home

install.nznweb.com.br

Financeiro GrupoNZN

Domain Information

This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Server location:
Virginia, United States (US)

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US

Root domain:
nznweb.com.br

Whois:
2 nznweb.com.br records

Scanner detections:
Detections  (97% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Optional.DsNET.Atube.Installer.Meta, PUP.NoZebraNetworka.p, PUP.NoZebraNetworka.EE, PUP.NoZebraNetworka.W, PUP.NoZebraNetworka.h, PUP.NoZebraNetworka.V, (M), PUP.installCore.NoZebraNetworka (M), PUP.installCore.NoZebraN (M), PUP.installCore (M)
100.00%

ESET NOD32
Win32/Bundled.Toolbar.Ask (variant), Win32/InstallCore.PL (variant)
37.14%

Malwarebytes
PUP.Optional.Installcore
37.14%

K7 AntiVirus
Unwanted-Program , Trojan
37.14%

VIPRE Antivirus
Trojan.Win32.Generic, InstallCore, Threat.4150696
37.14%

AVG
Generic
37.14%

F-Prot
W32/InstallCore.AC.gen
31.43%

Baidu Antivirus
Adware.Win32.InstallCore
28.57%

McAfee
Artemis!ACA28E362058, Artemis!FD6CFFC44458, Artemis!391319947327, Artemis!2A14364D4CF7, Artemis!0BFBA468420E
22.86%

Avira AntiVirus
ADWARE/InstallCore.Gen9, Adware/InstallCore.ZR, ADWARE/InstallCore.Gen7
22.86%

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
17.14%

Sophos
Generic PUA LA, Install Core Click run software, PUA 'Install Core Click run software', Generic PUA HA, Generic PUA JL
14.29%

herdProtect (fuzzy)
a variant of 391088a0216a4d370530517f2669087318a1b0d1
8.57%

Rising Antivirus
PE:Trojan.Win32.Generic.174A015C!390725980, PE:Trojan.Win32.Generic.17768D74!393645428, PE:Trojan.Win32.Generic.17765B44!393632580
8.57%

Trend Micro House Call
Suspicious_GEN.F47V1006, Suspicious_GEN.F47V0927
8.57%

The domain install.nznweb.com.br has been seen to resolve to the following 14 IP addresses.

169.45.117.88
58.75.2da9.ip4.static.sl-reverse.com
April 13, 2016

52.7.52.225
ec2-52-7-52-225.compute-1.amazonaws.com
April 3, 2016

52.2.172.241
ec2-52-2-172-241.compute-1.amazonaws.com
April 3, 2016

52.72.168.219
ec2-52-72-168-219.compute-1.amazonaws.com
March 3, 2016

52.5.110.233
ec2-52-5-110-233.compute-1.amazonaws.com
March 3, 2016

52.71.178.39
ec2-52-71-178-39.compute-1.amazonaws.com
March 2, 2016

54.88.180.217
ec2-54-88-180-217.compute-1.amazonaws.com
February 1, 2016

54.86.244.182
ec2-54-86-244-182.compute-1.amazonaws.com
February 1, 2016

52.6.117.101
ec2-52-6-117-101.compute-1.amazonaws.com
October 26, 2015

52.1.165.70
ec2-52-1-165-70.compute-1.amazonaws.com
October 26, 2015

54.84.145.14
ec2-54-84-145-14.compute-1.amazonaws.com
December 2, 2014

54.88.6.212
ec2-54-88-6-212.compute-1.amazonaws.com
December 2, 2014

54.210.182.155
ec2-54-210-182-155.compute-1.amazonaws.com
November 17, 2014

54.165.220.75
ec2-54-165-220-75.compute-1.amazonaws.com
November 17, 2014

File downloads found at URLs served by install.nznweb.com.br.

1 / 68      (Adware)
http://install.nznweb.com.br/nocache/programas/urls/iron/.../easeus-mobisaver-free-22-22-4102903.exe  (easeus-mobisaver-free-4-6-build-2014-09-19-32-bits.exe)

10 / 68    (Adware)
http://install.nznweb.com.br/nocache/programas/urls/iron/.../winrar-74-9-4102903.exe  (winrar-5-11-32-bits.exe)

1 / 68      (Adware)
http://install.nznweb.com.br/nocache/programas/urls/iron/.../dj-audio-editor-73-01-4102903.exe  (dj-audio-editor-4-8-32-bits.exe)

1 / 68      (Adware)
http://install.nznweb.com.br/nocache/programas/urls/iron/.../authorsoft-usb-disk-storage-format-tool-7-12-4102992.exe  (authorsoft-usb-disk-storage-format-tool-5-0-32-bits.exe)

1 / 68      (Adware)
http://install.nznweb.com.br/nocache/programas/urls/iron/.../legendas-02-02-4102903.exe  (legendas-2-32-32-bits.exe)

1 / 68      (Adware)
http://install.nznweb.com.br/nocache/programas/urls/iron/.../audacity-portable-8-21-4102903.exe  (audacity-portable-2-0-5-32-bits.exe)

1 / 68      (Adware)
http://install.nznweb.com.br/nocache/programas/urls/iron/.../skype-44-6-4102011.exe  (skype-6-20-0-104-32-bits.exe)

0 / 68
http://install.nznweb.com.br/nocache/programas/urls/iron/.../photoscape-4-22-4102903.exe  (photoscape-3-7-32-bits.exe)

1 / 68      (Adware)
http://install.nznweb.com.br/nocache/programas/urls/iron/.../phoxo-82-22-4102903.exe  (phoxo-8-2-0-32-bits.exe)

12 / 68    (Adware)
http://install.nznweb.com.br/nocache/programas/urls/iron/.../mozilla-firefox-64-81-4102992.exe  (mozilla-firefox-32-0-3-32-bits.exe)

1 / 68      (Adware)
http://install.nznweb.com.br/nocache/programas/urls/iron/.../namebench-1-11-4102903.exe  (namebench-1-3-1-32-bits.exe)

1 / 68      (Adware)
http://install.nznweb.com.br/nocache/programas/urls/iron/.../internet-explorer-8-windows-vista--21-81-4102903.exe  (internet-explorer-8-windows-vista-final-32-bits.exe)

1 / 68      (Adware)
http://install.nznweb.com.br/nocache/programas/urls/iron/.../dvd-shrink-14-91-4102903.exe  (dvd-shrink-3-2-0-15-32-bits.exe)

1 / 68      (Adware)
http://install.nznweb.com.br/nocache/programas/urls/iron/.../bittorrent-turbo-accelerator-25-0-4102011.exe  (bittorrent-turbo-accelerator-3-9-0-32-bits.exe)

1 / 68      (Adware)
http://install.nznweb.com.br/nocache/programas/urls/iron/.../windows-photo-gallery-83-81-4102992.exe  (windows-photo-gallery-16-4-3522-0110-32-bits.exe)

1 / 68      (Malware)
http://install.nznweb.com.br/nocache/programas/urls/iron/.../windows-movie-maker-2-95-22-4102903.exe  (filehost_counter-strike go pro.exe)

11 / 68    (Adware)
http://install.nznweb.com.br/nocache/programas/urls/iron/.../atube-catcher-85-41-4102992.exe  (atube-catcher-3-8-7980-32-bits.exe)

11 / 68    (Adware)
http://install.nznweb.com.br/nocache/programas/urls/iron/.../atube-catcher-2-12-4102992.exe  (atube-catcher-3-8-7980-32-bits.exe)

1 / 68      (Adware)
http://install.nznweb.com.br/nocache/programas/urls/iron/.../doro-pdf-writer-61-02-4102903.exe  (doro-pdf-writer-1-92-32-bits.exe)

9 / 68      (Adware)
http://install.nznweb.com.br/nocache/programas/urls/iron/.../bittorrent-95-91-4102903.exe  (icreinstall_bittorrent-7-9-2-build-34312-32-bits.exe)

1 / 68      (Adware)
http://install.nznweb.com.br/nocache/programas/urls/iron/.../gom-player-03-22-4102903.exe  (gom-player-2-2-62-5209-32-bits.exe)

1 / 68      (Adware)
http://install.nznweb.com.br/nocache/programas/urls/iron/.../dynamic-photo-hdr-81-91-4102903.exe  (dynamic-photo-hdr-5-3-32-bits.exe)

13 / 68    (Adware)
http://install.nznweb.com.br/nocache/programas/urls/iron/.../photoscape-03-22-4102992.exe  (icreinstall_photoscape-3-7-32-bits.exe)

1 / 68      (Adware)
http://install.nznweb.com.br/nocache/programas/urls/iron/.../origin-63-41-4102903.exe  (origin-9-4-21-2812-32-bits.exe)

13 / 68    (Adware)
http://install.nznweb.com.br/nocache/programas/urls/iron/.../photoscape-83-12-4102903.exe  (icreinstall_photoscape-3-7-32-bits.exe)

1 / 68      (Adware)
http://install.nznweb.com.br/nocache/programas/urls/iron/.../sun-java-system-application-server-platform-edition-04-01-4102903.exe  (sun-java-system-application-server-platform-edition-8-2-32-bits.exe)

2 / 68      (PUP)
http://install.nznweb.com.br/nocache/programas/urls/iron/.../atube-catcher-83-91-4102992.exe  (atubecatcher.exe)

10 / 68    (Adware)
http://install.nznweb.com.br/nocache/programas/urls/iron/.../windows-movie-maker-7-51-4102903.exe  (windows-movie-maker-2012-16-4-3522-0110-32-bits.exe)

9 / 68      (Adware)
http://install.nznweb.com.br/nocache/programas/urls/iron/.../adobe-reader-3-91-4102992.exe  (icreinstall_adobe-reader-11-0-9-32-bits.exe)

13 / 68    (Adware)
http://install.nznweb.com.br/nocache/programas/urls/iron/.../photoscape-94-0-4102011.exe  (icreinstall_photoscape-3-7-32-bits.exe)

 
Latest 30 of 43 download URLs

The following file have been seen to comunicate with install.nznweb.com.br in live environments.

TCP » 169.45.117.88:80
UCBrowser.exe (UC Browser by UCWeb)

URL:
http://install.nznweb.com.br/

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
Microsoft-HTTPAPI/2.0

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.