install.nznweb.com.br

Financeiro GrupoNZN

Domain Information

This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Server location:
Virginia, United States (US)

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US

Root domain:

Scanner detections:
Detections  (97% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Optional.DsNET.Atube.Installer.Meta, PUP.NoZebraNetworka.p, PUP.NoZebraNetworka.EE, PUP.NoZebraNetworka.W, PUP.NoZebraNetworka.h, PUP.NoZebraNetworka.V, (M), PUP.installCore.NoZebraNetworka (M), PUP.installCore.NoZebraN (M), PUP.installCore (M)
100.00%

ESET NOD32
Win32/Bundled.Toolbar.Ask (variant), Win32/InstallCore.PL (variant)
37.14%

Malwarebytes
PUP.Optional.Installcore
37.14%

K7 AntiVirus
Unwanted-Program , Trojan
37.14%

VIPRE Antivirus
Trojan.Win32.Generic, InstallCore, Threat.4150696
37.14%

AVG
Generic
37.14%

F-Prot
W32/InstallCore.AC.gen
31.43%

Baidu Antivirus
Adware.Win32.InstallCore
28.57%

McAfee
Artemis!ACA28E362058, Artemis!FD6CFFC44458, Artemis!391319947327, Artemis!2A14364D4CF7, Artemis!0BFBA468420E
22.86%

Avira AntiVirus
ADWARE/InstallCore.Gen9, Adware/InstallCore.ZR, ADWARE/InstallCore.Gen7
22.86%

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
17.14%

Sophos
Generic PUA LA, Install Core Click run software, PUA 'Install Core Click run software', Generic PUA HA, Generic PUA JL
14.29%

herdProtect (fuzzy)
a variant of 391088a0216a4d370530517f2669087318a1b0d1
8.57%

Rising Antivirus
PE:Trojan.Win32.Generic.174A015C!390725980, PE:Trojan.Win32.Generic.17768D74!393645428, PE:Trojan.Win32.Generic.17765B44!393632580
8.57%

Trend Micro House Call
Suspicious_GEN.F47V1006, Suspicious_GEN.F47V0927
8.57%

The domain install.nznweb.com.br has been seen to resolve to the following 14 IP addresses.

58.75.2da9.ip4.static.sl-reverse.com
April 13, 2016

ec2-52-7-52-225.compute-1.amazonaws.com
April 3, 2016

ec2-52-2-172-241.compute-1.amazonaws.com
April 3, 2016

ec2-52-72-168-219.compute-1.amazonaws.com
March 3, 2016

ec2-52-5-110-233.compute-1.amazonaws.com
March 3, 2016

ec2-52-71-178-39.compute-1.amazonaws.com
March 2, 2016

ec2-54-88-180-217.compute-1.amazonaws.com
February 1, 2016

ec2-54-86-244-182.compute-1.amazonaws.com
February 1, 2016

ec2-52-6-117-101.compute-1.amazonaws.com
October 26, 2015

ec2-52-1-165-70.compute-1.amazonaws.com
October 26, 2015

ec2-54-84-145-14.compute-1.amazonaws.com
December 2, 2014

ec2-54-88-6-212.compute-1.amazonaws.com
December 2, 2014

ec2-54-210-182-155.compute-1.amazonaws.com
November 17, 2014

ec2-54-165-220-75.compute-1.amazonaws.com
November 17, 2014

File downloads found at URLs served by install.nznweb.com.br.

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

12 / 68    (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Malware)

11 / 68    (Adware)

11 / 68    (Adware)

1 / 68      (Adware)

9 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

13 / 68    (Adware)

1 / 68      (Adware)

13 / 68    (Adware)

1 / 68      (Adware)

10 / 68    (Adware)

9 / 68      (Adware)

13 / 68    (Adware)

 
Latest 30 of 43 download URLs

The following file have been seen to comunicate with install.nznweb.com.br in live environments.

URL:
http://install.nznweb.com.br/

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
Microsoft-HTTPAPI/2.0