home

s.premium-apps.net

PERFECT PRIVACY, LLC  (Proxy Registrant)

Domain Information

The domain s.premium-apps.net is registered by proxy through Network Solutions, LLC and was originally registered in January of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Cleveland, Ohio within the United States which resides on the Highwinds Network Group, Inc. network.
Registrar:
Network Solutions, LLC

Server location:
Ohio, United States (US)

Create date:
Monday, January 6, 2014

Expires date:
Friday, January 6, 2017

Updated date:
Saturday, November 7, 2015

ASN:
AS12989 HWNG Eweka Internet Services B.V.

Root domain:
premium-apps.net

Whois:
3 premium-apps.net records

Scanner detections:
Detections  (88% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Optional.Installer.LionSeaSoftwarecoltd.F, PUP.Installer.IgnitionInstaller.F, PUP.Installer.SecureDownload.J, PUP.OptimumInstaller.Bundler.Installer.Meta (M), PUP.Installer.DigitalPluginSl.F, PUP.Adknowledge.FileMonarch.Bundler (M), PUP.Softpulse.DIGITALP.Bundler (M), PUP.InstallCore.RES (M), PUP.Installa.Installer (M), PUP.Adknowledge.Fileange.Bundler (M), PUP.Outbrowse.Bundler (M), PUP.Softpulse.DigitalP.Bundler (M), PUP.SoftPulse.YumonSys.Installer (M), PUP.Outbrowse.OTOPIASo.Bundler (M), PUP.Softpulse.DIGITALP.Installer (M), PUP.Adknowledge (M)
93.55%

VIPRE Antivirus
Ignition Installer, Threat.4783235, Optimum Installer, Trojan.Win32.Generic
45.16%

Trend Micro House Call
TROJ_GEN.F47V0907, TROJ_GEN.F47V0214, TROJ_GEN.F47V0114, TROJ_GEN.F47V0403, TROJ_GEN.F47V0227, TROJ_GEN.F47V0110, TROJ_GEN.F47V0430, TROJ_GEN.F47V0506, TROJ_GEN.F47V0523
41.94%

Dr.Web
Adware.Downware.2039, Trojan.Click3.3888, Trojan.DownLoader11.30629, Adware.Downware.4908
41.94%

ESET NOD32
MSIL/Verti (variant), Win32/SoftPulse (variant), Win32/OutBrowse
25.81%

Malwarebytes
PUP.Optional.PremiumApps.A, PUP.Optional.OptimunInstaller, PUP.Optional.OutBrowse
22.58%

McAfee
Artemis!4DC7D10FB20C, Artemis!11BE50869125, Artemis!DE1E6C268131, Program.SoftPulse, Trojan.Artemis!46F8749DEF37
19.35%

F-Secure
Gen:Variant.Symmi.37960, Adware.IBryte.AF, Adware.Agent.OBB
9.68%

Agnitum Outpost
Riskware.Agent, Trojan.Agent
9.68%

avast!
Win32:SoftPulse-V [PUP], Win32:PUP-gen [PUP], Win32:Adware-gen [Adw]
9.68%

Avira AntiVirus
TR/Dropper.Gen, Adware/iBryte.bxoh, APPL/Downloader.Gen
9.68%

Sophos
SoftPulse, iBryte Premium Installer, Generic PUA IN
9.68%

G Data
Win32.Adware.Softpulse, Adware.IBryte.AF, Adware.Agent.OBB
9.68%

IKARUS anti.virus
Trojan.Win32.Buzus, AdWare.Downware
9.68%

herdProtect (fuzzy)
a variant of 3ea773ad0bbe7409a6efc9739b54514a9132e1a7, a variant of 1101f492613cf7198ae3652ec68d4752a235af80
6.45%

The domain s.premium-apps.net has been seen to resolve to the following 191 IP addresses.

54.230.193.39
server-54-230-193-39.iad53.r.cloudfront.net
September 14, 2016

54.230.193.34
server-54-230-193-34.iad53.r.cloudfront.net
September 14, 2016

54.230.193.241
server-54-230-193-241.iad53.r.cloudfront.net
September 14, 2016

54.230.193.219
server-54-230-193-219.iad53.r.cloudfront.net
September 14, 2016

54.230.193.168
server-54-230-193-168.iad53.r.cloudfront.net
September 14, 2016

54.230.193.118
server-54-230-193-118.iad53.r.cloudfront.net
September 14, 2016

54.230.193.88
server-54-230-193-88.iad53.r.cloudfront.net
September 14, 2016

54.230.193.80
server-54-230-193-80.iad53.r.cloudfront.net
September 14, 2016

52.84.125.94
server-52-84-125-94.iad16.r.cloudfront.net
August 19, 2016

52.84.125.14
server-52-84-125-14.iad16.r.cloudfront.net
August 19, 2016

52.84.125.251
server-52-84-125-251.iad16.r.cloudfront.net
August 19, 2016

52.84.125.245
server-52-84-125-245.iad16.r.cloudfront.net
August 19, 2016

52.84.125.239
server-52-84-125-239.iad16.r.cloudfront.net
August 19, 2016

52.84.125.219
server-52-84-125-219.iad16.r.cloudfront.net
August 19, 2016

52.84.125.168
server-52-84-125-168.iad16.r.cloudfront.net
August 19, 2016

52.85.131.227
server-52-85-131-227.iad53.r.cloudfront.net
July 13, 2016

52.85.131.214
server-52-85-131-214.iad53.r.cloudfront.net
July 13, 2016

52.85.131.162
server-52-85-131-162.iad53.r.cloudfront.net
July 13, 2016

52.85.131.132
server-52-85-131-132.iad53.r.cloudfront.net
July 13, 2016

52.85.131.73
server-52-85-131-73.iad53.r.cloudfront.net
July 13, 2016

52.85.131.50
server-52-85-131-50.iad53.r.cloudfront.net
July 13, 2016

52.85.131.242
server-52-85-131-242.iad53.r.cloudfront.net
July 13, 2016

52.85.131.235
server-52-85-131-235.iad53.r.cloudfront.net
July 13, 2016

54.192.19.192
server-54-192-19-192.iad12.r.cloudfront.net
July 8, 2016

54.192.19.182
server-54-192-19-182.iad12.r.cloudfront.net
July 8, 2016

54.192.19.146
server-54-192-19-146.iad12.r.cloudfront.net
July 8, 2016

54.192.19.134
server-54-192-19-134.iad12.r.cloudfront.net
July 8, 2016

54.192.19.28
server-54-192-19-28.iad12.r.cloudfront.net
July 8, 2016

54.192.19.24
server-54-192-19-24.iad12.r.cloudfront.net
July 8, 2016

54.192.19.17
server-54-192-19-17.iad12.r.cloudfront.net
July 8, 2016

 
Showing 30 of 191 IP Addresses

File downloads found at URLs served by s.premium-apps.net.

1 / 68      (Adware)
http://s.premium-apps.net/stub/.../setup.exe  (7a410b359a91d7e5f201de2592e75dc9)

The following 2192 files have been seen to comunicate with s.premium-apps.net in live environments.

TCP » 54.192.19.146:80
GoRadio.exe (RP by Resilion)

TCP » 54.192.19.134:80
cfhelp55.exe

TCP » 52.85.142.224:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.172:80
jingling.exe

TCP » 23.67.250.99:80
dailywiki.exe

TCP » 54.192.195.158:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.19.192:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 54.192.19.24:80
saber.exe

TCP » 52.84.125.94:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.19.192:80
saber.exe

TCP » 54.192.195.158:443
onlineguardian-v2.exe

TCP » 54.192.195.235:443
online-guardian.exe

TCP » 54.192.19.17:80
browser.exe (Browser)

TCP » 52.85.142.194:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.195.235:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.14:443
browser.exe (Browser)

TCP » 52.84.125.61:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.19.192:80
saber.exe

TCP » 52.85.142.194:443
messengertime.exe

TCP » 54.192.19.134:80
qkseesvc.exe

 
Latest 20 of 2,401 files

URL:
http://s.premium-apps.net/

Web server:
AmazonS3

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.