home

files4.freega.me

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain files4.freega.me is registered by proxy through GoDaddy.com, LLC R41-ME (146) and was originally registered in September of 2011. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Cambridge, Massachusetts within the United States which resides on the Akamai Technologies, Inc. network.
Registrar:
GoDaddy.com, LLC R41-ME (146)

Server location:
Massachusetts, United States (US)

Create date:
Friday, September 30, 2011

Expires date:
Friday, September 30, 2016

Updated date:
Thursday, October 1, 2015

ASN:
AS20940 AKAMAI-ASN1 Akamai International B.V.

Root domain:
freega.me

Whois:
3 freega.me records

Google Safe Browsing:
unwanted

Scanner detections:
Detections  (96% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.DownloadAdmin.M, PUP.Installer.DownloadAdmin.CC, PUP.Installer.DownloadAdmin.X, PUP.Tightrope.Bundler, PUP.Installer.DownloadAdmin.U, PUP.Installer.DownloadAdmin.R, PUP.Bundler.Tightrope, PUP.Tightrope.Blueis.Bundler (M), PUP.Tightrope.DownloadAdmin.Bundler (M), PUP.DownloadAdmin.Bundler.Installer.Meta (M), PUP.Tightrope.Download.Bundler (M), PUP.DownloadAdmin.SuperCli.Installer (M), Adware.CatLadyI.Installer.Meta.Bundler, PUP.DownloadAdmin.Bundler (M)
92.86%

VIPRE Antivirus
Threat.4783369, DownloadAdmin
32.14%

Dr.Web
Adware.DAdmin.151, Adware.Downware.2220, Threat.Undefined, Adware.Downware.411, Trojan.Vittalia.8699
28.57%

herdProtect (fuzzy)
a variant of f8ec604fb7009fe15c78f71c4f6ec1f5b9d9d134, a variant of 891abcb5e10441d20ac0a5f582fa3b9519327ff1, a variant of 515fd89eed11d6fde64e6fe643ad90a83ca6d9ff
25.00%

Sophos
Download Admin
25.00%

Malwarebytes
PUP.Optional.DownloadAdmin
21.43%

ESET NOD32
Win32/DownloadAdmin.G potentially unwanted application, Win32/DownloadAdmin.R potentially unwanted application, Win32/DownloadAdmin.Q potentially unwanted application
17.86%

ESET NOD32
Win32/DownloadAdmin, Win32/DownloadAdmin.Q potentially unwanted (variant)
17.86%

Avira AntiVirus
ADWARE/Adware.Gen, TR/Agent.105200
14.29%

F-Secure
Adware:W32/WebInstallBundle, Gen:Variant.Razy.12439
14.29%

NANO AntiVirus
Trojan.Win32.Downware.crgjbr, Trojan.Win32.Downware.bqhlba
14.29%

Rising Antivirus
PE:Malware.XPACK/RDM!5.1, PE:Malware.Generic(Thunder)!1.A1C4 [F]
14.29%

Trend Micro House Call
Suspicious_GEN.F47V0706, TROJ_GEN.F47V0512
10.71%

AVG
Generic, MultiBundle
10.71%

Emsisoft Anti-Malware
Riskware.Win32.DownloadAdmin.AMN, Gen:Variant.Razy.12439
10.71%

The domain files4.freega.me has been seen to resolve to the following 35 IP addresses.

184.51.126.105
a184-51-126-105.deploy.static.akamaitechnologies.com
June 7, 2016

104.96.220.226
a104-96-220-226.deploy.static.akamaitechnologies.com
May 26, 2016

104.96.220.216
a104-96-220-216.deploy.static.akamaitechnologies.com
May 18, 2016

104.112.235.19
a104-112-235-19.deploy.static.akamaitechnologies.com
May 18, 2016

104.96.220.233
a104-96-220-233.deploy.static.akamaitechnologies.com
May 18, 2016

104.96.221.98
a104-96-221-98.deploy.static.akamaitechnologies.com
May 18, 2016

104.96.221.91
a104-96-221-91.deploy.static.akamaitechnologies.com
May 18, 2016

23.15.9.138
a23-15-9-138.deploy.static.akamaitechnologies.com
April 21, 2016

23.15.9.147
a23-15-9-147.deploy.static.akamaitechnologies.com
April 21, 2016

65.158.47.154
April 14, 2016

65.158.47.131
April 14, 2016

184.51.126.83
a184-51-126-83.deploy.static.akamaitechnologies.com
April 4, 2016

184.51.126.90
a184-51-126-90.deploy.static.akamaitechnologies.com
April 4, 2016

63.88.100.168
May 5, 2015

184.26.44.103
a184-26-44-103.deploy.static.akamaitechnologies.com
May 4, 2015

184.26.44.98
a184-26-44-98.deploy.static.akamaitechnologies.com
May 4, 2015

23.67.243.59
a23-67-243-59.deploy.static.akamaitechnologies.com
May 3, 2015

23.67.243.24
a23-67-243-24.deploy.static.akamaitechnologies.com
May 3, 2015

23.67.250.112
a23-67-250-112.deploy.static.akamaitechnologies.com
May 3, 2015

23.67.250.104
a23-67-250-104.deploy.static.akamaitechnologies.com
May 3, 2015

23.0.160.74
a23-0-160-74.deploy.static.akamaitechnologies.com
December 1, 2014

184.51.126.18
a184-51-126-18.deploy.static.akamaitechnologies.com
September 5, 2014

184.51.126.64
a184-51-126-64.deploy.static.akamaitechnologies.com
September 5, 2014

184.51.126.50
a184-51-126-50.deploy.static.akamaitechnologies.com
September 5, 2014

23.0.160.65
a23-0-160-65.deploy.static.akamaitechnologies.com
September 5, 2014

23.0.160.11
a23-0-160-11.deploy.static.akamaitechnologies.com
September 5, 2014

23.0.160.72
a23-0-160-72.deploy.static.akamaitechnologies.com
September 5, 2014

184.51.126.32
a184-51-126-32.deploy.static.akamaitechnologies.com
September 5, 2014

184.51.126.56
a184-51-126-56.deploy.static.akamaitechnologies.com
September 5, 2014

63.88.100.147
May 31, 2014

 
Showing 30 of 35 IP Addresses

File downloads found at URLs served by files4.freega.me.

1 / 68      (PUP)
http://files4.freega.me/download?s=google&c=freega.me_seo&brand=Freega.me&pid=TR&bc=12672&country=US&cb=1659088736  (chocolatierdecadencebydesign-setup.exe)

2 / 68      (false positives)
http://files4.freega.me/dl-pure/1193979/.../?bc=1193979&checksum=43853&cb=-1377245384&usefilename=true&executableroutePath=1202171&stub=true  (wrar420.exe)

1 / 68      (PUP)
http://files4.freega.me/dl-pure/933973/.../?bc=933973&checksum=137129823&cb=1735873403&usefilename=true&executableroutePath=1202779&stub=true  (governorofpoker2-setup-106617433.exe)

1 / 68      (PUP)
http://files4.freega.me/dl-pure/1193979/.../?bc=1193979&checksum=137302237&cb=-871742320&usefilename=true&executableroutePath=1202171&stub=true  (vlcmediaplayer-setup-135079429.exe)

1 / 68      (PUP)
http://files4.freega.me/dl-pure/12564/.../?bc=12564&checksum=123918203&cb=1958095454&usefilename=true&executableroutePath=1202171&stub=true  (vlcmediaplayer-setup-135079429.exe)

1 / 68      (Adware)
http://files4.freega.me/download?s=seo&c=freega.me_seo&brand=Freega.me&pid=TR&bc=13302&country=us&cb=-71902797  (hoteldash-setup.exe)

2 / 68      (PUP)
http://files4.freega.me/dl-pure/10659/.../?bc=10659&checksum=1131373&cb=36592446&usefilename=true&executableroutePath=1202171&stub=true  (the-sims-freeplay_setup-118629151.exe)

2 / 68      (PUP)
http://files4.freega.me/dl-pure/10671/.../?bc=10671&checksum=42197&cb=-30028423&usefilename=true&executableroutePath=1202171&stub=true  (the-sims-freeplay_setup-118629151.exe)

12 / 68    (PUP)
http://files4.freega.me/dl-pure/13668/.../?bc=13668&checksum=70791&cb=1084368527&usefilename=true&executable=1200659  (kodi-setup-54173039.exe)

4 / 68      (PUP)
http://files4.freega.me/dl-pure/14454/.../?bc=14454&checksum=55923&cb=-537984472&usefilename=true&executable=1201405  (9gzddsa2.exe)

2 / 68      (false positives)
http://files4.freega.me/dl-pure/10641/.../?bc=10641&checksum=57375&cb=-1621710195&usefilename=true&executable=1200659  (wrar420.exe)

1 / 68      (Adware)
http://files4.freega.me/download?s=google&c=freega.me_seo&brand=Freega.me&pid=TR&bc=244527&country=US&cb=-71175115  (insidertalesthestolenvenus2-setup.exe)

7 / 68      (PUP)
http://files4.freega.me/dl-pure/925963/.../?bc=925963&checksum=26328105&cb=739838713&usefilename=true&executableroutePath=1201647&stub=true  (cradleofrome-setup-26328105.exe)

1 / 68      (PUP)
http://files4.freega.me/download?s=msn&c=freega.me_seo&brand=Freega.me&pid=TR&bc=13302&country=EG&cb=-950835863  (hoteldash-setup.exe)

12 / 68    (PUP)
http://files4.freega.me/dl-pure/13734/.../?bc=13734&checksum=1102489&cb=-576198570&usefilename=true&executable=1200659  (kodi-setup-54173039.exe)

2 / 68      (PUP)
http://files4.freega.me/dl-pure/933883/.../?bc=933883&checksum=61836361&cb=-1822165138&usefilename=true&executableroutePath1199715&stub=true  (kodi-setup-43980209.exe)

1 / 68      (Adware)
http://files4.freega.me/download/.../dl?s=google&c=multi2&brand=Freega.me&pid=TR&bc=14634&country=US&cb=-308493846&zTmp=1  (zombiebowlorama-setup.exe)

1 / 68      (Adware)
http://files4.freega.me/download/.../dl?bc=10669&pid=TR&brand=Freega.me&s=msn&c=Freega.Multigame&country=US&cb=-927243490&osName=Windows&osVersion=8.1&browserName=IE&browserVersion=11&zTmp=1  (jewelquestmysteries2trailofmidnightheart-setup.exe)

1 / 68      (Adware)
http://files4.freega.me/download/.../dl?bc=10641&pid=TR&brand=Freega.me&s=msn&c=Freega.Multigame&country=US&cb=-1044940836&osName=Windows&osVersion=8.1&browserName=IE&browserVersion=11&zTmp=1  (jewelquest3-setup.exe)

9 / 68      (Adware)
http://files4.freega.me/download?s=msn&c=freega.me_seo&brand=Freega.me&pid=TR&bc=12798&country=US&cb=1327643784  (dinerdashfloonthego-setup.exe)

9 / 68      (Adware)
http://files4.freega.me/download?s=msn&c=freega.me_seo&brand=Freega.me&pid=TR&bc=12798&country=US&cb=-1045994473  (dinerdashfloonthego-setup.exe)

9 / 68      (Adware)
http://files4.freega.me/download?s=msn&c=freega.me_seo&brand=Freega.me&pid=TR&bc=12798&country=US&cb=-728278528  (dinerdashfloonthego-setup.exe)

9 / 68      (Adware)
http://files4.freega.me/download?s=msn&c=freega.me_seo&brand=Freega.me&pid=TR&bc=12798&country=US&cb=-1308295394  (dinerdashfloonthego-setup.exe)

1 / 68      (Adware)
http://files4.freega.me/download?s=msn&c=single&brand=Freega.me&pid=TR&bc=13398&country=US&cb=1462081650  (jewelquest2-setup.exe)

1 / 68      (Adware)
http://files4.freega.me/download?s=msn&c=single&brand=Freega.me&pid=TR&bc=12708&country=US&cb=-1392444728  (cookingacademy-setup.exe)

1 / 68      (Adware)
http://files4.freega.me/download?s=msn&c=single&brand=Freega.me&pid=TR&bc=12708&country=US&cb=1844756888  (cookingacademy-setup.exe)

1 / 68      (Adware)
http://files4.freega.me/download?s=msn&c=single&brand=Freega.me&pid=TR&bc=12708&country=US&cb=-493494684  (cookingacademy-setup.exe)

1 / 68      (Adware)
http://files4.freega.me/download?s=msn&c=single&brand=Freega.me&pid=TR&bc=12708&country=US&cb=-65789494  (cookingacademy-setup.exe)

1 / 68      (Adware)
http://files4.freega.me/download?s=msn&c=single&brand=Freega.me&pid=TR&bc=12708&country=US&cb=-1918192913  (cookingacademy-setup.exe)

1 / 68      (Adware)
http://files4.freega.me/download?s=msn&c=single&brand=Freega.me&pid=TR&bc=12708&country=US&cb=1994039197  (cookingacademy-setup.exe)

 
Latest 30 of 97 download URLs

The following 863 files have been seen to comunicate with files4.freega.me in live environments.

TCP » 184.26.44.103:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 104.112.235.19:80
TBNotifier.exe (Ask TBNotifier by APN)

TCP » 184.51.126.50:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.26.44.98:80
cpx.exe (Google Embedded Application)

TCP » 184.51.126.90:443
kometa.exe (Kometa by Kometa Authors)

TCP » 184.51.126.83:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.26.44.103:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.51.126.105:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.51.126.90:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.51.126.105:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.51.126.105:443
citrio.exe (Citrio by CatalinaGroup)

TCP » 184.51.126.83:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.26.44.98:443
dailywiki.exe

TCP » 184.51.126.90:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.26.44.98:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.51.126.105:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.51.126.50:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.51.126.56:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.51.126.83:443
messengertime.exe

TCP » 184.26.44.103:443
UCBrowser.exe (UC Browser by UCWeb)

 
Latest 20 of 917 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.