» download.theappsrvr.com
Overview
Analysis
IPs Addresses (5)
Downloads (63)
Network (263)
Website Detail

download.theappsrvr.com

Domains By Proxy, LLC (Proxy Registrant)

Domain Information

The domain download.theappsrvr.com is registered by proxy through GODADDY.COM, LLC and was originally registered in January of 2016. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Scottsdale, Arizona within the United States which resides on the GoDaddy.com, LLC network.

Registrant:

Domains By Proxy, LLC

Registrar:

GODADDY.COM, LLC

Server location:

Arizona, United States (US)

Create date:

Monday, January 4, 2016

Expires date:

Wednesday, January 4, 2017

Updated date:

Saturday, January 23, 2016

ASN:

AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC

Root domain:

theappsrvr.com

Whois:

4 theappsrvr.com records

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.Systweak.SUPERTUN.Installer.Meta (M), PUP.Optional.Installer, PUP.50OnRed.SavingsApps.Installer (M), PUP.Air Software.AirSoftware.Bundler (M), PUP.50OnRed.SavingsA.Installer (M), PUP.50OnRed (M)

100.00%

nProtect

Abuse-Worry/W32.RegTool.3534008, Trojan-Clicker/W32.AirAdInstaller.824744

4.00%

Malwarebytes

Trojan.Dropper, PUP.Optional.AirAdInstaller

4.00%

K7 AntiVirus

Unwanted-Program

4.00%

NANO AntiVirus

Riskware.Win32.RegTool.hgltz, Riskware.Win32.AirAdInstaller.cwbyev

4.00%

avast!

Win32:RegTool-B [PUP], Win32:Adware-gen [Adw]

4.00%

Kaspersky

Trojan-FakeAV.Win32.RegTool, not-a-virus:AdWare.Win32.AirAdInstaller

4.00%

Sophos

Generic PUA KK, AirInstaller

4.00%

Comodo Security

UnclassifiedMalware, Application.Win32.AirAdInstaller.B

4.00%

Dr.Web

Trojan.Fraudster.194, Trojan.SMSSend.4953

4.00%

Avira AntiVirus

PHISH/Fraud.RegTool.c.18, Adware/AgentCV.A.6255

4.00%

G Data

Trojan.FakeAlert.DDY, Win32.Adware.Airadinstaller

4.00%

Vba32 AntiVirus

TrojanFakeAV.RegTool, AdWare.AirAdInstaller

4.00%

Rising Antivirus

PE:Trojan.Win32.Generic.144474FB!340030715, PE:PUF.Airinstall!1.9C4C

4.00%

IKARUS anti.virus

Trojan.Win32.FakeAV, Win32.SuspectCrc

4.00%

The domain download.theappsrvr.com has been seen to resolve to the following 5 IP addresses.

213.247.47.190

May 18, 2016

174.137.132.28

February 8, 2016

54.72.9.51

ec2-54-72-9-51.eu-west-1.compute.amazonaws.com

January 28, 2016

50.63.202.56

ip-50-63-202-56.ip.secureserver.net

October 26, 2015

204.51.78.192

May 1, 2014

File downloads found at URLs served by download.theappsrvr.com.

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01sgavb2krx7at&s=Chrome&SessionToken=d328309eba7f441ea9502d444abfbb93 (setup.exe)

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01sgavb2krx7at&s=Chrome&SessionToken=4e7f17cb53c5425ba80a06ae80186882 (setup.exe)

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01sgavb2krx7at&s=Chrome&SessionToken=f25231cadafe4d80befac36114927fef (setup.exe)

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01sgavb2krx7at&s=Chrome&SessionToken=01e17ea82e6c41219e3097c0e20dbd0b (setup.exe)

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01sgavb2krx7at&s=Chrome&SessionToken=117c1a1096144bcdb2ce551426f7dc64 (setup.exe)

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01sgavb2krx7at&s=Chrome&SessionToken=621e1cb0f0c54d44b4370fd3d86691eb (setup.exe)

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01sgavb2krx7at&s=Chrome&SessionToken=5893ed4c61f44ce5adcc7e62751e5f21 (setup.exe)

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01sgavb2krx7at&s=Chrome&SessionToken=77b408ac0fac4b1ea23acbacd04feaf6 (setup.exe)

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01sgavb2krx7at&s=Chrome&SessionToken=ecdebcb6686442ec9f2c8c9801ece84a (setup.exe)

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01sgavb2krx7at&s=Chrome&SessionToken=2426d4f2913a4236ad7a83d7ee61716c (setup.exe)

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01sgavb2krx7at&s=Chrome&SessionToken=90487d0afdb743de9701501b6b1a81f9 (setup.exe)

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01sgavb2krx7at&s=Chrome&SessionToken=31109f29dc504e238491d886a18109ae (setup.exe)

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01sgavb2krx7at&s=Chrome&SessionToken=29a41f77821445ce9f90dccae347491a (setup.exe)

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01sgavb2krx7at&s=Chrome&SessionToken=1e7400044bcf48769398b97c15db3602 (setup.exe)

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01sgavb2krx7at&s=Chrome&SessionToken=6b7560b6594e49d9b7ba654c385d4c03 (setup.exe)

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01sgavb2krx7at&s=Chrome&SessionToken=2335b8539bf8490692fcc50989758680 (setup.exe)

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01agdvw6mwxya0&s=ChromeV2NC&SessionToken=f5ac5dcef1424446b2f7f913e4c86a40 (setup.exe)

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01sgavb2krx7at&s=Chrome&SessionToken=c35f393bc7b74114a1c672a11a408d64 (setup.exe)

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01sgavb2krx7at&s=Chrome&SessionToken=2b9f3d0299044490aeeefd78a30cb6b0 (setup.exe)

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01sgavb2krx7at&s=Chrome&SessionToken=39137cbf9e7f47919159cfa2ca796e74 (setup.exe)

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01sgavb2krx7at&s=Chrome&SessionToken=454b5d54e7cf4ff8be283aa216320334 (setup.exe)

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01sgavb2krx7at&s=Chrome&SessionToken=38bb3a2396874eee8a53f09a235ad841 (setup.exe)

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01sgavb2krx7at&s=Chrome&SessionToken=004427985947447eb0842e7325298511 (setup.exe)

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01sgavb2krx7at&s=Chrome&SessionToken=69c9d0f5260d40e6b26e7787fc49860c (setup.exe)

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01sgavb2krx7at&s=Chrome&SessionToken=2e0bdb04a5884e9dbbbb2ce4a8306643 (setup.exe)

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01sgavb2krx7at&s=Chrome&SessionToken=7e4b4e9692564e339750b64f3ab6c9a4 (setup.exe)

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01agdvw6mwxya0&s=ChromeV2NC&SessionToken=aac6677e5ece400b8f00adfc1ddc42c4 (setup.exe)

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01sgavb2krx7at&s=Chrome&SessionToken=41ba4797042d450a933a5277d23c45ac (setup.exe)

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01sgavb2krx7at&s=Chrome&SessionToken=11e26d91324a42728621012f656528e2 (setup.exe)

1 / 68 (Adware)

http://download.theappsrvr.com/?nm=01sgavb2krx7at&s=Chrome&SessionToken=af48b437518245edb103f0ed1f9b6f28 (setup.exe)

Latest 30 of 63 download URLs

The following 263 files have been seen to comunicate with download.theappsrvr.com in live environments.

TCP » 50.63.202.56:80

googleupdate.exe13d7b73 (globalUpdate Update by globalUpdate)

TCP » 54.72.9.51:80

toolbarupdaterservice.exe

TCP » 54.72.9.51:80

hdnInstaller.exe (hdnInstaller)

TCP » 54.72.9.51:80

onedrvup.exe

TCP » 54.72.9.51:80

hdnInstaller.exe (hdnInstaller)

TCP » 50.63.202.56:80

shoppy-up.2.7-codedownloader.exe (Shoppy-Up.2.7 by Winportal)

TCP » 54.72.9.51:80

247843.ftf (Optimizer Pro v3.2 by PC Utilities Software Limited)

TCP » 54.72.9.51:80

1799877.exe

TCP » 50.63.202.56:80

20b9a285-202b-40f5-8dca-bdb3fa127f47-7.exe (SavePass 1.1 by OB)

TCP » 54.72.9.51:80

IEError.exe (IEError)

TCP » 54.72.9.51:80

install_flashplayer14x32_x64md_aaa_aih.exe (bon joueur)

TCP » 50.63.202.56:80

20b9a285-202b-40f5-8dca-bdb3fa127f47-11.exe (SavePass 1.1 by OB)

TCP » 54.72.9.51:80

optimizerproinstaller.exe (Optimizer Pro v3.2 by PCUtilities Software Limited)

TCP » 54.72.9.51:80

charles.exe (by Apple)

TCP » 54.72.9.51:80

onedrv.exe

TCP » 54.72.9.51:80

IEError.exe (IEError)

TCP » 54.72.9.51:80

updater27793.exe (CouponDropDown Plugin by Innovative Apps)

TCP » 54.72.9.51:80

install_flashplayer16x33_masp_aaa_aih.exe (by Apple)

TCP » 50.63.202.56:80

476e068a-388e-4ec9-8130-3bcf1039e788-11.exe (SavePass 1.1 by OB)

TCP » 54.72.9.51:80

toolbarupdaterservice.exe

Latest 20 of 271 files

URL:

http://download.theappsrvr.com/

Title:

“Loading”

Web server:

nginx/1.8.0

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.