latest 20 of 459 files

URL:
http://esd.superdownloads.com.br/

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
Apache