home

www.appfindr.org

Catherine Pfannenstiel

Domain Information

This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Scottsdale, Arizona within the United States which resides on the GoDaddy.com, LLC network.
Registrar:
1API GmbH

Server location:
Arizona, United States (US)

ASN:
AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC

Root domain:
appfindr.org

Whois:
4 appfindr.org records

Scanner detections:
Detections  (86% detected)

Scan engine
Details
Detections

AVG
MultiBundle, Could be an adware MultiBundle
63.04%

ESET NOD32
Win32/DownWare.AO potentially unwanted application, Win32/DownWare.AR potentially unwanted application
50.00%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
43.48%

avast!
Win32:Malware-gen, Win32:Evo-gen [Susp]
39.13%

Reason Heuristics
PUP.Bundler (M), Adware.DownloadShield.Bundle.Installer.Meta (M), Adware.DownloadShield.Bundle.Meta (M), Adware.Bundler (M), PUP.InstallCore.FC.Installer (M), PUP.InstallCore.AC.Installer (M)
36.96%

McAfee
Artemis!ED182CBBA7B2, RDN/Generic.tfr!eb, Artemis!E731037105C9, Artemis!D65573E374C2, Artemis!A324015B2E81, Artemis!8A53C815B446, Artemis!A2FD187C344C, PUP-RHRL, Artemis!9EF9EF786A90
30.43%

NANO AntiVirus
Riskware.Nsis.Dloader.dvvnkj
26.09%

Dr.Web
Adware.Downware.7946, Trojan.DownLoader15.58795, Trojan.DownLoader16.62013, Trojan.DownLoader17.22938, Trojan.MulDrop6.10354, Detection.Undefined
23.91%

IKARUS anti.virus
AdWare.MultiBundle, PUA.DownWare
23.91%

Qihoo 360 Security
Win32/Trojan.Multi.daf, HEUR/QVM42.1.Malware.Gen, HEUR/QVM42.0.Malware.Gen, HEUR/QVM20.1.0000.Malware.Gen
21.74%

ESET NOD32
Win32/DownWare.AB, Win32/DownWare.AO potentially unwanted, Win32/DownWare.AR potentially unwanted
17.39%

VIPRE Antivirus
Trojan.Win32.Generic
10.87%

SUPERAntiSpyware
Trojan.Agent/Gen-Downloader
8.70%

Kaspersky
UDS:DangerousObject.Multi.Generic
8.70%

K7 AntiVirus
Trojan , Adware
6.52%

The domain www.appfindr.org has been seen to resolve to the following 3 IP addresses.

104.31.82.8
May 3, 2015

104.31.83.8
May 3, 2015

50.62.109.1
p3nlhg678c1678.shr.prod.phx3.secureserver.net
January 14, 2014

File downloads found at URLs served by www.appfindr.org.

12 / 68    (PUP)
http://www.appfindr.org/en/.../download.php  (adobeflashplayer.exe)

0 / 68
http://www.appfindr.org/en/.../download.php  (mse72c.tmp.exe)

2 / 68      (PUP)
http://www.appfindr.org/en/.../download.php  (freewordsetup.exe)

3 / 68      (PUP)
http://www.appfindr.org/en/.../download.php  (unlocker.exe)

4 / 68      (inconclusive)
http://www.appfindr.org/ca/.../download.php  (fraps.exe)

4 / 68      (PUP)
http://www.appfindr.org/en/.../download.php  (hamachisetup.exe)

6 / 68      (PUP)
http://www.appfindr.org/ca/.../download.php  (viber.exe)

4 / 68      (PUP)
http://www.appfindr.org/uk/.../download.php  (fraps.exe)

7 / 68      (PUP)
http://www.appfindr.org/lps/.../download.php  (adobereader.exe)

3 / 68      (PUP)
http://www.appfindr.org/en/.../download.php  (plexsetup.exe)

1 / 68      (Adware)
http://www.appfindr.org/en/.../download.php  (viber.exe)

2 / 68      (PUP)
http://www.appfindr.org/en/.../download.php  (fraps.exe)

2 / 68      (PUP)
http://www.appfindr.org/en/.../download.php  (freepower_point_setup.exe)

4 / 68      (inconclusive)
http://www.appfindr.org/lps/.../download.php  (adobe_flash_player.exe)

2 / 68      (PUP)
http://www.appfindr.org/en/.../download.php  (adobe_flashplayer.exe)

2 / 68      (PUP)
http://www.appfindr.org/uk/.../download.php  (viber.exe)

4 / 68      (PUP)
http://www.appfindr.org/en/.../download.php  (pdf_reader.exe)

0 / 68
http://www.appfindr.org/en/.../download.php  (kies3setup.exe)

1 / 68      (Adware)
http://www.appfindr.org/uk/.../download.php  (unlocker.exe)

0 / 68
http://www.appfindr.org/SolarModel.zip  (60191981b57a05a56c9b64b627b178d1)

9 / 68      (PUP)
http://www.appfindr.org/en/.../download  (kindlesetup.exe)

3 / 68      (PUP)
http://www.appfindr.org/uk/.../download.php  (samsungkies.exe)

2 / 68      (PUP)
http://www.appfindr.org/.../Adobe_Flash_Player.exe  (816b0befc51a17311c368d8e07689fd0)

8 / 68      (PUP)
http://www.appfindr.org/ca/.../download.php  (hamachi.exe)

The following file have been seen to comunicate with www.appfindr.org in live environments.

TCP » 50.62.109.1:80
42fe.tmp.exe

URL:
http://www.appfindr.org/

Title:
“AppFindr”

SSL certificate subject:
CN=sni101501.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
cloudflare-nginx

Facebook:
Likes:  2
Shares:  4
Comments:  12

Statistics are for the previous month.

gameplayingzone.com

flvtoavi.com

soportetecnicoantioquia.com

statpages.info

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.