home

ui.pkgappdist.com

HugeDomains.com

Domain Information

The domain ui.pkgappdist.com registered by HugeDomains.com was initially registered in March of 2016 through DROPCATCH.COM 767 LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Registrar:
DROPCATCH.COM 767 LLC

Server location:
Virginia, United States (US)

Create date:
Thursday, March 3, 2016

Expires date:
Friday, March 3, 2017

Updated date:
Friday, March 4, 2016

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US

Root domain:
pkgappdist.com

Whois:
1 pkgappdist.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

avast!
Adware-OD [PUP], Adware-QF [Adw], Win32:Adware-gen [Adw]
52.00%

AVG
Generic5, Adware Generic5.AUUM, Adware Generic5.BPYT, Adware Generic5.CKCI, Adware AddLyrics.AS, Adware AddLyrics_r.ML
48.00%

Reason Heuristics
PUP.Revizer.FOE.Installer.Meta (M), Adware.Revizer.Installer.Meta (M), PUP.FullSpectrum.Bundler.Meta (M)
44.00%

Baidu Antivirus
Adware.Win32.Browsefox, Adware.Win32.AddLyrics
44.00%

MicroWorld eScan
Gen:Variant.Adware.Graftor.146914, Gen:Variant.Adware.Graftor.162521, Gen:Variant.Adware.AddLyrics.32, Gen:Variant.Adware.Graftor.177260, Gen:Variant.Adware.Symmi.50400
44.00%

G Data
Gen:Variant.Adware.Graftor.146914, NSIS.Adware.AddLyrics, Gen:Variant.Adware.AddLyrics.32, Gen:Variant.Adware.Graftor.177260
44.00%

Bitdefender
Gen:Variant.Adware.Graftor.146914, Gen:Variant.Adware.AddLyrics.32, Gen:Variant.Adware.Graftor.177260, Gen:Variant.Adware.AddLyrics.36
40.00%

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.146914, Gen:Variant.Graftor.174225, Gen:Variant.Adware.AddLyrics.32, Gen:Variant.Adware.Graftor.177260, Gen:Variant.Adware.AddLyrics.36
40.00%

Dr.Web
infected with Trojan.Revizer.84, Adware.AddLyrics.1, infected with Trojan.Revizer.417, infected with Trojan.Lyrics.481, infected with Trojan.Lyrics.648
40.00%

ESET NOD32
Win32/AdWare.AddLyrics.AM application, Win32/AdWare.AddLyrics.BO application, Win32/Adware.AddLyrics.DR application, Win32/Adware.AddLyrics.DX application
36.00%

F-Secure
Gen:Variant.Adware.Graftor.146914, Gen:Variant.Adware.Graftor.162521, Gen:Variant.Adware.AddLyrics.32, Gen:Variant.Adware.Symmi.50400
32.00%

VIPRE Antivirus
Threat.5063086, Trojan.Win32.Generic
28.00%

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.174225, Gen:Variant.Adware.AddLyrics.32, Gen:Variant.Adware.Graftor.177260, Gen:Variant.Adware.AddLyrics.36
24.00%

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.146914, Gen:Variant.Adware.Graftor.162521, Gen:Variant.Adware.Symmi.50400, Gen:Variant.Adware.Graftor.177260
20.00%

Rising Antivirus
PE:Malware.Obscure/Heur!1.9E03
20.00%

The domain ui.pkgappdist.com has been seen to resolve to the following 11 IP addresses.

107.23.198.240
ec2-107-23-198-240.compute-1.amazonaws.com
July 7, 2016

52.4.72.137
ec2-52-4-72-137.compute-1.amazonaws.com
July 7, 2016

52.20.195.18
ec2-52-20-195-18.compute-1.amazonaws.com
May 25, 2016

54.172.219.65
ec2-54-172-219-65.compute-1.amazonaws.com
May 25, 2016

52.20.104.240
ec2-52-20-104-240.compute-1.amazonaws.com
May 18, 2016

107.23.195.178
ec2-107-23-195-178.compute-1.amazonaws.com
May 18, 2016

54.152.144.243
ec2-54-152-144-243.compute-1.amazonaws.com
April 13, 2016

52.200.243.123
ec2-52-200-243-123.compute-1.amazonaws.com
April 13, 2016

54.174.149.30
ec2-54-174-149-30.compute-1.amazonaws.com
April 5, 2016

107.21.42.142
ec2-107-21-42-142.compute-1.amazonaws.com
April 5, 2016

54.175.122.46
ec2-54-175-122-46.compute-1.amazonaws.com
March 3, 2016

File downloads found at URLs served by ui.pkgappdist.com.

10 / 68    (PUP)
http://ui.pkgappdist.com/apps/.../VeriBrowse_5010-1021.exe  (16a70269952b1266b00062f830a6a4a1)

2 / 68      (PUP)
http://ui.pkgappdist.com/apps/.../VeriBrowse_5010-1021.exe  (file open error.exe)

3 / 68      (PUP)
http://ui.pkgappdist.com/apps/.../VeriBrowse_5010-1021.exe  (file open error.exe)

1 / 68      (PUP)
http://ui.pkgappdist.com/apps/.../VeriBrowse_5010-1021.exe  (file open error.exe)

11 / 68    (PUP)
http://ui.pkgappdist.com/apps/.../VeriBrowse_5010-1021.exe  (file open error.exe)

1 / 68      (PUP)
http://ui.pkgappdist.com/apps/.../VeriBrowse_5010-1021.exe  (file open error.exe)

3 / 68      (PUP)
http://ui.pkgappdist.com/apps/.../VeriBrowse_5010-1021.exe  (file open error.exe)

15 / 68    (PUP)
http://ui.pkgappdist.com/apps/.../VeriBrowse_5010-1021.exe  (file open error.exe)

9 / 68      (PUP)
http://ui.pkgappdist.com/apps/.../VeriBrowse_5010-1021.exe  (file open error.exe)

19 / 68    (PUP)
http://ui.pkgappdist.com/apps/.../VeriBrowse_5010-1021.exe  (file open error.exe)

1 / 68      (PUP)
http://ui.pkgappdist.com/apps/.../VeriBrowse_5010-1021.exe  (file open error.exe)

1 / 68      (PUP)
http://ui.pkgappdist.com/apps/.../VeriBrowse_5010-1021.exe  (file open error.exe)

1 / 68      (PUP)
http://ui.pkgappdist.com/apps/.../VeriBrowse_5010-1021.exe  (file open error.exe)

1 / 68      (PUP)
http://ui.pkgappdist.com/apps/.../VeriBrowse_5010-1021.exe  (file open error.exe)

2 / 68      (PUP)
http://ui.pkgappdist.com/apps/.../VeriBrowse_5010-1021.exe  (file open error.exe)

3 / 68      (PUP)
http://ui.pkgappdist.com/apps/.../VeriBrowse_5010-1021.exe  (file open error.exe)

1 / 68      (PUP)
http://ui.pkgappdist.com/apps/.../VeriBrowse_5010-1021.exe  (file open error.exe)

18 / 68    (PUP)
http://ui.pkgappdist.com/apps/.../VeriBrowse_5010-1021.exe  (file open error.exe)

20 / 68    (PUP)
http://ui.pkgappdist.com/apps/.../VeriBrowse_5010-1021.exe  (file open error.exe)

10 / 68    (PUP)
http://ui.pkgappdist.com/apps/.../VeriBrowse_5010-1021.exe  (file open error.exe)

20 / 68    (PUP)
http://ui.pkgappdist.com/apps/.../VeriBrowse_5010-1021.exe  (file open error.exe)

4 / 68      (PUP)
http://ui.pkgappdist.com/apps/.../VeriBrowse_5010-1021.exe  (file open error.exe)

13 / 68    (PUP)
http://ui.pkgappdist.com/apps/.../VeriBrowse_5010-1021.exe  (file open error.exe)

11 / 68    (PUP)
http://ui.pkgappdist.com/apps/.../VeriBrowse_5010-1021.exe  (file open error.exe)

3 / 68      (PUP)
http://ui.pkgappdist.com/apps/.../VeriBrowse_5010-1021.exe  (file open error.exe)

The following 36 files have been seen to comunicate with ui.pkgappdist.com in live environments.

TCP » 107.23.198.240:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 107.23.198.240:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 107.23.198.240:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 107.23.198.240:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 107.23.198.240:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 52.20.104.240:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 52.20.104.240:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 52.200.243.123:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 52.200.243.123:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 52.200.243.123:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 52.200.243.123:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 52.200.243.123:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 52.200.243.123:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 52.200.243.123:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 52.200.243.123:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 52.200.243.123:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 52.200.243.123:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 52.200.243.123:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 52.200.243.123:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 52.200.243.123:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

 
Latest 20 of 36 files

URL:
http://ui.pkgappdist.com/

Google Analytics:
UA-7117339

Title:
“HugeDomains.com - PkgappDist.com is for sale (Pkgapp Dist)”

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
Microsoft-IIS/8.5 (ASP.NET)

90he.com

albionsecure.com

ambode.com

apheliononline.com

danielsbydesign.com

dapyx.com

ddlnow.com

debsoft.com

delight3d.com

descargarmobogenie.com

dominoesstars.com

ebookily.com

eezpix.com

electronicsengineers.com

facecores.com

fire-soft.com

freeloadz.com

freevideodownloadforpc.com

frmclstr.com

fxvan.com

gimpx.com

hope-media.com

installimesh.com

kamikazewargames.com

lolthai.com

lovetunisia.com

lucidms.com

mooregames.com

mtibia.com

mygameonline.com

30 of 50 related domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.