home

static.appfindr.org

Catherine Pfannenstiel

Domain Information

This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).
Registrar:
1API GmbH

Server location:
Virginia, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
appfindr.org

Whois:
3 appfindr.org records

Scanner detections:
Detections  (70% detected)

Scan engine
Details
Detections

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
96.15%

McAfee
Artemis!2B38427B906F, Artemis!ED182CBBA7B2, Artemis!D1F55A994B44, Artemis!610B614C2521, RDN/Generic.cf!a, Artemis!E02D0B838BC8, Artemis!B335D504DF9F, Artemis!B0AA0C564D61, Artemis!6D180149B7AC, Artemis!D1E3750EC6EE, Artemis!5DA41ADFEC8E, Artemis!116F3BA6EB5F
61.54%

AVG
MultiBundle, Could be an adware MultiBundle
61.54%

SUPERAntiSpyware
Trojan.Agent/Gen-Downloader
50.00%

NANO AntiVirus
Riskware.Nsis.Dloader.dvvnkj
42.31%

avast!
Win32:Malware-gen
38.46%

Dr.Web
Adware.Downware.7946, Trojan.DownLoader13.27328, Trojan.DownLoader16.62061, Trojan.DownLoader16.62013, Trojan.DownLoader17.55423
34.62%

Trend Micro House Call
TROJ_GEN.F47V0315, TROJ_GEN.R0C1H05FH14, Suspicious_GEN.F47V0806, Suspicious_GEN.F47V1221, Suspicious_GEN.F47V1222, TROJ_GEN.R047H05ER15
30.77%

VIPRE Antivirus
Conduit, Trojan.Win32.Generic.pak!cobra
26.92%

Qihoo 360 Security
Win32/Trojan.Multi.daf, HEUR/QVM42.1.Malware.Gen, HEUR/QVM42.0.Malware.Gen
23.08%

Kaspersky
UDS:DangerousObject.Multi.Generic
23.08%

Baidu Antivirus
Adware.Win32.DownWare, PUA.Win32.DownWare
15.38%

ESET NOD32
Win32/DownWare, Win32/DownWare.AN potentially unwanted, Win32/DownWare.AO potentially unwanted
15.38%

IKARUS anti.virus
AdWare.MultiBundle
15.38%

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF, PE:Malware.Generic/QRS!1.9E2D[F1]
11.54%

The domain static.appfindr.org has been seen to resolve to the following 18 IP addresses.

104.31.82.8
May 3, 2015

104.31.83.8
May 3, 2015

54.230.101.43
server-54-230-101-43.iad2.r.cloudfront.net
December 2, 2014

54.192.101.121
server-54-192-101-121.iad2.r.cloudfront.net
December 2, 2014

54.192.101.115
server-54-192-101-115.iad2.r.cloudfront.net
December 2, 2014

54.192.101.102
server-54-192-101-102.iad2.r.cloudfront.net
December 2, 2014

54.192.101.98
server-54-192-101-98.iad2.r.cloudfront.net
December 2, 2014

54.192.101.81
server-54-192-101-81.iad2.r.cloudfront.net
December 2, 2014

54.230.103.242
server-54-230-103-242.iad2.r.cloudfront.net
December 2, 2014

54.230.102.206
server-54-230-102-206.iad2.r.cloudfront.net
December 2, 2014

54.230.49.66
server-54-230-49-66.jfk5.r.cloudfront.net
May 30, 2014

54.230.49.147
server-54-230-49-147.jfk5.r.cloudfront.net
May 30, 2014

54.230.49.175
server-54-230-49-175.jfk5.r.cloudfront.net
May 30, 2014

54.230.49.63
server-54-230-49-63.jfk5.r.cloudfront.net
May 30, 2014

54.230.49.211
server-54-230-49-211.jfk5.r.cloudfront.net
May 30, 2014

54.230.49.156
server-54-230-49-156.jfk5.r.cloudfront.net
May 30, 2014

54.230.49.245
server-54-230-49-245.jfk5.r.cloudfront.net
May 30, 2014

54.230.49.169
server-54-230-49-169.jfk5.r.cloudfront.net
May 30, 2014

File downloads found at URLs served by static.appfindr.org.

0 / 68
http://static.appfindr.org/AdobeFlashPlayer.exe  (d8caada387670dcc165d49585f69233a)

8 / 68      (PUP)
http://static.appfindr.org/Hamachi.exe  (6d180149b7ac85cb9a93a55dcf1f49bf)

1 / 68      (PUP)
http://static.appfindr.org/FreeExcelSetup.exe  (2d5b930860070373c2e449bb0fcbaf45)

4 / 68      (inconclusive)
http://static.appfindr.org/.../Fraps.exe  (2b98d4e944764eeac052a3d77002ae2b)

10 / 68    (PUP)
http://static.appfindr.org/FreePowerPointSetup.exe  (87d3f9aaaee3c4ba84e078d3ab6dab7d)

8 / 68      (PUP)
http://static.appfindr.org/FreeWordSetup.exe  (d65573e374c20687feed87920581cbf8)

6 / 68      (PUP)
http://static.appfindr.org/Kindle.exe  (366ed52f07f3a7641f40d2c1427b0cfd)

7 / 68      (PUP)
http://static.appfindr.org/FreePowerPoint_Setup.exe  (11ff5880c617fce8a2e0bd01366e00c6)

4 / 68      (inconclusive)
http://static.appfindr.org/.../Adobe_Reader.exe  (b59e09e1137d956c9b73ed38f3deb88f)

5 / 68      (Malware)
http://static.appfindr.org/Viber.exe  (5da41adfec8efe2d1963b65dbbdcf69b)

7 / 68      (PUP)
http://static.appfindr.org/.../Viber.exe  (116f3ba6eb5fc81362a11bbe166e64d0)

7 / 68      (Malware)
http://static.appfindr.org/FreePowerPointSetup.exe  (b335d504df9f2cc79e660583c19602a0)

2 / 68      (inconclusive)
http://static.appfindr.org/.../Adobe_Reader.exe  (6eaa1cb3855c209fbee207a080866b4f)

9 / 68      (PUP)
http://static.appfindr.org/FreeWordSetup.exe  (d1e3750ec6eee9ec5011d22debbcf97b)

7 / 68      (PUP)
http://static.appfindr.org/AdobeFlashPlayer.exe  (610b614c25219ce55449c381b7a8c4d8)

2 / 68      (false positives)
http://static.appfindr.org/FreePowerPointSetup.exe  (wrar420.exe)

9 / 68      (PUP)
http://static.appfindr.org/FreePowerPointSetup.exe  (dcf0e051143f94703cade83a1416cc70)

8 / 68      (PUP)
http://static.appfindr.org/FreePowerPointSetup.exe  (b0aa0c564d615ce3132fe70be91642fc)

5 / 68      (PUP)
http://static.appfindr.org/Free_Excel_Setup.exe  (5d83b4f2755c65adc7810932acb90f9d)

7 / 68      (PUP)
http://static.appfindr.org/Adobe_FlashPlayer.exe  (67073f53c0a28434a868905602ef638c)

6 / 68      (Malware)
http://static.appfindr.org/FreePowerPointSetup.exe  (e02d0b838bc8b8d0303cea600faa65a8)

7 / 68      (Malware)
http://static.appfindr.org/.../AdobeReader.exe  (518ae93f4990b7050536e866cfefea73)

12 / 68    (PUP)
http://static.appfindr.org/AdobeFlashPlayer.exe  (f0d09c31d0d0b078c2cacf79d97ebf9a)

6 / 68      (PUP)
http://static.appfindr.org/PDF_Reader.exe  (d1f55a994b443604faac339f755a9d23)

4 / 68      (inconclusive)
http://static.appfindr.org/Adobe_Reader.exe  (485342c859575267b93176b6ca599fec)

4 / 68      (inconclusive)
http://static.appfindr.org/.../Adobe_Flash_Player.exe  (ed182cbba7b225c40747cab2c4100b4d)

4 / 68      (inconclusive)
http://static.appfindr.org/Adobe_Reader.exe  (2b38427b906f153af53f5f00332ba475)

The following 8 files have been seen to comunicate with static.appfindr.org in live environments.

TCP » 54.230.49.175:80
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

TCP » 54.230.49.175:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.230.49.175:443
archivo de descarga de utorrent - poeidon666.exe (Softonic Downloader by Softonic)

TCP » 54.230.49.175:443
whatsapptime.exe

TCP » 54.230.49.175:80
apptrailers.exe

TCP » 54.230.49.211:80
trailerwatch.exe

TCP » 54.230.49.175:80
tuneuppro.exe (Tuneup Pro)

TCP » 54.230.49.175:80
whatsapptime.exe

TCP » 54.230.49.211:80
browser.exe (Browser)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.