download.searchapps.me

Whois Privacy (enumDNS dba)

Domain Information

The domain download.searchapps.me registered by Whois Privacy (enumDNS dba) was initially registered in January of 2012 through GoDaddy.com, LLC R41-ME (146). This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dulles, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).
Registrar:
EuroDNS SA R34-ME (1052)

Server location:
Virginia, United States (US)

Create date:
Friday, January 13, 2012

Expires date:
Sunday, January 13, 2019

Updated date:
Friday, March 20, 2015

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.

Root domain:

Scanner detections:
Detections  (89% detected)

Scan engine
Details
Detections

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
78.95%

SUPERAntiSpyware
Heur.Agent/Gen-WhiteBox, Trojan.Agent/Gen-Downloader
52.63%

McAfee Web Gateway
Artemis!5370F47EC79A, BehavesLike.Win32.Downloader.ch, BehavesLike.Win32.AdwareSweet.dc, Artemis!1EA81549358E, Heuristic.BehavesLike.Win32.Suspicious-PKR.G
47.37%

Reason Heuristics
(M), PUP.Win.Reputation, PUP.Bundler, PUP.Bundler (M), Adware.DownloadShield.Bundle.Meta (M)
42.11%

McAfee
Artemis!5370F47EC79A, Artemis!7D3E55174780, Artemis!1EA81549358E, Artemis!5ED3A62CBFA9, Artemis!65B7C837ACED, RDN/Generic Downloader.x!np, Artemis!98B14C81A658
42.11%

Antiy Labs AVL
Trojan/Win32.Generic.gen, Trojan[:HEUR]/Win32.Unknown
31.58%

VIPRE Antivirus
Conduit, Trojan.Win32.Generic.pak!cobra, Threat.4657539
31.58%

Kingsoft AntiVirus
VIRUS_UNKNOWN
26.32%

ESET NOD32
Win32/DownWare, Win32/SearchApps
26.32%

Trend Micro House Call
TROJ_GEN.F47V0607, Suspicious_GEN.F47V1222, TROJ_GEN.F47V0826, TROJ_GEN.R0EBH06EQ15
21.05%

Baidu Antivirus
Adware.Win32.DownWare, Trojan.Win32.SearchApps
21.05%

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
15.79%

avast!
Win32:Malware-gen
15.79%

Dr.Web
Trojan.DownLoader11.35082, Trojan.DownLoader13.18115, Trojan.DownLoader15.61998
15.79%

AVG
MultiBundle
15.79%

The domain download.searchapps.me has been seen to resolve to the following 71 IP addresses.

May 4, 2015

May 4, 2015

server-54-240-160-233.iad12.r.cloudfront.net
December 2, 2014

server-54-230-19-200.iad12.r.cloudfront.net
December 2, 2014

server-54-230-18-216.iad12.r.cloudfront.net
December 2, 2014

server-54-230-18-192.iad12.r.cloudfront.net
December 2, 2014

server-54-230-17-105.iad12.r.cloudfront.net
December 2, 2014

server-54-230-16-254.iad12.r.cloudfront.net
December 2, 2014

server-54-230-16-237.iad12.r.cloudfront.net
December 2, 2014

server-54-192-101-81.iad2.r.cloudfront.net
December 1, 2014

server-54-230-102-91.iad2.r.cloudfront.net
December 1, 2014

server-54-192-101-118.iad2.r.cloudfront.net
December 1, 2014

server-54-192-101-98.iad2.r.cloudfront.net
December 1, 2014

server-54-192-101-92.iad2.r.cloudfront.net
December 1, 2014

server-54-192-101-82.iad2.r.cloudfront.net
December 1, 2014

server-54-230-16-52.iad12.r.cloudfront.net
December 1, 2014

server-54-230-16-41.iad12.r.cloudfront.net
December 1, 2014

server-54-240-160-176.iad12.r.cloudfront.net
December 1, 2014

server-54-230-17-229.iad12.r.cloudfront.net
December 1, 2014

server-54-230-17-172.iad12.r.cloudfront.net
December 1, 2014

server-54-230-16-140.iad12.r.cloudfront.net
December 1, 2014

server-54-230-16-134.iad12.r.cloudfront.net
December 1, 2014

server-54-230-16-112.iad12.r.cloudfront.net
December 1, 2014

server-54-230-19-13.iad12.r.cloudfront.net
September 4, 2014

server-54-230-18-206.iad12.r.cloudfront.net
September 4, 2014

server-54-230-18-177.iad12.r.cloudfront.net
September 4, 2014

server-54-230-18-64.iad12.r.cloudfront.net
September 4, 2014

server-54-230-17-4.iad12.r.cloudfront.net
September 4, 2014

server-54-230-16-175.iad12.r.cloudfront.net
September 4, 2014

server-54-230-16-54.iad12.r.cloudfront.net
September 4, 2014

 
Showing 30 of 71 IP Addresses

File downloads found at URLs served by download.searchapps.me.

1 / 68      (PUP)
http://download.searchapps.me/Flash_Player.exe  (4faf1e452c42d522e395199a550a7603)

8 / 68      (Malware)
http://download.searchapps.me/Flash_Player.exe  (0da0b35f584d6f354913e0ba23309356)

12 / 68    (Malware)
http://download.searchapps.me/Adobe_Reader.exe  (5ed3a62cbfa9bad5e790620336723a7b)

7 / 68      (Malware)
http://download.searchapps.me/Flash_Player.exe  (04b3fd7f0227bbe6378d8f44e4cbbf66)

1 / 68      (Malware)
http://download.searchapps.me/flash_movie_player.exe  (4ec1821b7b192d1e604818df3f6641d7)

9 / 68      (PUP)
http://download.searchapps.me/FlashPlayer.exe  (98b14c81a658c3e36c3df1c5bab005e1)

4 / 68      (PUP)
http://download.searchapps.me/Adobe_Flash_Player.exe  (efaf6a67532e459cae113500d36babd1)

7 / 68      (Malware)
http://download.searchapps.me/Adobe_Flash_Player.exe  (65b7c837acedb7329b35580f330de05d)

4 / 68      (PUP)
http://download.searchapps.me/AdobeFlashPlayer.exe  (83f28fc56e8b332a37f3d7e1895663fe)

11 / 68    (Malware)
http://download.searchapps.me/Adobe_Flash_Player.exe  (1ea81549358e7923c4339b835e50bc34)

11 / 68    (PUP)
http://download.searchapps.me/Adobe_Flash_Player.exe  (5370f47ec79a7e49e98f843db5f78387)

8 / 68      (PUP)
http://download.searchapps.me/Adobe_Flash_Player.exe  (7d3e551747803d5fa1166e3f22f40f76)

3 / 68      (PUP)
http://download.searchapps.me/Adobe_Flash_Player.exe  (57dbee3ce75bf5cac45d8f9d3adbf204)

6 / 68      (PUP)
http://download.searchapps.me/Adobe_Flash_Player.exe  (98200c37d259a3dfe06803c2fdaa5aff)

2 / 68      (PUP)
http://download.searchapps.me/Adobe_Flash_Player.exe  (b03324c57964f3dbe1ec22cb5a042fbf)

8 / 68      (Malware)
http://download.searchapps.me/Adobe_Flash_Player.exe  (a0d77386e5230ec54a4a271c2080b14b)

1 / 68      (false positive)

2 / 68      (false positives)

3 / 68      (PUP)
http://download.searchapps.me/Adobe_Flash_Player.exe  (2dba7dcd104c5b8daee9653cb6617611)

The following 32 files have been seen to comunicate with download.searchapps.me in live environments.

 
Latest 20 of 40 files

URL:
http://download.searchapps.me/

Title:
“404 Not Found”

Network:
Amazon Cloudfront

SSL certificate subject:
CN=sni55794.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
cloudflare-nginx