home

ddl.searchfiles.freedirectdownload.ru

Private Person  (Proxy Registrant)

Domain Information

The domain ddl.searchfiles.freedirectdownload.ru is registered by proxy through REGRU-RU and was originally registered in April of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Portland, Oregon within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Oregon) region datacenter.
Registrar:
REGRU-RU

Server location:
Oregon, United States (US)

Create date:
Monday, April 28, 2014

Expires date:
Thursday, April 28, 2016

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
freedirectdownload.ru

Whois:
1 freedirectdownload.ru record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

AhnLab V3 Security
PUP/Win32.Amonetiz
100.00%

AVG
Generic
100.00%

Reason Heuristics
PUP.Installer.AMGRUP.CC
100.00%

avast!
Win32:Adware-gen [Adw]
100.00%

Emsisoft Anti-Malware
Gen:Variant.Adware.Netfilter
100.00%

F-Secure
Gen:Variant.Adware.Netfilter.2
100.00%

ESET NOD32
Win32/Amonetize.CK potentially unwanted application
100.00%

Lavasoft Ad-Aware
Gen:Variant.Adware.Netfilter.2
100.00%

McAfee
Trojan.Artemis!DE732793E0EA
100.00%

Norman
Gen:Variant.Adware.Netfilter.2
100.00%

MicroWorld eScan
Gen:Variant.Adware.Netfilter.2
100.00%

Agnitum Outpost
PUA.Amonetize
100.00%

Trend Micro House Call
TROJ_GEN.R08NH09LM14
100.00%

Bitdefender
Gen:Variant.Adware.Netfilter.2
100.00%

Avira AntiVirus
Adware/Amonetize.314368.1
100.00%

The domain ddl.searchfiles.freedirectdownload.ru has been seen to resolve to the following IP address.

54.69.104.255
ec2-54-69-104-255.us-west-2.compute.amazonaws.com
May 3, 2015

File downloads found at URLs served by ddl.searchfiles.freedirectdownload.ru.

19 / 68    (Adware)
http://ddl.searchfiles.freedirectdownload.ru/download.php?version=1.1.5.26&campid=3687&instid[appname]=[easy]how To Root Alcatel One Touch Fierce&instid[appsetupurl]=http://cleansoft.primelit.com/bitmaster.exe&instid[cmdline]=-f "name://how to root alcatel one touch"&instid[appimageurl]=http://i.ytimg.com/vi/.../1.jpg&prefix=How.To.Root.Alcatel.One.Touch.Fierce&instid[thankyoupage]=&instid[interrupted]=&ti1=1018945624  (super mario bros.__3435_il497.exe)

The following 3 files have been seen to comunicate with ddl.searchfiles.freedirectdownload.ru in live environments.

TCP » 54.69.104.255:80
tmp781a.tmp

TCP » 54.69.104.255:80
tmp5600.tmp

TCP » 54.69.104.255:80
tmp61f7.tmp

URL:
http://ddl.searchfiles.freedirectdownload.ru/

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
ngx_openresty (PHP/5.4.37)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.