cdn.airdwnlds.com

Air Software  (via a Proxy Registrant)

Domain Information

The domain cdn.airdwnlds.com is registered by proxy through ENOM, INC. and was originally registered in September of 2012. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Dulles, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below). The domain is associated with the publisher Air Software who is located in Victoria, British Columbia in Canada.
Registrar:
ENOM, INC.

Server location:
Virginia, United States (US)

Create date:
Tuesday, September 11, 2012

Expires date:
Sunday, September 11, 2016

Updated date:
Wednesday, August 12, 2015

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
DownloadManager.AirSoftware.F, DownloadManager.Air Software.AirSoftware, PUP.Installer.Softpulse, PUP.Adknowledge.InstallManager.Installer (M), PUP.Air Software.AirSoftware.Bundler (M)
100.00%

Dr.Web
Adware.Downware.624, Trojan.SMSSend.4723, Trojan.SMSSend.5402, Adware.Downware.10718, Adware.Downware.586, Trojan.SMSSend.4803
87.50%

Malwarebytes
PUP.Optional.AirInstaller, PUP.Optional.AirAdInstaller
75.00%

K7 AntiVirus
Unwanted-Program , Riskware
75.00%

avast!
Win32:Installer-L [PUP], Win32:Adware-CAH [PUP], Adware-gen [Adw]
75.00%

VIPRE Antivirus
AirInstaller, Threat.4150696, Threat.4784938, Threat.4782985
75.00%

Sophos
AirInstaller, PUA 'AirInstaller'
75.00%

Rising Antivirus
PE:PUF.Airinstall!1.9C4C
75.00%

IKARUS anti.virus
AdWare.AirAdInstaller, Win32.SuspectCrc, PUA.AirAdInstaller, not-a-virus:AdWare.Win32
75.00%

Panda Antivirus
Adware/AirInstaller, Trj/Genetic.gen
75.00%

Comodo Security
Application.Win32.AirAdInstaller.A, Application.Win32.AirAdInstaller.B
62.50%

Avira AntiVirus
Adware/AirAdInstaller.AF.2, Adware/AgentCV.A.6255, ADWARE/Adware.Gen, Adware/AirAdInstaller.AD.2
62.50%

F-Prot
W32/AirInstall.A8.gen, W32/AirInstall.D.gen, W32/AirInstall.A7.gen
62.50%

Trend Micro House Call
HV_ZYX_BK0841DD.TOMC, HV_ZYX_BK083306.TOMC
50.00%

Agnitum Outpost
PUA.AirAdInstaller
50.00%

The domain cdn.airdwnlds.com has been seen to resolve to the following 26 IP addresses.

server-54-230-194-248.iad53.r.cloudfront.net
November 7, 2015

server-54-230-192-183.iad53.r.cloudfront.net
November 7, 2015

server-54-230-192-27.iad53.r.cloudfront.net
November 7, 2015

server-54-192-194-172.iad53.r.cloudfront.net
November 7, 2015

server-54-192-194-9.iad53.r.cloudfront.net
November 7, 2015

server-54-192-192-120.iad53.r.cloudfront.net
November 7, 2015

server-54-230-195-80.iad53.r.cloudfront.net
November 7, 2015

server-54-230-195-61.iad53.r.cloudfront.net
November 7, 2015

server-54-230-18-212.iad12.r.cloudfront.net
February 18, 2015

server-54-230-17-110.iad12.r.cloudfront.net
February 18, 2015

server-54-230-17-39.iad12.r.cloudfront.net
February 18, 2015

server-54-230-16-233.iad12.r.cloudfront.net
February 18, 2015

server-54-230-16-180.iad12.r.cloudfront.net
February 18, 2015

server-54-230-16-83.iad12.r.cloudfront.net
February 18, 2015

server-54-230-16-3.iad12.r.cloudfront.net
February 18, 2015

server-54-240-160-112.iad12.r.cloudfront.net
February 18, 2015

server-54-230-192-213.iad53.r.cloudfront.net
February 4, 2015

server-54-230-192-44.iad53.r.cloudfront.net
February 4, 2015

server-54-230-16-222.iad12.r.cloudfront.net
November 10, 2014

server-54-230-16-163.iad12.r.cloudfront.net
November 10, 2014

server-54-230-18-206.iad12.r.cloudfront.net
November 10, 2014

server-54-230-18-179.iad12.r.cloudfront.net
November 10, 2014

server-54-230-18-113.iad12.r.cloudfront.net
November 10, 2014

server-54-230-18-43.iad12.r.cloudfront.net
November 10, 2014

server-54-230-18-18.iad12.r.cloudfront.net
November 10, 2014

server-54-230-17-136.iad12.r.cloudfront.net
November 10, 2014

File downloads found at URLs served by cdn.airdwnlds.com.

2 / 68      (Adware)

15 / 68    (Adware)

30 / 68    (Adware)

30 / 68    (Adware)

24 / 68    (Adware)

1 / 68      (Adware)

32 / 68    (Adware)

15 / 68    (Adware)

The following 9 files have been seen to comunicate with cdn.airdwnlds.com in live environments.

URL:
http://cdn.airdwnlds.com/

Network:
Amazon Cloudfront

Web server:
Apache/2.2.22 (Ubuntu)