home

a.fieldbest.info

Zakir Zakirov

Domain Information

This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dublin, Dublin City within Ireland which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the EU (Ireland) region datacenter.
Registrar:
Dynadot, LLC (R259-LRMS)

Server location:
Dublin City, Ireland (IE)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.

Root domain:
fieldbest.info

Whois:
1 fieldbest.info record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Adware.Amonetize (M)
66.67%

Dr.Web
infected with Trojan.Amonetize.4075
33.33%

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
33.33%

VIPRE Antivirus
Amonetize
33.33%

K7 AntiVirus
Unwanted-Program
33.33%

Arcabit
PUP.Adware.Amonetize.eal
33.33%

NANO AntiVirus
Riskware.Win32.Amonetize.dvuebx
33.33%

F-Prot
W32/Amonetize.X.gen
33.33%

ESET NOD32
Win32/Amonetize.HN potentially unwanted (variant)
33.33%

Trend Micro House Call
TROJ_GE.BD04F741
33.33%

Trend Micro
TROJ_GE.BD04F741
33.33%

Sophos
Generic PUA EJ (PUA)
33.33%

Avira AntiVirus
ADWARE/Amonetize.kpb
33.33%

G Data
Win32.Application.Agent.5KZEBV
33.33%

McAfee
Program.Artemis!C598B1918F6F
33.33%

The domain a.fieldbest.info has been seen to resolve to the following 4 IP addresses.

54.72.9.51
ec2-54-72-9-51.eu-west-1.compute.amazonaws.com
September 2, 2016

185.53.179.10
August 29, 2016

104.27.183.8
September 1, 2015

104.27.182.8
September 1, 2015

File downloads found at URLs served by a.fieldbest.info.

1 / 68      (PUP)
http://a.fieldbest.info/v20050?product_name=Key_Avast_Premier_To_2018&product_title=Key_Avast_Premier_To_2018&installer_file_name=Key_Avast_Premier_To_2018&product_file_name=Key_Avast_Premier_To_2018.rar&product_download_url=http://srv02.hulkload.com/files/0/.../Key Avast Premier To 2018.rar  (keyavastpremierto__15047_i1596615453_il1882602.exe.rar)

1 / 68      (PUP)
http://a.fieldbest.info/v20050?product_name=???????_????????&product_title=???????_????????&installer_file_name=???????_????????&product_file_name=???????_????????.rar&product_download_url=http://srv02.hulkload.com/files/9/.../??????? ????????.rar  (setup__15047_i1595497283_il1717987.exe.rar)

20 / 68    (PUP)
http://a.fieldbest.info/v20050?product_name=iphone_4s&product_title=iphone_4s&installer_file_name=iphone_4s&product_file_name=iphone_4s.exe&product_download_url=http://s1.hulkload.com/files/7/.../iphone_4s.exe  (iphones__15047_i1605841912_il2027194.exe.rar)

The following 215 files have been seen to comunicate with a.fieldbest.info in live environments.

TCP » 54.72.9.51:80
toolbarupdaterservice.exe

TCP » 54.72.9.51:80
hdnInstaller.exe (hdnInstaller)

TCP » 54.72.9.51:80
onedrvup.exe

TCP » 54.72.9.51:80
hdnInstaller.exe (hdnInstaller)

TCP » 54.72.9.51:80
247843.ftf (Optimizer Pro v3.2 by PC Utilities Software Limited)

TCP » 54.72.9.51:80
1799877.exe

TCP » 54.72.9.51:80
IEError.exe (IEError)

TCP » 54.72.9.51:80
install_flashplayer14x32_x64md_aaa_aih.exe (bon joueur)

TCP » 54.72.9.51:80
optimizerproinstaller.exe (Optimizer Pro v3.2 by PCUtilities Software Limited)

TCP » 54.72.9.51:80
charles.exe (by Apple)

TCP » 54.72.9.51:80
onedrv.exe

TCP » 54.72.9.51:80
IEError.exe (IEError)

TCP » 54.72.9.51:80
updater27793.exe (CouponDropDown Plugin by Innovative Apps)

TCP » 54.72.9.51:80
install_flashplayer16x33_masp_aaa_aih.exe (by Apple)

TCP » 54.72.9.51:80
toolbarupdaterservice.exe

TCP » 54.72.9.51:80
hdnInstaller.exe (hdnInstaller)

TCP » 54.72.9.51:80
g.jpg

TCP » 54.72.9.51:80
smlb.jpg

TCP » 54.72.9.51:80
smlb.jpg

TCP » 54.72.9.51:80
hqghumeaylnlf.exe (Optimizer Pro v3.2 by PC Utilities Software Limited)

 
Latest 20 of 219 files

URL:
http://a.fieldbest.info/

Network:
Amazon Web Services (AWS), running an EC2 instance

SSL certificate subject:
CN=sni111615.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
cloudflare-nginx (PHP/5.4.37)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.