www.bestflvplayer.net

Privacy Protection Service INC d/b/a PrivacyProtect.org  (Proxy Registrant)

Domain Information

The domain www.bestflvplayer.net is registered by proxy through PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM and was originally registered in April of 2012. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dublin, Dublin City within Ireland which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the EU (Ireland) region datacenter.
Registrar:
PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

Server location:
Dublin City, Ireland (IE)

Create date:
Monday, April 09, 2012

Expires date:
Sunday, April 09, 2017

Updated date:
Wednesday, March 30, 2016

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.

Root domain:

Scanner detections:
Detections  (96% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.ClickRunSoftware.F, (M), PUP.Coolapptech.F, Threat.Win.Reputation.IMP, PUP.InstallCore.Installer (M), PUP.installCore.Clickrunsoftware.Installer (M), PUP.installCore.CoolAppDownloads.Installer (M), PUP.installCore.Clickrun.Installer (M), PUP.InstallCore.RE.Installer (M), PUP.InstallCore.FC.Installer (M), PUP.InstallCore.RE11 (M), PUP.installCore.Coolappt.Installer (M), PUP.installCore (M)
87.23%

Dr.Web
Trojan.Packed.24524, Adware.InstallCore.43, Adware.InstallCore.45, Adware.MediaFinder.2, Adware.InstallCore.42, Adware.InstallCore.75, Adware.InstallCore.80
34.04%

VIPRE Antivirus
InstallCore, Click run software, Trojan.Win32.Generic, Threat.4754767, Threat.4150696
31.91%

F-Prot
W32/InstallCore.R3.gen, W32/Backdoor2.HMGG, W32/InstallCore.V2.gen, W32/InstallCore.G.gen, W32/InstallCore.N.gen, W32/InstallCore.P.gen
25.53%

Sophos
Install Core Click run software, PUA 'Install Core Click run software'
23.40%

avast!
Win32:InstallCore-AR [PUP], Win32:InstallCore-BE [PUP], Win32:InstallCore-GB [PUP], Win32:Malware-gen, Win32:Adware-gen [Adw]
21.28%

Trend Micro House Call
TROJ_GEN.F47V1112, TROJ_GEN.R0CBH0AJG13, TROJ_SPNR.0BIF12, ADW_INSTALLCORE, TROJ_SPNR.0BJF13, HV_INSTALLCORE_BK0835A2.TOMC
19.15%

Comodo Security
Application.Win32.Agent.AL, Application.Win32.WebToolbar.InstallCore.~A, UnclassifiedMalware, Application.Win32.ClickRun.J
19.15%

Avira AntiVirus
Adware/InstallCo.CH, APPL/Downloader.Gen6, ADWARE/InstallCore.Gen, PUA/InstallCore.Gen
19.15%

Kingsoft AntiVirus
Win32.Troj.Generic.a.(kcloud), Win32.Troj.InstallCore.(kcloud), Win32.Troj.InstallCore.a.(kcloud)
19.15%

ESET NOD32
Win32/InstallCore.CH (variant), Win32/InstallCore (variant), Win32/InstallCore.AB (variant), Win32/InstallCore.AL (variant)
19.15%

McAfee
Artemis!3EDAEDD65A2C, Artemis!39C4E0446E04, Artemis!F2812C9EBB76, Artemis!D2B27B023729, Artemis!F21D52928DD0, Artemis!EE1110BE52AF
19.15%

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
17.02%

K7 AntiVirus
Unwanted-Program , Trojan
17.02%

K7 Gateway Antivirus
Unwanted-Program , Adware , Trojan
17.02%

The domain www.bestflvplayer.net has been seen to resolve to the following 12 IP addresses.

ec2-54-194-169-19.eu-west-1.compute.amazonaws.com
June 19, 2015

ec2-54-72-121-228.eu-west-1.compute.amazonaws.com
June 19, 2015

ec2-54-229-24-120.eu-west-1.compute.amazonaws.com
June 19, 2015

ec2-54-72-149-41.eu-west-1.compute.amazonaws.com
April 11, 2014

ec2-54-246-208-251.eu-west-1.compute.amazonaws.com
April 11, 2014

ec2-54-72-141-38.eu-west-1.compute.amazonaws.com
April 11, 2014

ec2-54-244-249-150.us-west-2.compute.amazonaws.com
February 6, 2014

ec2-50-112-94-132.us-west-2.compute.amazonaws.com
February 6, 2014

ec2-50-112-240-188.us-west-2.compute.amazonaws.com
February 6, 2014

ec2-54-244-119-198.us-west-2.compute.amazonaws.com
November 16, 2013

ec2-54-244-119-191.us-west-2.compute.amazonaws.com
November 16, 2013

ec2-54-244-244-28.us-west-2.compute.amazonaws.com
November 16, 2013

File downloads found at URLs served by www.bestflvplayer.net.

1 / 68      (Malware)

1 / 68      (Malware)

0 / 68
http://www.bestflvplayer.net/.../FLVPlayerSetup_MMM.exe  (c7b2ea51f402ea0c39cc80e21e0eb539)

1 / 68      (Adware)

1 / 68      (Malware)

1 / 68      (Malware)

1 / 68      (Malware)

29 / 68    (PUP)