www.wonderfuldownload.com

Corp New Ventures Services

Domain Information

The domain www.wonderfuldownload.com registered by Corp New Ventures Services was initially registered in January of 2015 through Moniker Online Services. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon.com, Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Registrar:
NOTSOFAMOUSNAMES.COM LLC

Server location:
Virginia, United States (US)

Create date:
Monday, January 19, 2015

Expires date:
Thursday, January 19, 2017

Updated date:
Monday, April 11, 2016

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US

Scanner detections:
Detections  (93% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.Amonetizeltd.EE, PUP.Installer.Amonetizeltd.DD, PUP.Installer.Amonetizeltd.h, PUP.Win.Reputation, Threat.Win.Reputation.IMP
93.33%

Malwarebytes
PUP.Optional.Amonetize, PUP.Optional.Monetizer
83.33%

Avira AntiVirus
ADWARE/Adware.Gen2
83.33%

avast!
Win32:Amonetize-F [PUP], Win32:Amonetize-AX [PUP], Win32:Amonetize-BJ [PUP]
80.00%

ESET NOD32
Win32/Amonetize.AD (variant), Win32/Amonetize.AG (variant), Win32/Amonetize.AO (variant), Win32/Amonetize.AS (variant)
76.67%

AhnLab V3 Security
PUP/Win32.Amonetiz
76.67%

Sophos
Amonetize
73.33%

Baidu Antivirus
Adware.Win32.Amonetize, Adware.Win32.ScrambleWrapper
73.33%

McAfee Web Gateway
Adware-Amonetize!837B29452906, Adware-Amonetize!ABB4E18C0F6D, Artemis!7050E7A1E35B, Heuristic.LooksLike.Win32.Suspicious.I
70.00%

McAfee
Adware-Amonetize!837B29452906, Adware-Amonetize!ABB4E18C0F6D, Artemis!7050E7A1E35B, Artemis!AF3BE0A2F776, Artemis!9037D4F76A3F, RDN/Generic PUP.x!c2a, Artemis!189B08670FA1, Artemis!E69D98308B58, PUP-FBM, PUP-FBM!F12E8D0B4991, PUP-FBM!116397B989EA
63.33%

Dr.Web
Adware.Downware.1655, Adware.Downware.3925, Adware.Downware.3868
63.33%

VIPRE Antivirus
Amonetize, Threat.4785227, Trojan.Win32.Generic
63.33%

AVG
MalSign.Generic, Generic_r, Adware Generic_r.MG
56.67%

Trend Micro House Call
TROJ_GEN.F47V0214, TROJ_GEN.F47V0219, TROJ_GEN.F47V0521, TROJ_GEN.F47V0513, TROJ_GEN.F47V0524, TROJ_GEN.F47V0525, TROJ_GEN.R0CBB01EO14
53.33%

Fortinet FortiGate
Riskware/Amonetize
53.33%

The domain www.wonderfuldownload.com has been seen to resolve to the following 8 IP addresses.

July 22, 2016

April 17, 2016

May 3, 2015

December 5, 2014

209.222.14.3.choopa.net
December 1, 2014

ec2-50-17-240-69.compute-1.amazonaws.com
May 23, 2014

ec2-107-21-115-114.compute-1.amazonaws.com
April 26, 2014

ec2-54-235-68-127.compute-1.amazonaws.com
April 26, 2014

File downloads found at URLs served by www.wonderfuldownload.com.

 
Latest 30 of 56 download URLs

The following 8 files have been seen to comunicate with www.wonderfuldownload.com in live environments.

URL:
http://www.wonderfuldownload.com/

Google Analytics:
UA-19309218

Title:
“wonderfuldownload.com - This website is for sale! - wonderfuldownload Resources and Information.”

Title (12/1/2014):
“wonderfuldownload.com”

Title (5/3/2015):
“Wonderfuldownload.com”

Description:
“This website is for sale! wonderfuldownload.com is your first and best source for information about wonderfuldownload . Here you will also find topics relating to issues of general interest. We hope you find what you are looking for!”

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
nginx (PHP/5.3.3-7+squeeze28)

30 of 93 related domains