download.searchapps.me

Whois Privacy (enumDNS dba)

Domain Information

The domain download.searchapps.me registered by Whois Privacy (enumDNS dba) was initially registered in January of 2012 through GoDaddy.com, LLC R41-ME (146). This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dulles, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).
Remove Malware from download.searchapps.me - Powered by Reason Core Security
Registrar:
EuroDNS SA R34-ME (1052)

Server location:
Virginia, United States (US)

Create date:
Friday, January 13, 2012

Expires date:
Sunday, January 13, 2019

Updated date:
Friday, March 20, 2015

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.

Root domain:

Scanner detections:
Detections  (64% detected)

Scan engine
Details
Detections

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
92.31%

SUPERAntiSpyware
Heur.Agent/Gen-WhiteBox, Trojan.Agent/Gen-Downloader
61.54%

McAfee Web Gateway
Artemis!5370F47EC79A, BehavesLike.Win32.Downloader.ch, BehavesLike.Win32.AdwareSweet.dc, Artemis!1EA81549358E, BehavesLike.Win32.Dropper.nc
46.15%

Antiy Labs AVL
Trojan/Win32.Generic.gen, Trojan[:HEUR]/Win32.Unknown
38.46%

McAfee
Artemis!5370F47EC79A, Artemis!7D3E55174780, Artemis!1EA81549358E, Artemis!65B7C837ACED, Artemis!98B14C81A658
38.46%

VIPRE Antivirus
Conduit, Trojan.Win32.Generic.pak!cobra, Threat.4657539
38.46%

Kingsoft AntiVirus
VIRUS_UNKNOWN
30.77%

ESET NOD32
Win32/DownWare, Win32/SearchApps
30.77%

Dr.Web
Win32.Sector.21, Trojan.DownLoader11.35082, Trojan.DownLoader15.61998
23.08%

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.08%

Trend Micro House Call
TROJ_GEN.F47V0607, Suspicious_GEN.F47V1222, TROJ_GEN.F47V0826
23.08%

Baidu Antivirus
Adware.Win32.DownWare, Trojan.Win32.SearchApps
23.08%

Reason Heuristics
PUP.Win.Reputation
15.38%

avast!
Win32:Malware-gen
15.38%

Avira AntiVirus
W32/Sality.AT
7.69%

The domain download.searchapps.me has been seen to resolve to the following 71 IP addresses.

May 4, 2015

May 4, 2015

server-54-240-160-233.iad12.r.cloudfront.net
December 2, 2014

server-54-230-19-200.iad12.r.cloudfront.net
December 2, 2014

server-54-230-18-216.iad12.r.cloudfront.net
December 2, 2014

server-54-230-18-192.iad12.r.cloudfront.net
December 2, 2014

server-54-230-17-105.iad12.r.cloudfront.net
December 2, 2014

server-54-230-16-254.iad12.r.cloudfront.net
December 2, 2014

server-54-230-16-237.iad12.r.cloudfront.net
December 2, 2014

server-54-192-101-81.iad2.r.cloudfront.net
December 1, 2014

server-54-230-102-91.iad2.r.cloudfront.net
December 1, 2014

server-54-192-101-118.iad2.r.cloudfront.net
December 1, 2014

server-54-192-101-98.iad2.r.cloudfront.net
December 1, 2014

server-54-192-101-92.iad2.r.cloudfront.net
December 1, 2014

server-54-192-101-82.iad2.r.cloudfront.net
December 1, 2014

server-54-230-16-52.iad12.r.cloudfront.net
December 1, 2014

server-54-230-16-41.iad12.r.cloudfront.net
December 1, 2014

server-54-240-160-176.iad12.r.cloudfront.net
December 1, 2014

server-54-230-17-229.iad12.r.cloudfront.net
December 1, 2014

server-54-230-17-172.iad12.r.cloudfront.net
December 1, 2014

server-54-230-16-140.iad12.r.cloudfront.net
December 1, 2014

server-54-230-16-134.iad12.r.cloudfront.net
December 1, 2014

server-54-230-16-112.iad12.r.cloudfront.net
December 1, 2014

server-54-230-19-13.iad12.r.cloudfront.net
September 4, 2014

server-54-230-18-206.iad12.r.cloudfront.net
September 4, 2014

server-54-230-18-177.iad12.r.cloudfront.net
September 4, 2014

server-54-230-18-64.iad12.r.cloudfront.net
September 4, 2014

server-54-230-17-4.iad12.r.cloudfront.net
September 4, 2014

server-54-230-16-175.iad12.r.cloudfront.net
September 4, 2014

server-54-230-16-54.iad12.r.cloudfront.net
September 4, 2014

 
Showing 30 of 71 IP Addresses

File downloads found at URLs served by download.searchapps.me.

9 / 68      (PUP)
http://download.searchapps.me/FlashPlayer.exe  (98b14c81a658c3e36c3df1c5bab005e1)

4 / 68      (PUP)
http://download.searchapps.me/Adobe_Flash_Player.exe  (efaf6a67532e459cae113500d36babd1)

7 / 68      (Malware)
http://download.searchapps.me/Adobe_Flash_Player.exe  (65b7c837acedb7329b35580f330de05d)

4 / 68      (PUP)
http://download.searchapps.me/AdobeFlashPlayer.exe  (83f28fc56e8b332a37f3d7e1895663fe)

11 / 68    (Malware)
http://download.searchapps.me/Adobe_Flash_Player.exe  (1ea81549358e7923c4339b835e50bc34)

11 / 68    (PUP)
http://download.searchapps.me/Adobe_Flash_Player.exe  (5370f47ec79a7e49e98f843db5f78387)

8 / 68      (PUP)
http://download.searchapps.me/Adobe_Flash_Player.exe  (7d3e551747803d5fa1166e3f22f40f76)

2 / 68
http://download.searchapps.me/Adobe_Flash_Player.exe  (57dbee3ce75bf5cac45d8f9d3adbf204)

6 / 68      (PUP)
http://download.searchapps.me/Adobe_Flash_Player.exe  (98200c37d259a3dfe06803c2fdaa5aff)

1 / 68
http://download.searchapps.me/Adobe_Flash_Player.exe  (b03324c57964f3dbe1ec22cb5a042fbf)

8 / 68      (Malware)
http://download.searchapps.me/Adobe_Flash_Player.exe  (a0d77386e5230ec54a4a271c2080b14b)

5 / 68      (false positives)

2 / 68
http://download.searchapps.me/Adobe_Flash_Player.exe  (2dba7dcd104c5b8daee9653cb6617611)

The following 18 files have been seen to comunicate with download.searchapps.me in live environments.

URL:
http://download.searchapps.me/

Title:
“404 Not Found”

Network:
Amazon Cloudfront

SSL certificate subject:
CN=sni55794.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
cloudflare-nginx

Remove Malware from download.searchapps.me - Powered by Reason Core Security