home

shooky-14-06-2015.s3-website-us-east-1.amazonaws.com

Amazon.com, Inc

Domain Information

The domain shooky-14-06-2015.s3-website-us-east-1.amazonaws.com registered by Amazon.com, Inc was initially registered in August of 2005 through MARKMONITOR INC.. The hosted servers are located in Ashburn, Virginia within the United States. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US East (Northern Virginia) region datacenter.
Registrar:
MARKMONITOR INC.

Server location:
Virginia, United States (US)

Create date:
Thursday, August 18, 2005

Expires date:
Tuesday, January 16, 2018

Updated date:
Thursday, May 1, 2014

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
amazonaws.com

Whois:
1 amazonaws.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Win.Reputation.IMP, PUP.Bundler.OfferInstaller.Installer.Meta (L), PUP.Bundler.OfferInstaller.Installer.Meta (M), PUP.OfferInstaller.Bundler.Installer.Meta (M)
81.82%

Baidu Antivirus
Trojan.Win32.Downloader, Adware.MSIL.Imali
72.73%

avast!
Win32:Malware-gen, Win32:GenMaliciousA-IBX [PUP], Win32:GenMaliciousA-FRH [Adw], Win32:Dropper-gen [Drp]
63.64%

Emsisoft Anti-Malware
Gen:Variant.Graftor.212777, Gen:Variant.Zusy.146056, Gen:Variant.Kazy.578645, Gen:Variant.Zusy.145833
63.64%

Kaspersky
Trojan-Downloader.Win32.Genome, HEUR:Trojan-Downloader.Win32.Generic, not-a-virus:AdWare.MSIL.Agent
45.45%

F-Secure
Gen:Variant.Graftor.212777, Suspicious:W32/Malware.c98d7cf7ae!Online
45.45%

Norman
Gen:Variant.Graftor.212777, Gen:Variant.Zusy.146056
45.45%

Avira AntiVirus
TR/Dropper.MSIL.Gen
45.45%

AhnLab V3 Security
PUP/Win32.OfferInstaller, Adware/Win32.Imali
45.45%

G Data
MSIL.Adware.OfferInstaller, Gen:Variant.Zusy.146056, Gen:Variant.Kazy.578645, Gen:Variant.Zusy.145833, Application.Generic.1434381
45.45%

Panda Antivirus
Generic Suspicious, Trj/CI.A
36.36%

ESET NOD32
MSIL/Adware.Imali (variant)
36.36%

Dr.Web
Trojan.Crossrider1.36978, Trojan.Crossrider1.31615, Trojan.Crossrider1.36898
36.36%

MicroWorld eScan
Gen:Variant.Zusy.146056, Gen:Variant.Kazy.578645, Gen:Variant.Zusy.145833, Application.Generic.1434381
36.36%

Arcabit
Trojan.Zusy.D23A88, Trojan.Kazy.D8D455, Trojan.Zusy.D239A9, Application.Generic.D15E30D
36.36%

The domain shooky-14-06-2015.s3-website-us-east-1.amazonaws.com has been seen to resolve to the following 11 IP addresses.

54.231.13.100
s3-website-us-east-1.amazonaws.com
April 13, 2016

54.231.114.2
s3-website-us-east-1.amazonaws.com
March 2, 2016

54.231.82.97
s3-website-us-east-1.amazonaws.com
February 29, 2016

54.231.11.122
s3-website-us-east-1.amazonaws.com
February 28, 2016

54.231.9.44
s3-website-us-east-1.amazonaws.com
February 22, 2016

54.231.18.204
s3-website-us-east-1.amazonaws.com
February 20, 2016

54.231.18.124
s3-website-us-east-1.amazonaws.com
February 8, 2016

54.231.48.34
s3-website-us-east-1.amazonaws.com
February 7, 2016

54.231.112.18
s3-website-us-east-1.amazonaws.com
February 7, 2016

54.231.114.129
s3-website-us-east-1.amazonaws.com
February 3, 2016

54.231.80.106
s3-website-us-east-1.amazonaws.com
January 4, 2016

File downloads found at URLs served by shooky-14-06-2015.s3-website-us-east-1.amazonaws.com.

2 / 68      (PUP)
http://shooky-14-06-2015.s3-website-us-east-1.amazonaws.com/.../OfferInstaller_dotnet4.exe  (fuf6bb2.exe)

9 / 68      (Malware)
http://shooky-14-06-2015.s3-website-us-east-1.amazonaws.com/prepreinstaller_win4.exe  (mntz_installer.exe)

27 / 68    (PUP)
http://shooky-14-06-2015.s3-website-us-east-1.amazonaws.com/.../OfferInstaller_dotnet2.exe  (fsd95c9.exe)

1 / 68      (Malware)
http://shooky-14-06-2015.s3-website-us-east-1.amazonaws.com/.../FinalInstaller_dotnet4.exe  (fsd454a.exe)

24 / 68    (PUP)
http://shooky-14-06-2015.s3-website-us-east-1.amazonaws.com/.../OfferInstaller_dotnet4.exe  (bjgec87.exe)

15 / 68    (PUP)
http://shooky-14-06-2015.s3-website-us-east-1.amazonaws.com/.../FinalInstaller_dotnet2.exe  (fsdfff1.exe)

10 / 68    (Malware)
http://shooky-14-06-2015.s3-website-us-east-1.amazonaws.com/prepreinstaller_win.exe  (bbdhz5hpuv.exe)

7 / 68      (Malware)
http://shooky-14-06-2015.s3-website-us-east-1.amazonaws.com/prepreinstaller_win2.exe  (fgpaekauik.exe)

5 / 68      (Malware)
http://shooky-14-06-2015.s3-website-us-east-1.amazonaws.com/prepreinstaller_win3.exe  (nsy9dee.tmp)

10 / 68    (PUP)
http://shooky-14-06-2015.s3-website-us-east-1.amazonaws.com/.../OfferInstaller_dotnet4.exe  (offerinstaller.exe)

16 / 68    (PUP)
http://shooky-14-06-2015.s3-website-us-east-1.amazonaws.com/.../FinalInstaller_dotnet4.exe  (fsd8716.exe)

URL:
http://shooky-14-06-2015.s3-website-us-east-1.amazonaws.com/

Network:
Amazon Web Services (AWS)

Web server:
AmazonS3

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.