home

dl.searchdealsapp.com

CloudCanvas, Inc.  (via a Proxy Registrant)

Domain Information

The domain dl.searchdealsapp.com is registered by proxy through GODADDY.COM, LLC and was originally registered in June of 2011. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below). The domain is associated with the publisher CloudCanvas, Inc. who is located in Wilmington, Delaware in the United States.
Registrar:
GODADDY.COM, LLC

Server location:
Virginia, United States (US)

Create date:
Thursday, June 16, 2011

Expires date:
Thursday, January 1, 2015

Updated date:
Wednesday, November 20, 2013

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.

Root domain:
searchdealsapp.com

Whois:
1 searchdealsapp.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.CloudCanvas.F, PUP.CloudCan.Installer (M)
100.00%

MicroWorld eScan
Adware.Agent.NVF
50.00%

nProtect
Adware.Agent.NVF
50.00%

McAfee
Artemis!6FEAAAAC38EB
50.00%

Malwarebytes
PUP.Optional.SearchDonkey.A
50.00%

NANO AntiVirus
Trojan.Win32.Plugin.ctuood
50.00%

avast!
Win32:BHO-AMO [PUP]
50.00%

Kaspersky
HEUR:Trojan-Downloader.Win32.Generic
50.00%

Bitdefender
Adware.Agent.NVF
50.00%

Lavasoft Ad-Aware
Adware.Agent.NVF
50.00%

Emsisoft Anti-Malware
Adware.Agent.NVF
50.00%

F-Secure
Adware.Agent.NVF
50.00%

Dr.Web
Adware.Plugin.128
50.00%

VIPRE Antivirus
Trojan.Win32.Generic
50.00%

G Data
Adware.Agent.NVF
50.00%

The domain dl.searchdealsapp.com has been seen to resolve to the following 16 IP addresses.

52.84.125.214
server-52-84-125-214.iad16.r.cloudfront.net
July 17, 2016

52.84.125.203
server-52-84-125-203.iad16.r.cloudfront.net
July 17, 2016

52.84.125.186
server-52-84-125-186.iad16.r.cloudfront.net
July 17, 2016

52.84.125.119
server-52-84-125-119.iad16.r.cloudfront.net
July 17, 2016

52.84.125.80
server-52-84-125-80.iad16.r.cloudfront.net
July 17, 2016

52.84.125.52
server-52-84-125-52.iad16.r.cloudfront.net
July 17, 2016

52.84.125.39
server-52-84-125-39.iad16.r.cloudfront.net
July 17, 2016

52.84.125.37
server-52-84-125-37.iad16.r.cloudfront.net
July 17, 2016

54.230.37.161
server-54-230-37-161.jfk1.r.cloudfront.net
April 14, 2014

54.230.39.200
server-54-230-39-200.jfk1.r.cloudfront.net
April 14, 2014

54.230.37.59
server-54-230-37-59.jfk1.r.cloudfront.net
April 14, 2014

54.230.36.240
server-54-230-36-240.jfk1.r.cloudfront.net
April 14, 2014

54.230.36.234
server-54-230-36-234.jfk1.r.cloudfront.net
April 14, 2014

54.230.36.198
server-54-230-36-198.jfk1.r.cloudfront.net
April 14, 2014

204.246.169.64
server-204-246-169-64.jfk1.r.cloudfront.net
April 14, 2014

54.230.38.34
server-54-230-38-34.jfk1.r.cloudfront.net
April 14, 2014

File downloads found at URLs served by dl.searchdealsapp.com.

1 / 68      (Adware)
http://dl.searchdealsapp.com/SearchDeals/300/.../Setup.exe  (0cbfec94c96511f86b96ebc4717ceed0)

19 / 68    (Adware)
http://dl.searchdealsapp.com/SearchDeals/300/.../Setup.exe  (6feaaaac38ebb22767fbfc1f72e7fa9c)

The following 26 files have been seen to comunicate with dl.searchdealsapp.com in live environments.

TCP » 52.84.125.203:443
strummer.exe (Strummer)

TCP » 52.84.125.186:80
se.exe

TCP » 52.84.125.186:443
browser.exe (Speed Browser by Smart Applications)

TCP » 52.84.125.80:80
beamrise.exe (Beamrise by The Beamrise Authors)

TCP » 52.84.125.52:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.186:80
Mobogenie.exe (Mobogenie by Mobogenie.com)

TCP » 52.84.125.186:443
online-guardian-v2.0.9.exe

TCP » 52.84.125.80:443
online-guardian-v2.0.9.exe

TCP » 54.230.38.34:443
wikithemes.exe

TCP » 52.84.125.52:80
Trezaa.Service.exe (Trezaa.Service by Microsoft)

TCP » 54.230.38.34:443
crossbrowse.exe (Crossbrowse)

TCP » 52.84.125.186:443
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

TCP » 52.84.125.203:443
stormwatchapp.exe

TCP » 52.84.125.203:443
citrio.exe (Citrio by CatalinaGroup)

TCP » 52.84.125.203:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.214:80
Weather.exe (WeatherBug Desktop by AWS Convergence Technologies)

TCP » 52.84.125.37:443
APK2Mobile.exe (TODO: <Product name> by TODO: <Company name>)

TCP » 52.84.125.80:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 54.230.37.59:443
online-guardian-v2.0.9.exe

TCP » 52.84.125.186:80
iminent browser.exe (Iminent Browser by The Iminent Browser Authors)

 
Latest 20 of 49 files

URL:
http://dl.searchdealsapp.com/

Network:
Amazon Cloudfront

Web server:
AmazonS3

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.