home

profficult.net

Whois protection, this company does not own this domain name s.r.o.

Domain Information

The domain profficult.net registered by Whois protection, this company does not own this domain name s.r.o. was initially registered in January of 2016 through DOMAINSITE, INC.. Currently this domain has been known to host various forms of malware. The hosted servers are located in Portland, Oregon within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Oregon) region datacenter.
Registrar:
GRANSY S.R.O D/B/A SUBREG.CZ

Server location:
Oregon, United States (US)

Create date:
Monday, January 18, 2016

Expires date:
Wednesday, January 18, 2017

Updated date:
Monday, January 18, 2016

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Whois:
2 profficult.net records

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Win.Reputation.IMP
100.00%

F-Secure
Gen:Variant.Adware.Kazy
33.33%

Dr.Web
Trojan.Crossrider1.31749
33.33%

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.618288
33.33%

AVG
Adware Generic6.ATAU
33.33%

ESET NOD32
Win32/Adware.MultiPlug.KU application
33.33%

McAfee
Program.MultiPlug-FYT
33.33%

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.618288
33.33%

Norman
Gen:Variant.Adware.Kazy.618288
33.33%

avast!
Win32:MultiPlug-ZC [PUP]
33.33%

MicroWorld eScan
Gen:Variant.Adware.Kazy.618288
33.33%

Zillya! Antivirus
Adware.MultiPlugGen.Win32.3
33.33%

K7 AntiVirus
Trojan
33.33%

Arcabit
Trojan.Adware.Kazy.D96F30
33.33%

NANO AntiVirus
Riskware.Win32.MultiPlug.drxomu
33.33%

The domain profficult.net has been seen to resolve to the following 2 IP addresses.

23.253.76.160
April 1, 2016

52.24.161.49
ec2-52-24-161-49.us-west-2.compute.amazonaws.com
July 1, 2015

File downloads found at URLs served by profficult.net.

1 / 68      (Malware)
http://profficult.net/v24434?product_name=??_??_????_??????_Bsyazlma.mp4&file_size=&product_title=?? ?? ???? | ?????? #Bsyazlma&installer_file_name=??_??_????_??????_Bsyazlma.mp4&product_file_name=??_??_????_??????_Bsyazlma.mp4&product_download_url=http://youtubemp4s.com/downloads/.../1923809?h=AKhriiUk0VRLncyMSw3jqw&e=1432147178  (____bsyazlma.exe)

1 / 68      (Malware)
http://profficult.net/v24434?product_name=CCTV_Footage_of_Nd_s_Mahaboudha_During_the_7_9_Richter_scale_Earthquake_2015.mp4&file_size=&product_title=CCTV Footage of Nd's (Mahaboudha) During the 7.9 Richter scale Earthquake 2015&installer_file_name=CCTV_Footage_of_Nd_s_Mahaboudha_During_the_7_9_Richter_scale_Earthquake_2015.mp4&product_file_name=CCTV_Footage_of_Nd_s_Mahaboudha_During_the_7_9_Richter_scale_Earthquake_2015.mp4&product_download_url=http://youtubemp4s.com/downloads/.../3567118?h=wY_AvjMB2BQxHweB3syN1A&e=1432142794  (cctv_footage_of_nd_s_mahaboudha_during_the_7_9_richter_scale_earthquake_2015.exe)

24 / 68    (PUP)
http://profficult.net/v22601?product_name=BlueStacks&filesize=3&product_title=BlueStacks&installer_file_name=BlueStacks&Product_File_Name=BlueStacks.exe&product_download_url=http://cdn.bluestacks.com/public/.../BlueStacks-SplitInstaller_native.exe&locale=XX  (83d84cbe208bf563ef0fc1ab459fac9f)

URL:
http://profficult.net/

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
Apache

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.