» g.zip2get.work
Overview
Analysis
IPs Addresses (2)
Downloads (1)
Network (1)

g.zip2get.work

Domain Information

Server location:

Oregon, United States (US)

ASN:

AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:

zip2get.work

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

Reason Heuristics

Threat.Win.Reputation.IMP

100.00%

F-Secure

Gen:Variant.Adware.MPlug

100.00%

avast!

Win32:MultiPlug-ZD [PUP]

100.00%

ESET NOD32

Win32/Adware.MultiPlug.IW application

100.00%

Lavasoft Ad-Aware

Gen:Variant.Adware.MPlug.38

100.00%

Emsisoft Anti-Malware

Gen:Variant.Adware.MPlug.38

100.00%

Sophos

PUA 'MultiPlug' (of type Adware)

100.00%

MicroWorld eScan

Gen:Variant.Adware.MPlug.38

100.00%

McAfee

MultiPlug-FXR

100.00%

Malwarebytes

PUP.Optional.MultiPlug

100.00%

K7 AntiVirus

Unwanted-Program

100.00%

NANO AntiVirus

Trojan.Win32.DownLoader12.dquqvq

100.00%

F-Prot

W32/S-6e476ff7

100.00%

Bitdefender

Gen:Variant.Adware.MPlug.38

100.00%

Avira AntiVirus

TR/Crypt.XPACK.Gen

100.00%

The domain g.zip2get.work has been seen to resolve to the following 2 IP addresses.

52.26.142.209

ec2-52-26-142-209.us-west-2.compute.amazonaws.com

July 1, 2015

52.11.167.137

ec2-52-11-167-137.us-west-2.compute.amazonaws.com

July 1, 2015

File downloads found at URLs served by g.zip2get.work.

22 / 68 (PUP)

http://g.zip2get.work/v21098?self_redirect=0&product_name= Pokemon - Emerald Version (U)&file_size=&product_title= Pokemon - Emerald Version (U)&installer_file_name= Pokemon - Emerald Version (U)&product_file_name= Pokemon - Emerald Version (U).zip&product_download_url=http://www.loveroms.com/r/Gameboy Advance/.../Pokemon - Emerald Version (U).zip (-pokemon - emerald version (u).exe)

The following file have been seen to comunicate with g.zip2get.work in live environments.

TCP » 52.11.167.137:80

download.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.