The domain download.searchapps.me registered by Whois Privacy (enumDNS dba) was initially registered in January of 2012 through GoDaddy.com, LLC R41-ME (146). This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dulles, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).
Registrant:
Whois Privacy (enumDNS dba)
Registrar:
EuroDNS SA R34-ME (1052)
Server location:
Virginia, United States (US)
Create date:
Friday, January 13, 2012
Expires date:
Sunday, January 13, 2019
Updated date:
Friday, March 20, 2015
ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.
Scanner detections:
Detections (89% detected)
Scan engine
Details
Detections
Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
78.95%
SUPERAntiSpyware
Heur.Agent/Gen-WhiteBox, Trojan.Agent/Gen-Downloader
52.63%
Reason Heuristics
(M), PUP.Win.Reputation, PUP.Bundler, PUP.Bundler (M), Adware.DownloadShield.Bundle.Meta (M)
42.11%
McAfee
Artemis!5370F47EC79A, Artemis!7D3E55174780, Artemis!1EA81549358E, Artemis!5ED3A62CBFA9, Artemis!65B7C837ACED, RDN/Generic Downloader.x!np, Artemis!98B14C81A658
42.11%
VIPRE Antivirus
Conduit, Trojan.Win32.Generic.pak!cobra, Threat.4657539
31.58%
ESET NOD32
Win32/DownWare, Win32/SearchApps
26.32%
Trend Micro House Call
TROJ_GEN.F47V0607, Suspicious_GEN.F47V1222, TROJ_GEN.F47V0826, TROJ_GEN.R0EBH06EQ15
21.05%
Baidu Antivirus
Adware.Win32.DownWare, Trojan.Win32.SearchApps
21.05%
Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
15.79%
avast!
Win32:Malware-gen
15.79%
Dr.Web
Trojan.DownLoader11.35082, Trojan.DownLoader13.18115, Trojan.DownLoader15.61998
15.79%
Bkav FE
W32.Clode30.Trojan, W32.Clodabf.Trojan
10.53%
K7 AntiVirus
Trojan
10.53%
Norman
Suspicious_Gen4.FBMJZ, Agent.BLYNX
10.53%
The domain download.searchapps.me has been seen to resolve to the following 71 IP addresses.
server-54-240-160-233.iad12.r.cloudfront.net
December 2, 2014
server-54-230-19-200.iad12.r.cloudfront.net
December 2, 2014
server-54-230-18-216.iad12.r.cloudfront.net
December 2, 2014
server-54-230-18-192.iad12.r.cloudfront.net
December 2, 2014
server-54-230-17-105.iad12.r.cloudfront.net
December 2, 2014
server-54-230-16-254.iad12.r.cloudfront.net
December 2, 2014
server-54-230-16-237.iad12.r.cloudfront.net
December 2, 2014
server-54-192-101-81.iad2.r.cloudfront.net
December 1, 2014
server-54-230-102-91.iad2.r.cloudfront.net
December 1, 2014
server-54-192-101-118.iad2.r.cloudfront.net
December 1, 2014
server-54-192-101-98.iad2.r.cloudfront.net
December 1, 2014
server-54-192-101-92.iad2.r.cloudfront.net
December 1, 2014
server-54-192-101-82.iad2.r.cloudfront.net
December 1, 2014
server-54-230-16-52.iad12.r.cloudfront.net
December 1, 2014
server-54-230-16-41.iad12.r.cloudfront.net
December 1, 2014
server-54-240-160-176.iad12.r.cloudfront.net
December 1, 2014
server-54-230-17-229.iad12.r.cloudfront.net
December 1, 2014
server-54-230-17-172.iad12.r.cloudfront.net
December 1, 2014
server-54-230-16-140.iad12.r.cloudfront.net
December 1, 2014
server-54-230-16-134.iad12.r.cloudfront.net
December 1, 2014
server-54-230-16-112.iad12.r.cloudfront.net
December 1, 2014
server-54-230-19-13.iad12.r.cloudfront.net
September 4, 2014
server-54-230-18-206.iad12.r.cloudfront.net
September 4, 2014
server-54-230-18-177.iad12.r.cloudfront.net
September 4, 2014
server-54-230-18-64.iad12.r.cloudfront.net
September 4, 2014
server-54-230-17-4.iad12.r.cloudfront.net
September 4, 2014
server-54-230-16-175.iad12.r.cloudfront.net
September 4, 2014
server-54-230-16-54.iad12.r.cloudfront.net
September 4, 2014
Showing 30 of 71 IP Addresses
File downloads found at URLs served by download.searchapps.me.
The following 32 files have been seen to comunicate with download.searchapps.me in live environments.
URL:
http://download.searchapps.me/
Network:
Amazon Cloudfront
SSL certificate subject:
CN=sni55794.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated
SSL certificate issuer:
CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
Web server:
cloudflare-nginx