aafs.ezdownloadpro.info

Rafael Leviev  (via a Proxy Registrant)

Domain Information

The domain aafs.ezdownloadpro.info is registered by proxy through Active Registrar, Inc. (R469-LRMS). This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Portland, Oregon within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Oregon) region datacenter. The domain is associated with the publisher Rafael Leviev who is located in Shfela, Israel.
Registrar:
Active Registrar, Inc. (R469-LRMS)

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:

Google Safe Browsing:
unwanted

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Win.Reputation.IMP
100.00%

ESET NOD32
Win32/Adware.MultiPlug.FC application, Win32/Adware.MultiPlug.FK application
100.00%

F-Secure
Gen:Variant.Adware.Mikey
80.00%

Dr.Web
Trojan.DownLoader12.35786, Trojan.DownLoader12.35867, Trojan.DownLoader12.35697
80.00%

Lavasoft Ad-Aware
Gen:Variant.Adware.Mikey.8516
80.00%

Emsisoft Anti-Malware
Gen:Variant.Adware.Mikey.8516
80.00%

avast!
Win32:MultiPlug-WR [PUP]
80.00%

McAfee
Trojan.PWS-Zbot.gen.ep
80.00%

Sophos
PUA 'MultiPlug' (of type Adware)
80.00%

MicroWorld eScan
Gen:Variant.Adware.Mikey.8516
80.00%

Malwarebytes
PUP.Optional.Unizeto
80.00%

Zillya! Antivirus
Adware.MultiPlug.Win32.225867, Adware.MultiPlug.Win32.225850, Adware.MultiPlug.Win32.225862
80.00%

K7 AntiVirus
Unwanted-Program
80.00%

Bitdefender
Gen:Variant.Adware.Mikey.8516
80.00%

F-Prot
W32/MultiPlug.H.gen
80.00%

The domain aafs.ezdownloadpro.info has been seen to resolve to the following 3 IP addresses.

September 15, 2016

ec2-54-69-228-231.us-west-2.compute.amazonaws.com
May 2, 2015

ec2-54-149-241-47.us-west-2.compute.amazonaws.com
May 2, 2015

File downloads found at URLs served by aafs.ezdownloadpro.info.

The following 3 files have been seen to comunicate with aafs.ezdownloadpro.info in live environments.

URL:
http://aafs.ezdownloadpro.info/

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
openresty