toolkitfreefast.com

WEB PICK - INTERNET HOLDINGS LTD  (via a Proxy Registrant)

Domain Information

This is WebPick Internet Holdings adware distribution test and deliver website where is generates adware bundles and provides distribution to its test clients. The domain toolkitfreefast.com is registered by proxy through NAME.COM, INC. and was originally registered in February of 2014. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform. The domain is associated with the publisher WEB PICK - INTERNET HOLDINGS LTD who is located in Ramat Hasharon, Israel.
Remove Malware from toolkitfreefast.com - Powered by Reason Core Security
Registrar:
NAME.COM, INC.

Server location:
Virginia, United States (US)

Create date:
Tuesday, February 25, 2014

Expires date:
Thursday, February 25, 2016

Updated date:
Friday, November 28, 2014

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Adware.WebPick.Installer.CC, Adware.WebPick.Installer.x, Adware.WebPick.Installer.l, Adware.WebPick.Installer.?, Adware.WebPick.Installer.AA, PUP.OlehAleksyuk.f, PUP.OlehAleksyuk.c, Adware.WebPick.Installer.y, Adware.WebPick.Installer.e, PUP.OlehAleksyuk.U, Adware.WebPick.Installer.m, Adware.WebPick.Installer.L, PUP.StanislavKabin.AA, Adware.WebPick.Installer.f, Adware.WebPick.Installer.p, Adware.WebPick.Installer.k, Adware.WebPick.Installer.u, Threat.Win.Reputation.IMP, PUP.StanislavKabin.N, Adware.AdInjector.Installer.WebPick, Adware.WebPick.Installer (M), PUP.WebPick.StanislavKabin (M), PUP.OlehAleksyuk (M)
90.24%

AVG
Generic5, Adware Generic5.BJRY, Adware Generic5.BJIZ, Adware Generic5.BGCS, Adware Generic_r.QP, Adware Generic5.BIEG, Adware Generic5.BJRU
68.29%

McAfee
MultiPlug, PUP-FHQ, PUP-FMK, PUP-FMH, CryptMplug, Program.MultiPlug, Program.MultiPlug-FOQ, Program.PUP-FHQ, Program.CryptMplug
65.85%

Malwarebytes
PUP.Optional.MultiPlug, PUP.Optional.InstalleRex, PUP.Optional.Multiplug, PUP.Optional.Installrex, PUP.Optional.InstallRex
65.85%

Avira AntiVirus
ADWARE/Adware.Gen4, Adware/InstallRex.fgw, Adware/MultiPlug.bfp, TR/Crypt.XPACK.Gen, TR/Kazy.324119.50, TR/Kazy.324119.29
65.85%

McAfee Web Gateway
MultiPlug, BehavesLike.Win32.Downloader.fc, BehavesLike.Win32.CryptDoma.cc, BehavesLike.Win32.Downloader.bc, BehavesLike.Win32.MPlug.bc
65.85%

Comodo Security
Application.Win32.GreenApp.RR, Application.Win32.InstalleRex.KG, Application.Win32.MultiPlug.PNU
63.41%

Kaspersky
Trojan.Win32.AntiFW, HEUR:Trojan.Win32.Generic, not-a-virus:AdWare.Win32.MultiPlug
63.41%

NANO AntiVirus
Riskware.Win32.InfoLeak.cvgqot, Trojan.Win32.XPACK.deopuj, Trojan.Win32.XPACK.demprr, Riskware.Win32.MultiPlug.debchp, Riskware.Win32.MultiPlug.ddytwh
63.41%

avast!
Win32:InstalleRex-CD [PUP], Win32:MultiPlug-DS [PUP], Win32:MultiPlug-DI [PUP], Win32:InstalleRex-CM [PUP], Win32:InstalleRex-CG [PUP]
60.98%

F-Prot
W32/InstallRex.B, W32/A-40c0358e, W32/A-bbddb9ba, W32/InstallRex.B.gen, W32/A-5c857854, W32/A-853b85bc, W32/A-90424497, W32/A-2d7ab1b7
60.98%

K7 AntiVirus
Unwanted-Program , Adware
60.98%

K7 Gateway Antivirus
Unwanted-Program , Trojan , Adware
60.98%

Vba32 AntiVirus
Downware.TSU, SScope.Adware.MultiPlug, Downware.MultiPlug.gen, AdWare.MultiPlug, AdWare.Agent
60.98%

Sophos
InstallRex, MultiPlug, PUA 'MultiPlug' (of type Adware), PUA 'InstallRex'
58.54%

The domain toolkitfreefast.com has been seen to resolve to the following 18 IP addresses.

ec2-52-27-166-51.us-west-2.compute.amazonaws.com
October 7, 2015

ec2-52-24-161-49.us-west-2.compute.amazonaws.com
June 30, 2015

ec2-54-148-67-213.us-west-2.compute.amazonaws.com
November 29, 2014

ec2-54-68-171-13.us-west-2.compute.amazonaws.com
November 29, 2014

ec2-54-68-85-18.us-west-2.compute.amazonaws.com
September 10, 2014

ec2-54-68-142-187.us-west-2.compute.amazonaws.com
September 10, 2014

ec2-54-167-174-238.compute-1.amazonaws.com
September 4, 2014

ec2-54-91-118-83.compute-1.amazonaws.com
September 2, 2014

ec2-54-213-175-182.us-west-2.compute.amazonaws.com
August 26, 2014

ec2-54-191-153-135.us-west-2.compute.amazonaws.com
August 26, 2014

ec2-54-191-209-50.us-west-2.compute.amazonaws.com
August 19, 2014

ec2-54-191-186-103.us-west-2.compute.amazonaws.com
July 23, 2014

ec2-54-191-83-149.us-west-2.compute.amazonaws.com
July 7, 2014

ec2-54-191-92-197.us-west-2.compute.amazonaws.com
July 7, 2014

ec2-54-191-42-81.us-west-2.compute.amazonaws.com
July 7, 2014

ec2-54-191-92-23.us-west-2.compute.amazonaws.com
July 7, 2014

ec2-54-187-76-32.us-west-2.compute.amazonaws.com
June 13, 2014

ec2-54-186-255-26.us-west-2.compute.amazonaws.com
April 25, 2014

File downloads found at URLs served by toolkitfreefast.com.

 
Latest 30 of 2,320 download URLs

URL:
http://toolkitfreefast.com/

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
ngx_openresty (PHP/5.4.37)

Facebook:
Shares:  2

Statistics above are for the previous month of November 2016.

Remove Malware from toolkitfreefast.com - Powered by Reason Core Security