home

www.download-fast.net

Whois Privacy Corp.

Domain Information

The domain www.download-fast.net registered by Whois Privacy Corp. was initially registered in June of 2013 through INTERNET.BS CORP.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in San Francisco, California within the United States which resides on the CloudFlare, Inc. network. The domain uses the CloudFlare CDN, a distributed domain name server service which utilizes a number of reverse proxy IP Addresses (see below).
Registrar:
INTERNET.BS CORP.

Server location:
California, United States (US)

Create date:
Wednesday, June 19, 2013

Expires date:
Friday, June 19, 2015

Updated date:
Thursday, January 22, 2015

ASN:
AS13335 CLOUDFLARENET - CloudFlare, Inc.

Root domain:
download-fast.net

Whois:
2 download-fast.net records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.Amonetizeltd.?, PUP.Installer.Amonetizeltd.j, PUP.Installer.Amonetizeltd.F
100.00%

Malwarebytes
PUP.Optional.InstallMonetizer, PUP.Optional.Amonetize.A
100.00%

Sophos
Amonetize
100.00%

Dr.Web
Adware.Downware.1655, Adware.Downware.1528, Adware.Downware.2467
100.00%

VIPRE Antivirus
Amonetize
100.00%

ESET NOD32
Win32/Amonetize (variant), Win32/Amonetize.AJ (variant)
100.00%

McAfee
Artemis!0FA6618F5009, Artemis!EE825659E674
66.67%

Trend Micro House Call
TROJ_GEN.F47V1205, TROJ_GEN.F47V0409
66.67%

Avira AntiVirus
ADWARE/Adware.Gen2
66.67%

MicroWorld eScan
Gen:Variant.Graftor.122916
33.33%

K7 AntiVirus
Trojan
33.33%

Bitdefender
Gen:Variant.Graftor.122916
33.33%

Lavasoft Ad-Aware
Gen:Variant.Graftor.122916
33.33%

F-Secure
Gen:Variant.Graftor.122916
33.33%

G Data
Gen:Variant.Graftor.122916
33.33%

The domain www.download-fast.net has been seen to resolve to the following 3 IP addresses.

85.17.25.242
May 5, 2015

108.162.199.248
(CloudFlare)
February 7, 2014

108.162.198.248
(CloudFlare)
February 7, 2014

File downloads found at URLs served by www.download-fast.net.

16 / 68    (Adware)
http://www.download-fast.net/download.php?id=tocsik&title=Fun-Run-Money-Hack  (cmi8738pci6chlxhrtf3daudiodriverfree__2681_i178209098_il7568691.exe)

8 / 68      (Adware)
http://www.download-fast.net/download.php?title=Garritan ARIA Player 1.620-Torrent&id=ukrsot  (plants vs. zombies 2 theme__3215_il2117854.exe)

13 / 68    (Adware)
http://www.download-fast.net/download.php?title=Deer Hunter 2014 Hack&id=tocsik  (setup.exe)

8 / 68      (Adware)
http://www.download-fast.net/download.php?title=LennarDigital - Sylenth1 2.2.1.1 VSTi x86-Torrent&id=ukrsot  (plants vs. zombies 2 theme__3215_il2117854.exe)

The following file have been seen to comunicate with www.download-fast.net in live environments.

TCP » 85.17.25.242:80
sm.exe (System Monitor)

URL:
http://www.download-fast.net/

Title:
“Loading....”

Web server:
Microsoft-IIS/7.5 (ASP.NET) (Version: 4.0.30319)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.