home

playnow.vpsdomain4.eu

NOT DISCLOSED!  (Proxy Registrant)

Domain Information

The domain playnow.vpsdomain4.eu is registered by proxy through Internet.bs Corp.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon.com, Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Registrar:
Internet.bs Corp.

Server location:
Virginia, United States (US)

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.

Root domain:
vpsdomain4.eu

Whois:
1 vpsdomain4.eu record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
(M), DownloadManager.AirSoftware.F, PUP.Air Software.AirSoftware.Bundler (M), PUP.Air Software.AirSoftw.Bundler (M), PUP.Outbrowse.Bundler (M), PUP.NewMedia.NMH.Bundler (M), PUP.AdGazelle.Verified.Installer (M), PUP.Downloadius.Web.Installer (M), PUP.Air Software (M)
100.00%

Avira AntiVirus
ADWARE/Adware.Gen, Adware/AgentCV.A.6255, APPL/AirInstaller.F
56.25%

IKARUS anti.virus
Win32.SuspectCrc, Trojan.SuspectCRC
43.75%

NANO AntiVirus
Riskware.Win32.AirAdInstaller.cwbyev, Riskware.Win32.AirAdInstaller.cwanhi
43.75%

Qihoo 360 Security
Malware.QVM01.Gen
43.75%

Malwarebytes
PUP.Optional.AirAdInstaller
37.50%

avast!
Win32:Installer-L [PUP], Win32:Adware-gen [Adw]
37.50%

Agnitum Outpost
PUA.AirAd, PUA.AirAdInstaller
37.50%

Comodo Security
Application.Win32.AirAdInstaller.A, Application.Win32.AirAdInstaller.B
37.50%

Dr.Web
Trojan.SMSSend.4819, Trojan.SMSSend.4953
37.50%

VIPRE Antivirus
Iminent, Threat.4150696
37.50%

Sophos
AirInstaller
37.50%

AhnLab V3 Security
PUP/Win32.AirAdInstaller
37.50%

Rising Antivirus
PE:PUF.Airinstall!1.9C4C
37.50%

Vba32 AntiVirus
AdWare.AirAdInstaller.ajov
37.50%

The domain playnow.vpsdomain4.eu has been seen to resolve to the following 4 IP addresses.

208.43.10.6
208.43.10.6-static.reverse.softlayer.com
September 7, 2014

208.43.10.5
208.43.10.5-static.reverse.softlayer.com
June 5, 2014

184.73.247.179
ec2-184-73-247-179.compute-1.amazonaws.com
June 5, 2014

107.170.48.188
March 15, 2014

File downloads found at URLs served by playnow.vpsdomain4.eu.

1 / 68      (Adware)
http://playnow.vpsdomain4.eu/AIRmediaplayercpaBR.html  (setup.exe)

1 / 68      (Adware)
http://playnow.vpsdomain4.eu/AIRmediaplayercpaBR.html  (setup.exe)

1 / 68      (Adware)
http://playnow.vpsdomain4.eu/AIRmediaplayercpaBR.html  (setup.exe)

1 / 68      (Adware)
http://playnow.vpsdomain4.eu/AIRmediaplayercpaheaderFR.html  (setup.exe)

1 / 68      (Adware)
http://playnow.vpsdomain4.eu/AIRmediaplayercpaBR.html  (setup.exe)

1 / 68      (Adware)
http://playnow.vpsdomain4.eu/AIRsoftwarecpaBR.html  (setup.exe)

1 / 68      (Adware)
http://playnow.vpsdomain4.eu/AIRmediaplayercpaheaderFR.html  (setup.exe)

1 / 68      (Adware)
http://playnow.vpsdomain4.eu/AIRmediaplayercpaheaderFR.html  (setup.exe)

1 / 68      (Adware)
http://playnow.vpsdomain4.eu/AIRmediaplayercpaheaderFR.html  (setup.exe)

1 / 68      (Malware)
http://playnow.vpsdomain4.eu/AIRmediaplayercpaheaderFR.html  (wrap_oal.dll)

24 / 68    (Adware)
http://playnow.vpsdomain4.eu/AIRmediaplayercpaBR.html  (setup.exe)

30 / 68    (Adware)
http://playnow.vpsdomain4.eu/AIRmediaplayercpaCA.html  (setup.exe)

28 / 68    (Adware)
http://playnow.vpsdomain4.eu/AIRmediaplayercpaCA.html  (setup.exe)

28 / 68    (Adware)
http://playnow.vpsdomain4.eu/AIRmediaplayercpaCA.html  (setup.exe)

27 / 68    (Adware)
http://playnow.vpsdomain4.eu/AIRhdmediaJP.html  (setup.exe)

25 / 68    (Adware)
http://playnow.vpsdomain4.eu/AIRmediaplayercpaheaderFR.html  (setup.exe)

URL:
http://playnow.vpsdomain4.eu/

Title:
“Update”

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
Microsoft-IIS/7.5

Facebook:
Shares:  2

Alexa:
Global rank:  12,706

Statistics are for the previous month (Alexa statistics are for entire vpsdomain4.eu).

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.