This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon.com, Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Registrant:
Financeiro GrupoNZN
Server location:
Virginia, United States (US)
ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.
Scanner detections:
Detections (98% detected)
Scan engine
Details
Detections
Reason Heuristics
PUP.W32Setup.i, PUP.InstallCore.Bundler (M), PUP.installCore.WorldSetup (M), PUP.installCore.Binstall (M), PUP.installCore.W32Setup (M), PUP.installCore.MaxSetup (M), PUP.installCore.WorldSet (M), PUP.installCore.Extended (M), PUP.installCore.SDInterN (M), PUP.installCore.SoftInst (M), PUP.installCore (M)
100.00%
F-Prot
W32/A-90d5f9a4, W32/InstallCore.R.gen, W32/InstallCore.R3.gen
18.37%
McAfee
CryptInno, Artemis!9593039B498E, Artemis!FC8A7FCB52D5, Artemis!E49E98DD24D8, Artemis!E86A3A34F7DD, Artemis!4A45A08A55AA, Artemis!BCAC2336C7A7, Artemis!6AD78CF07C4F
16.33%
Trend Micro House Call
TROJ_GEN.R0CBC0EGH14, TROJ_GEN.F47V1010, TROJ_GEN.F47V1015, TROJ_GEN.F47V1004, TROJ_GEN.F47V1026, TROJ_GEN.F47V1006
16.33%
VIPRE Antivirus
Threat.5063361, InstallCore.b
16.33%
Avira AntiVirus
ADWARE/InstallCore.Gen9, ADWARE/InstallCore.Gen7
16.33%
Comodo Security
UnclassifiedMalware, ApplicUnwnt
14.29%
Dr.Web
Trojan.MulDrop5.10078, Adware.InstallCore.124
14.29%
Vba32 AntiVirus
Downware.InstallCore
14.29%
Malwarebytes
PUP.Optional.InstallCore.A
14.29%
SUPERAntiSpyware
PUP.InstallCore/Variant
14.29%
ESET NOD32
Win32/InstallCore.CU (variant)
14.29%
Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
14.29%
Bkav FE
W32.Clod055.Trojan, W32.Clodfce.Trojan, W32.Clod09b.Trojan, W32.Cloda66.Trojan
8.16%
ESET NOD32
Win32/InstallCore.ON potentially unwanted application, Win32/InstallCore.BX potentially unwanted application
4.08%
The domain esd.superdownloads.com.br has been seen to resolve to the following 21 IP addresses.
58.75.2da9.ip4.static.sl-reverse.com
June 3, 2016
ec2-107-23-21-160.compute-1.amazonaws.com
May 16, 2016
a23-0-160-83.deploy.static.akamaitechnologies.com
September 3, 2014
a23-0-160-25.deploy.static.akamaitechnologies.com
August 17, 2014
a23-0-160-42.deploy.static.akamaitechnologies.com
August 17, 2014
a23-15-9-153.deploy.static.akamaitechnologies.com
August 17, 2014
a23-15-9-161.deploy.static.akamaitechnologies.com
August 17, 2014
a23-15-7-147.deploy.static.akamaitechnologies.com
August 17, 2014
a23-15-7-152.deploy.static.akamaitechnologies.com
August 17, 2014
a23-67-243-33.deploy.static.akamaitechnologies.com
April 14, 2014
a23-67-244-176.deploy.static.akamaitechnologies.com
February 2, 2014
a23-67-244-200.deploy.static.akamaitechnologies.com
February 2, 2014
a96-17-197-25.deploy.akamaitechnologies.com
January 26, 2014
a96-17-197-34.deploy.akamaitechnologies.com
January 26, 2014
File downloads found at URLs served by esd.superdownloads.com.br.
Latest 30 of 134 download URLs
The following 446 files have been seen to comunicate with esd.superdownloads.com.br in live environments.
URL:
http://esd.superdownloads.com.br/
Network:
Amazon Web Services (AWS), running an EC2 instance