home

cdn.searchtooknow.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain cdn.searchtooknow.com is registered by proxy through GODADDY.COM, LLC and was originally registered in December of 2015. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Cambridge, Massachusetts within the United States which resides on the Akamai Technologies, Inc. network.
Registrar:
GODADDY.COM, LLC

Server location:
Massachusetts, United States (US)

Create date:
Monday, December 7, 2015

Expires date:
Wednesday, December 7, 2016

Updated date:
Monday, December 7, 2015

ASN:
AS20940 AKAMAI-ASN1 Akamai International B.V.,US

Root domain:
searchtooknow.com

Whois:
1 searchtooknow.com record

Google Safe Browsing:
unwanted

Scanner detections:
Detections  (94% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Mindspark, PUP.Yontoo.ArcticWorld.Installer (M)
66.67%

F-Prot
W32/Parite.A, W32/Sality.gen2
33.33%

Microsoft Security Essentials
Threat.Undefined
26.67%

Dr.Web
Trojan.Yontoo.3989, Win32.Sector.30
26.67%

avast!
Win32:Parite, Win32:SaliCode
26.67%

McAfee
Virus.Artemis!E5A9078BA622, Virus.W32/Pate.a, Trojan.Artemis!36A0CEA2096F, Trojan.Artemis!3835E114EF20
26.67%

Kaspersky
Virus.Win32.Parite, Virus.Win32.Sality
26.67%

Norman
Win32.Parite.A, Win32.Sality.3
26.67%

ESET NOD32
Win32/Parite.A virus, Win32/Sality.NBA virus
26.67%

VIPRE Antivirus
Threat.46248, Threat.4721115
20.00%

Emsisoft Anti-Malware
Win32.Parite, Win32.Sality
20.00%

F-Secure
Win32.Parite.A, Win32.Sality.3
20.00%

AVG
Win32/Parite
13.33%

Malwarebytes
PUP.Optional.BrowseFox
6.67%

Clam AntiVirus
Win.Adware.Browsefox-725
6.67%

The domain cdn.searchtooknow.com has been seen to resolve to the following 8 IP addresses.

184.26.143.163
a184-26-143-163.deploy.static.akamaitechnologies.com
February 27, 2016

184.26.143.147
a184-26-143-147.deploy.static.akamaitechnologies.com
February 27, 2016

184.51.126.98
a184-51-126-98.deploy.static.akamaitechnologies.com
February 2, 2016

184.51.126.89
a184-51-126-89.deploy.static.akamaitechnologies.com
February 2, 2016

23.15.8.217
a23-15-8-217.deploy.static.akamaitechnologies.com
February 1, 2016

23.15.8.234
a23-15-8-234.deploy.static.akamaitechnologies.com
February 1, 2016

184.51.126.186
a184-51-126-186.deploy.static.akamaitechnologies.com
January 3, 2016

184.51.126.185
a184-51-126-185.deploy.static.akamaitechnologies.com
January 3, 2016

File downloads found at URLs served by cdn.searchtooknow.com.

10 / 68    (Malware)
http://cdn.searchtooknow.com/.../mp?mpt=8&v=1.0.5822.27661  (mp.exe)

11 / 68    (Infected)
http://cdn.searchtooknow.com/.../mp?mpt=64&v=1.0.5822.27661  (mp.exe)

5 / 68      (PUP)
http://cdn.searchtooknow.com/.../mp?mpt=8&v=1.0.5851.29466  (mp.exe)

12 / 68    (PUP)
http://cdn.searchtooknow.com/.../mp?mpt=8&v=1.0.5822.27661  (mp.exe)

12 / 68    (PUP)
http://cdn.searchtooknow.com/.../mp?mpt=64&v=1.0.5822.27661  (mp.exe)

1 / 68      (PUP)
http://cdn.searchtooknow.com/.../mp?mpt=64&v=1.0.5822.27661  (mp.exe)

1 / 68      (PUP)
http://cdn.searchtooknow.com/.../mp?mpt=8&v=1.0.5861.24161  (mp.exe)

5 / 68      (PUP)
http://cdn.searchtooknow.com/.../mp?mpt=8&v=1.0.5822.27661  (mp.exe)

1 / 68      (PUP)
http://cdn.searchtooknow.com/.../mp?mpt=8&v=1.0.5863.33817  (mp.exe)

1 / 68      (PUP)
http://cdn.searchtooknow.com/.../mp?mpt=64&v=1.0.5863.33817  (mp.exe)

1 / 68      (PUP)
http://cdn.searchtooknow.com/.../mp?mpt=8&v=1.0.5861.34584  (mp.exe)

1 / 68      (PUP)
http://cdn.searchtooknow.com/.../mp?mpt=64&v=1.0.5861.34584  (mp.exe)

1 / 68      (PUP)
http://cdn.searchtooknow.com/.../mp?mpt=8&v=1.0.5862.29245  (temp.exe)

1 / 68      (PUP)
http://cdn.searchtooknow.com/.../mp?mpt=64&v=1.0.5862.29245  (mp.exe)

0 / 68
http://cdn.searchtooknow.com/.../mp?mpt=64&v=1.0.5822.27661  (mp.exe)

1 / 68      (PUP)
http://cdn.searchtooknow.com/.../mp?mpt=8&v=1.0.5851.29466  (mp.exe)

1 / 68      (PUP)
http://cdn.searchtooknow.com/.../mp?mpt=64&v=1.0.5822.27661  (64brmon.exe)

1 / 68      (PUP)
http://cdn.searchtooknow.com/.../mp?mpt=8&v=1.0.5822.27661  (mp.exe)

5 / 68      (PUP)
http://cdn.searchtooknow.com/.../mp?mpt=64&v=1.0.5822.27661  (mp.exe)

The following 203 files have been seen to comunicate with cdn.searchtooknow.com in live environments.

TCP » 184.51.126.89:443
kometa.exe (Kometa by Kometa Authors)

TCP » 184.51.126.89:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.51.126.98:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.51.126.98:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.51.126.89:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.51.126.98:443
kometa.exe (Kometa by Kometa Authors)

TCP » 184.26.143.163:80
UCBrowser.exe (by UCWeb)

TCP » 184.51.126.89:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.51.126.98:443
messengertime.exe

TCP » 184.51.126.98:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.51.126.89:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 23.15.8.234:80
browser.exe (Browser)

TCP » 184.26.143.163:80
UCBrowser.exe (by UCWeb)

TCP » 184.51.126.89:443
citrio.exe (Citrio by CatalinaGroup)

TCP » 184.51.126.89:443
Client.exe

TCP » 184.51.126.89:80
browser.exe (Browser)

TCP » 184.51.126.89:80
IMAPP.EXE (IncrediMail by IncrediMail)

TCP » 184.51.126.98:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 23.15.8.234:80
apptrailers.exe

TCP » 184.51.126.185:80
ed9256a4.exe (SS)

 
Latest 20 of 217 files

URL:
http://cdn.searchtooknow.com/

Web server:
Microsoft-IIS/7.5

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.