dl.spyguardapp.com

Big Water Applications, LLC  (via a Proxy Registrant)

Domain Information

The domain dl.spyguardapp.com is registered by proxy through GODADDY.COM, LLC and was originally registered in May of 2013. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Dulles, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below). The domain is associated with the publisher Big Water Applications, LLC who is located in Carlsbad, California in the United States.
Registrar:
GODADDY.COM, LLC

Server location:
Virginia, United States (US)

Create date:
Thursday, May 02, 2013

Expires date:
Saturday, May 02, 2015

Updated date:
Sunday, April 13, 2014

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.BigWaterApplications.F
100.00%

Dr.Web
Adware.Plugin.128, Adware.Plugin.36
100.00%

ESET NOD32
Win32/ExFriendAlert (variant), MSIL/Adware.PullUpdate
100.00%

Malwarebytes
PUP.Optional.SearchDonkey.A, PUP.Optional.MultiExtension.A, PUP.Optional.InfoSeeker.A
83.33%

avast!
Win32:BHO-AMO [PUP]
83.33%

Trend Micro House Call
TROJ_GEN.F47V0206, TROJ_GE.957BE1AA, TROJ_GE.E27CD13C, Suspici.320869A0
66.67%

Agnitum Outpost
PUA.PullUpdate
66.67%

Qihoo 360 Security
Win32/Trojan.Adware.988, Malware.QVM10.Gen
66.67%

VIPRE Antivirus
Trojan.Win32.Generic!SB.0, Injekt
50.00%

Antiy Labs AVL
Trojan/Win32.SGeneric
50.00%

Fortinet FortiGate
Riskware/MultiPlug, Adware/PullUpdate
33.33%

Comodo Security
ApplicUnwnt
33.33%

McAfee
Artemis!40CF73292FF8
16.67%

K7 Gateway Antivirus
Trojan
16.67%

K7 AntiVirus
Trojan
16.67%

The domain dl.spyguardapp.com has been seen to resolve to the following 40 IP addresses.

server-54-240-160-72.iad12.r.cloudfront.net
November 2, 2014

server-54-230-19-116.iad12.r.cloudfront.net
November 2, 2014

server-54-230-19-36.iad12.r.cloudfront.net
November 2, 2014

server-54-230-18-251.iad12.r.cloudfront.net
November 2, 2014

server-54-230-18-237.iad12.r.cloudfront.net
November 2, 2014

server-54-230-17-22.iad12.r.cloudfront.net
November 2, 2014

server-54-230-16-233.iad12.r.cloudfront.net
November 2, 2014

server-54-230-16-180.iad12.r.cloudfront.net
November 2, 2014

server-54-230-100-116.iad2.r.cloudfront.net
September 3, 2014

server-54-230-100-84.iad2.r.cloudfront.net
September 3, 2014

server-216-137-33-226.iad2.r.cloudfront.net
September 3, 2014

server-216-137-33-187.iad2.r.cloudfront.net
September 3, 2014

server-54-230-103-24.iad2.r.cloudfront.net
September 3, 2014

server-54-230-102-99.iad2.r.cloudfront.net
September 3, 2014

server-54-230-102-35.iad2.r.cloudfront.net
September 3, 2014

server-54-230-101-37.iad2.r.cloudfront.net
September 3, 2014

server-204-246-169-4.jfk1.r.cloudfront.net
April 14, 2014

server-54-230-39-11.jfk1.r.cloudfront.net
April 14, 2014

server-54-230-36-116.jfk1.r.cloudfront.net
April 14, 2014

server-54-230-36-234.jfk1.r.cloudfront.net
April 14, 2014

server-54-230-36-167.jfk1.r.cloudfront.net
April 14, 2014

server-54-230-38-50.jfk1.r.cloudfront.net
April 14, 2014

server-54-230-38-11.jfk1.r.cloudfront.net
April 14, 2014

server-54-230-38-73.jfk1.r.cloudfront.net
April 14, 2014

server-54-230-37-214.jfk1.r.cloudfront.net
April 13, 2014

server-54-230-36-246.jfk1.r.cloudfront.net
April 13, 2014

server-54-230-39-69.jfk1.r.cloudfront.net
April 13, 2014

server-54-230-36-15.jfk1.r.cloudfront.net
April 13, 2014

server-54-230-38-222.jfk1.r.cloudfront.net
April 13, 2014

server-54-230-37-96.jfk1.r.cloudfront.net
April 13, 2014

 
Showing 30 of 40 IP Addresses

File downloads found at URLs served by dl.spyguardapp.com.

19 / 68    (Adware)
http://dl.spyguardapp.com/SpyGuard/29602/.../Setup.exe  (5af1d9a9c7e1af3477e419663420593b)

3 / 68      (Adware)
http://dl.spyguardapp.com/SpyGuard/640/.../Setup.exe  (c24ddf8308caedabbc6d7b712187af7b)

7 / 68      (Adware)
http://dl.spyguardapp.com/SpyGuard/44802/.../Setup.exe  (0274d1a8031f6a6022b0cfb725c52766)

11 / 68    (Adware)
http://dl.spyguardapp.com/SpyGuard/31501/.../Setup.exe  (3a139452be26377de7000187456acb2b)

11 / 68    (Adware)
http://dl.spyguardapp.com/SpyGuard/47302/.../Setup.exe  (1eabb0916f0f8b1df9dcb86d34d780c3)

7 / 68      (Adware)
http://dl.spyguardapp.com/SpyGuard/31501/.../Setup.exe  (e43b981129473f4d9aab6fe52361a76f)

The following 6 files have been seen to comunicate with dl.spyguardapp.com in live environments.

URL:
http://dl.spyguardapp.com/

Title:
“App Download”

Network:
Amazon Cloudfront

Web server:
AmazonS3