www1.ww4.fb-hosting-apps.com

PERFECT PRIVACY, LLC  (Proxy Registrant)

Domain Information

The domain www1.ww4.fb-hosting-apps.com is registered by proxy through DOMAIN STOPOVER LLC and was originally registered in March of 2016. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Belfast, Northern Ireland within United Kingdom which resides on the RIPE Network Coordination Centre network.
Registrar:
DOMAIN STOPOVER LLC

Server location:
Northern Ireland, United Kingdom (GB)

Create date:
Wednesday, March 23, 2016

Expires date:
Thursday, March 23, 2017

Updated date:
Wednesday, March 23, 2016

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Win.Reputation.IMP, PUP.Installer.KOMPANIYAR.n, PUP.Amonetize.Bundler (M), Adware.Amonetize.Installer.Meta (M), Adware.Amonetize.AT (M)
95.92%

AhnLab V3 Security
PUP/Win32.Amonetiz
61.22%

Baidu Antivirus
Adware.Win32.Amonetize
61.22%

avast!
Win32:Amonetize-AX [PUP], Win32:Dropper-gen [Drp], Win32:Amonetize-BJ [PUP], Win32:Adware-gen [Adw], Win32:Amonetize-BX [PUP]
59.18%

Sophos
Amonetize, Virus 'W32/Ramnit-A'
57.14%

ESET NOD32
Win32/Amonetize.AO (variant), Win32/Amonetize.AS (variant), Win32/Amonetize.AW (variant), Win32/Amonetize.BG (variant)
57.14%

Avira AntiVirus
ADWARE/Adware.Gen2
53.06%

Malwarebytes
PUP.Optional.Amonetize, PUP.Optional.Amonetize.A, PUP.Optional.Monetizer
51.02%

AVG
Generic_r, Amonetize, BundleApp_r.R, Win32/Zbot.F, Adware Generic_r.OM
48.98%

McAfee
Artemis!DA2B823A2D32, Artemis!A29FEB5E45FD, Artemis!C66D39C64226, RDN/Generic PUP.x!cds, Artemis!7050E7A1E35B, PUP-FBM!A9E228F8ABC7, Artemis!AF0E5359F389, PUP-FBM!39E08FA9A510, PUP-FBM!8D4430211424, PUP-FBM!69197AEC1722, PUP-FBM!0729518DDEAF, PUP-FBM!FF207D9E04FF, PUP-FBM!19B373E7B425, PUP-FBM!B9EF78E1C7B3, PUP-FBM!2A6E1C116AD4, Artemis!209142A22B7B, PUP-FBM!F8D207785B0F, Artemis!BFFF8E1A7485
46.94%

McAfee Web Gateway
Artemis!DA2B823A2D32, Heuristic.LooksLike.Win32.Suspicious.I, Artemis!C66D39C64226, Artemis!B63CD33B18CE, Artemis!7050E7A1E35B
44.90%

Dr.Web
Adware.Downware.3547, Adware.Downware.3925, Adware.Downware.5717, Adware.Downware.5044, Adware.Downware.4356, Trojan.Amonetize.353
42.86%

VIPRE Antivirus
Trojan.Win32.Generic, Amonetize, Threat.4785227, Threat.4732184
42.86%

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Amonetize, Virus.Win32.Nimnul
38.78%

Rising Antivirus
PE:Malware.Adware!6.1890, PE:Malware.Adware!6.1574, PE:Malware.Adware!6.198D, PE:Trojan.Win32.Generic.16DFD497!383767703
38.78%

The domain www1.ww4.fb-hosting-apps.com has been seen to resolve to the following 11 IP addresses.

July 18, 2016

ec2-54-72-9-51.eu-west-1.compute.amazonaws.com
July 7, 2016

April 2, 2016

ns1.ibspark.com
January 27, 2016

unallocated.barefruit.co.uk
May 3, 2015

July 23, 2014

July 23, 2014

(CloudFlare)
June 20, 2014

(CloudFlare)
June 20, 2014

(CloudFlare)
May 13, 2014

(CloudFlare)
May 13, 2014

File downloads found at URLs served by www1.ww4.fb-hosting-apps.com.

 
Latest 30 of 418 download URLs

The following 578 files have been seen to comunicate with www1.ww4.fb-hosting-apps.com in live environments.

 
Latest 20 of 603 files

URL:
http://www1.ww4.fb-hosting-apps.com/

Title:
“fb-hosting-apps.com”

Web server:
nginx