home

dl.recordcheckerapp.com

Long Mile Solutions, LLC  (via a Proxy Registrant)

Domain Information

The domain dl.recordcheckerapp.com is registered by proxy through GODADDY.COM, LLC and was originally registered in April of 2013. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Dulles, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below). The domain is associated with the publisher Long Mile Solutions, LLC who is located in CARLSBAD, California in the United States.
Registrar:
GODADDY.COM, LLC

Server location:
Virginia, United States (US)

Create date:
Tuesday, April 2, 2013

Expires date:
Sunday, April 2, 2017

Updated date:
Sunday, April 3, 2016

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
recordcheckerapp.com

Whois:
4 recordcheckerapp.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.LongMileSolutions.F, PUP.Optional.Installer.I, PUP.Installer.SoftpulseSLU.F, PUP.Installer.LongMileSolutions.N, PUP.Installer.Injekt, PUP.FunTechnology.Installer (M), PUP.Injekt.LongMileSolutions.Installer (M), PUP.Injekt.LongMile.Installer (M)
100.00%

Dr.Web
Adware.Plugin.128, Trojan.Packed.28257, Adware.Plugin.36
57.14%

IKARUS anti.virus
PUA.DigiPlug, PUA.ExFriendAlert, PUA.LMS, AdWare.Agent, AdWare.Win32.ExFriendAlert
42.86%

Malwarebytes
PUP.Optional.MultiExtension.A, PUP.Optional.OpenCandy, PUP.Optional.RecordChecker.A
35.71%

Agnitum Outpost
PUA.PullUpdate, Riskware.Agent
35.71%

Trend Micro House Call
TROJ_GE.BF94D85E, Suspicious_GEN.F47V0904, Suspici.F4CBE3E4, TROJ_GE.8EDB7876, TROJ_GEN.F47V0522
35.71%

avast!
Win32:BHO-AMO [PUP]
35.71%

ESET NOD32
MSIL/Adware.PullUpdate, Win32/SoftPulse (variant), Win32/ExFriendAlert (variant)
35.71%

VIPRE Antivirus
Threat.4150696, Threat.4784449, Injekt, SearchDonkey
35.71%

NANO AntiVirus
Trojan.Win32.MLW.dcjqvm, Trojan.Win32.ExFriendAlert.deiobm, Trojan.Win32.ExFriendAlert.deioie, Trojan.Win32.Generic.cvzfrs
35.71%

Sophos
DomainIQ pay-per install, OpenCandy, Record Checker, PUA 'Record Checker' (of type Adware)
35.71%

Comodo Security
ApplicUnwnt, Application.Win32.DomaIQ.LPF
28.57%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h, AdWare.SaMon
28.57%

Avira AntiVirus
TR/Dropper.Gen, ADWARE/Adware.Gen
21.43%

McAfee
Socrydo, Artemis!F756E81A9404, Artemis!A5236108B647
21.43%

The domain dl.recordcheckerapp.com has been seen to resolve to the following 90 IP addresses.

52.85.131.104
server-52-85-131-104.iad53.r.cloudfront.net
May 21, 2016

52.85.131.86
server-52-85-131-86.iad53.r.cloudfront.net
May 21, 2016

52.85.131.60
server-52-85-131-60.iad53.r.cloudfront.net
May 21, 2016

52.85.131.216
server-52-85-131-216.iad53.r.cloudfront.net
May 21, 2016

52.85.131.208
server-52-85-131-208.iad53.r.cloudfront.net
May 21, 2016

52.85.131.185
server-52-85-131-185.iad53.r.cloudfront.net
May 21, 2016

52.85.131.173
server-52-85-131-173.iad53.r.cloudfront.net
May 21, 2016

52.85.131.137
server-52-85-131-137.iad53.r.cloudfront.net
May 21, 2016

52.85.142.129
server-52-85-142-129.iad12.r.cloudfront.net
May 16, 2016

52.85.142.74
server-52-85-142-74.iad12.r.cloudfront.net
May 16, 2016

52.85.142.27
server-52-85-142-27.iad12.r.cloudfront.net
May 16, 2016

52.85.142.230
server-52-85-142-230.iad12.r.cloudfront.net
May 16, 2016

52.85.142.197
server-52-85-142-197.iad12.r.cloudfront.net
May 16, 2016

52.85.142.153
server-52-85-142-153.iad12.r.cloudfront.net
May 16, 2016

52.85.142.144
server-52-85-142-144.iad12.r.cloudfront.net
May 16, 2016

52.85.142.131
server-52-85-142-131.iad12.r.cloudfront.net
May 16, 2016

54.230.102.70
server-54-230-102-70.iad2.r.cloudfront.net
April 9, 2016

54.230.102.59
server-54-230-102-59.iad2.r.cloudfront.net
April 9, 2016

54.230.102.238
server-54-230-102-238.iad2.r.cloudfront.net
April 9, 2016

54.230.102.230
server-54-230-102-230.iad2.r.cloudfront.net
April 9, 2016

54.230.102.225
server-54-230-102-225.iad2.r.cloudfront.net
April 9, 2016

54.230.102.203
server-54-230-102-203.iad2.r.cloudfront.net
April 9, 2016

54.230.102.179
server-54-230-102-179.iad2.r.cloudfront.net
April 9, 2016

54.230.102.164
server-54-230-102-164.iad2.r.cloudfront.net
April 9, 2016

54.240.160.24
server-54-240-160-24.iad12.r.cloudfront.net
February 28, 2016

54.240.160.17
server-54-240-160-17.iad12.r.cloudfront.net
February 28, 2016

54.240.160.8
server-54-240-160-8.iad12.r.cloudfront.net
February 28, 2016

54.240.160.228
server-54-240-160-228.iad12.r.cloudfront.net
February 28, 2016

54.240.160.201
server-54-240-160-201.iad12.r.cloudfront.net
February 28, 2016

54.240.160.191
server-54-240-160-191.iad12.r.cloudfront.net
February 28, 2016

 
Showing 30 of 90 IP Addresses

File downloads found at URLs served by dl.recordcheckerapp.com.

1 / 68      (Adware)
http://dl.recordcheckerapp.com/RecordChecker/18101/.../Setup.exe  (e5efea1b1ba7c3a46ac0599f11969f10)

1 / 68      (Adware)
http://dl.recordcheckerapp.com/RecordChecker/18401/.../Setup.exe  (8f6b349a7f41dfe3405d2fcff0a25a0d)

1 / 68      (Adware)
http://dl.recordcheckerapp.com/RecordChecker/1041/.../Setup.exe  (89d13f0a563c9833205a202f3108c346)

1 / 68      (Adware)
http://dl.recordcheckerapp.com/RecordChecker/18901/.../Setup.exe  (29b1cea73e66f54d0995045c731264a3)

1 / 68      (Adware)
http://dl.recordcheckerapp.com/RecordChecker/16602/.../Setup.exe  (1084a1797118dbf59a15c8938597af65)

8 / 68      (PUP)
http://dl.recordcheckerapp.com/RecordChecker/562/.../Setup.exe  (a5236108b647d5ba5c75d7bc8fec0085)

2 / 68      (PUP)
http://dl.recordcheckerapp.com/RecordChecker/561/.../Setup.exe  (ea5887b952607bd0a916084ca3956316)

18 / 68    (Adware)
http://dl.recordcheckerapp.com/RecordChecker/17501/.../Setup.exe  (117b9e73b445a3ed2d0ddde4194a532c)

14 / 68    (Adware)
http://dl.recordcheckerapp.com/RecordChecker/16502/.../Setup.exe  (36044c3b50f8672600ccae89d525899e)

10 / 68    (Adware)
http://dl.recordcheckerapp.com/RecordChecker/561/.../Setup.exe  (activesetupnx.exe)

12 / 68    (Adware)
http://dl.recordcheckerapp.com/RecordChecker/878/.../Setup.exe  (9271c655ee291c4f3e9778273ca0a41b)

14 / 68    (Adware)
http://dl.recordcheckerapp.com/RecordChecker/562/.../Setup.exe  (f261d462262034297a66375d02855bc5)

8 / 68      (Adware)
http://dl.recordcheckerapp.com/RecordChecker/16402/.../Setup.exe  (a94658ea997e5ff1db65b0237602ac6f)

9 / 68      (Adware)
http://dl.recordcheckerapp.com/RecordChecker/16202/.../Setup.exe  (1df0d6d6a5f74a3d19c1033a443a1032)

The following 87 files have been seen to comunicate with dl.recordcheckerapp.com in live environments.

TCP » 54.192.55.150:80
browser.exe (Browser)

TCP » 54.192.55.150:80
britches.exe (Britches)

TCP » 54.192.55.150:80
saber.exe

TCP » 54.192.55.143:80
saber.exe

TCP » 52.85.142.144:443
jingling.exe

TCP » 52.85.142.74:443
UCBrowser.exe (by UCWeb)

TCP » 54.192.55.143:80
saber.exe

TCP » 52.85.142.153:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.55.39:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.55.150:80
browser.exe (Browser)

TCP » 52.85.142.131:443
citrio.exe (Citrio by CatalinaGroup)

TCP » 54.192.55.143:80
wikithemes.exe

TCP » 52.85.142.74:443
whatsapptime.exe

TCP » 52.85.142.131:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.55.175:443
apptrailers.exe

TCP » 54.192.55.150:80
jingling.exe

TCP » 52.85.142.74:80
Client.exe

TCP » 54.192.55.39:80
emuletorrent.exe

TCP » 54.192.55.143:80
winsaber.exe

TCP » 52.85.142.153:80
citrio.exe (Citrio by CatalinaGroup)

 
Latest 20 of 115 files

URL:
http://dl.recordcheckerapp.com/

Title:
“Download”

Network:
Amazon Cloudfront

Web server:
AmazonS3

spyalertapp.com

attractionalertapp.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.