static.appfindr.org

Catherine Pfannenstiel

Domain Information

This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).
Registrar:
1API GmbH

Server location:
Virginia, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:

Scanner detections:
Detections  (81% detected)

Scan engine
Details
Detections

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
96.15%

McAfee Web Gateway
Artemis!2B38427B906F, BehavesLike.Win32.StartPage.mc, BehavesLike.Win32.CryptDoma.dc, BehavesLike.Win32.Downloader.dc, BehavesLike.Win32.Dropper.dc
84.62%

McAfee
Artemis!2B38427B906F, Artemis!ED182CBBA7B2, Artemis!D1F55A994B44, Artemis!610B614C2521, RDN/Generic.cf!a, Artemis!E02D0B838BC8, Artemis!B335D504DF9F, Artemis!B0AA0C564D61, Artemis!6D180149B7AC, Artemis!D1E3750EC6EE, Artemis!5DA41ADFEC8E, Artemis!116F3BA6EB5F
61.54%

AVG
MultiBundle, Could be an adware MultiBundle
61.54%

SUPERAntiSpyware
Trojan.Agent/Gen-Downloader
50.00%

NANO AntiVirus
Riskware.Nsis.Dloader.dvvnkj
42.31%

avast!
Win32:Malware-gen
38.46%

Dr.Web
Adware.Downware.7946, Trojan.DownLoader13.27328, Trojan.DownLoader16.62061, Trojan.DownLoader16.62013, Trojan.DownLoader17.55423
34.62%

Trend Micro House Call
TROJ_GEN.F47V0315, TROJ_GEN.R0C1H05FH14, Suspicious_GEN.F47V0806, Suspicious_GEN.F47V1221, Suspicious_GEN.F47V1222, TROJ_GEN.R047H05ER15
30.77%

VIPRE Antivirus
Conduit, Trojan.Win32.Generic.pak!cobra
26.92%

Qihoo 360 Security
Win32/Trojan.Multi.daf, HEUR/QVM42.1.Malware.Gen, HEUR/QVM42.0.Malware.Gen
23.08%

Kaspersky
UDS:DangerousObject.Multi.Generic
23.08%

Baidu Antivirus
Adware.Win32.DownWare, PUA.Win32.DownWare
15.38%

ESET NOD32
Win32/DownWare, Win32/DownWare.AN potentially unwanted, Win32/DownWare.AO potentially unwanted
15.38%

IKARUS anti.virus
AdWare.MultiBundle
15.38%

The domain static.appfindr.org has been seen to resolve to the following 18 IP addresses.

May 3, 2015

May 3, 2015

server-54-230-101-43.iad2.r.cloudfront.net
December 2, 2014

server-54-192-101-121.iad2.r.cloudfront.net
December 2, 2014

server-54-192-101-115.iad2.r.cloudfront.net
December 2, 2014

server-54-192-101-102.iad2.r.cloudfront.net
December 2, 2014

server-54-192-101-98.iad2.r.cloudfront.net
December 2, 2014

server-54-192-101-81.iad2.r.cloudfront.net
December 2, 2014

server-54-230-103-242.iad2.r.cloudfront.net
December 2, 2014

server-54-230-102-206.iad2.r.cloudfront.net
December 2, 2014

server-54-230-49-66.jfk5.r.cloudfront.net
May 30, 2014

server-54-230-49-147.jfk5.r.cloudfront.net
May 30, 2014

server-54-230-49-175.jfk5.r.cloudfront.net
May 30, 2014

server-54-230-49-63.jfk5.r.cloudfront.net
May 30, 2014

server-54-230-49-211.jfk5.r.cloudfront.net
May 30, 2014

server-54-230-49-156.jfk5.r.cloudfront.net
May 30, 2014

server-54-230-49-245.jfk5.r.cloudfront.net
May 30, 2014

server-54-230-49-169.jfk5.r.cloudfront.net
May 30, 2014

File downloads found at URLs served by static.appfindr.org.

0 / 68
http://static.appfindr.org/AdobeFlashPlayer.exe  (d8caada387670dcc165d49585f69233a)

10 / 68    (PUP)
http://static.appfindr.org/Hamachi.exe  (6d180149b7ac85cb9a93a55dcf1f49bf)

1 / 68      (PUP)
http://static.appfindr.org/FreeExcelSetup.exe  (2d5b930860070373c2e449bb0fcbaf45)

5 / 68      (inconclusive)
http://static.appfindr.org/.../Fraps.exe  (2b98d4e944764eeac052a3d77002ae2b)

12 / 68    (PUP)
http://static.appfindr.org/FreePowerPointSetup.exe  (87d3f9aaaee3c4ba84e078d3ab6dab7d)

9 / 68      (PUP)
http://static.appfindr.org/FreeWordSetup.exe  (d65573e374c20687feed87920581cbf8)

7 / 68      (PUP)
http://static.appfindr.org/Kindle.exe  (366ed52f07f3a7641f40d2c1427b0cfd)

8 / 68      (PUP)
http://static.appfindr.org/FreePowerPoint_Setup.exe  (11ff5880c617fce8a2e0bd01366e00c6)

5 / 68      (PUP)
http://static.appfindr.org/.../Adobe_Reader.exe  (b59e09e1137d956c9b73ed38f3deb88f)

6 / 68      (PUP)
http://static.appfindr.org/Viber.exe  (5da41adfec8efe2d1963b65dbbdcf69b)

8 / 68      (PUP)
http://static.appfindr.org/.../Viber.exe  (116f3ba6eb5fc81362a11bbe166e64d0)

8 / 68      (Malware)
http://static.appfindr.org/FreePowerPointSetup.exe  (b335d504df9f2cc79e660583c19602a0)

3 / 68      (inconclusive)
http://static.appfindr.org/.../Adobe_Reader.exe  (6eaa1cb3855c209fbee207a080866b4f)

10 / 68    (PUP)
http://static.appfindr.org/FreeWordSetup.exe  (d1e3750ec6eee9ec5011d22debbcf97b)

9 / 68      (PUP)
http://static.appfindr.org/AdobeFlashPlayer.exe  (610b614c25219ce55449c381b7a8c4d8)

2 / 68      (false positives)

9 / 68      (PUP)
http://static.appfindr.org/FreePowerPointSetup.exe  (dcf0e051143f94703cade83a1416cc70)

9 / 68      (PUP)
http://static.appfindr.org/FreePowerPointSetup.exe  (b0aa0c564d615ce3132fe70be91642fc)

6 / 68      (PUP)
http://static.appfindr.org/Free_Excel_Setup.exe  (5d83b4f2755c65adc7810932acb90f9d)

7 / 68      (PUP)
http://static.appfindr.org/Adobe_FlashPlayer.exe  (67073f53c0a28434a868905602ef638c)

7 / 68      (Malware)
http://static.appfindr.org/FreePowerPointSetup.exe  (e02d0b838bc8b8d0303cea600faa65a8)

8 / 68      (Malware)
http://static.appfindr.org/.../AdobeReader.exe  (518ae93f4990b7050536e866cfefea73)

15 / 68    (PUP)
http://static.appfindr.org/AdobeFlashPlayer.exe  (f0d09c31d0d0b078c2cacf79d97ebf9a)

7 / 68      (PUP)
http://static.appfindr.org/PDF_Reader.exe  (d1f55a994b443604faac339f755a9d23)

5 / 68      (Malware)
http://static.appfindr.org/Adobe_Reader.exe  (485342c859575267b93176b6ca599fec)

5 / 68      (PUP)
http://static.appfindr.org/.../Adobe_Flash_Player.exe  (ed182cbba7b225c40747cab2c4100b4d)

7 / 68      (inconclusive)
http://static.appfindr.org/Adobe_Reader.exe  (2b38427b906f153af53f5f00332ba475)

The following 8 files have been seen to comunicate with static.appfindr.org in live environments.