home

facecores.com

HugeDomains.com

Domain Information

The domain facecores.com registered by HugeDomains.com was initially registered in February of 2015 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Scottsdale, Arizona within the United States which resides on the GoDaddy.com, LLC network.
Registrar:
DROPCATCH.COM 568 LLC

Server location:
Arizona, United States (US)

Create date:
Saturday, February 7, 2015

Expires date:
Tuesday, February 7, 2017

Updated date:
Monday, February 8, 2016

ASN:
AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC

Whois:
2 facecores.com records

Scanner detections:
Detections  (88% detected)

Scan engine
Details
Detections

Trend Micro
ADW_CORES, ADW_ADPLUG, ADW_POPUP
75.00%

avast!
Win32:Dropper-gen [Drp], Win32:PUP-gen [PUP], Win32:Malware-gen
75.00%

Trend Micro House Call
TROJ_GEN.F47V1214, TROJ_GEN.F47V0318, TROJ_GEN.R0CBH07CB14, ADW_ADPLUG
62.50%

MicroWorld eScan
Trojan.GenericKD.1608312, Adware.Generic.906744, Trojan.GenericKD.1613141, Gen:Variant.Strictor.54938
62.50%

McAfee
Artemis!74A973CB233C, Artemis!BCFA63EF9F40, Artemis!3A0E111294E9
62.50%

Bitdefender
Trojan.GenericKD.1608312, Adware.Generic.906744, Trojan.GenericKD.1613141, Gen:Variant.Strictor.54938
62.50%

Lavasoft Ad-Aware
Trojan.GenericKD.1608312, Adware.Generic.906744, Trojan.GenericKD.1613141, Gen:Variant.Strictor.54938
62.50%

F-Secure
Trojan.GenericKD.1608312, Adware.Generic.906744, Trojan.GenericKD.1613141, Gen:Variant.Strictor.54938
62.50%

G Data
Trojan.GenericKD.1608312, Adware.Generic.906744, Trojan.GenericKD.1613141, Gen:Variant.Strictor.54938
62.50%

Reason Heuristics
Threat.Win.Reputation.IMP
62.50%

Malwarebytes
Adware.PimpMyWindow
62.50%

VIPRE Antivirus
Adware.Win32.PimpMyWindow, Trojan.Win32.Generic
62.50%

ESET NOD32
Win32/CoresParaSite, Win32/CoresParaSite (variant)
62.50%

AVG
Generic5, Generic_c
62.50%

nProtect
Trojan.GenericKD.1608312, Trojan-Clicker/W32.PimpMyWindow.1381376
50.00%

The domain facecores.com has been seen to resolve to the following 17 IP addresses.

52.206.43.234
ec2-52-206-43-234.compute-1.amazonaws.com
August 18, 2016

52.4.72.137
ec2-52-4-72-137.compute-1.amazonaws.com
August 18, 2016

107.23.198.240
ec2-107-23-198-240.compute-1.amazonaws.com
August 18, 2016

54.236.123.224
ec2-54-236-123-224.compute-1.amazonaws.com
August 18, 2016

54.210.33.190
ec2-54-210-33-190.compute-1.amazonaws.com
August 18, 2016

54.172.219.65
ec2-54-172-219-65.compute-1.amazonaws.com
May 25, 2016

52.20.195.18
ec2-52-20-195-18.compute-1.amazonaws.com
May 25, 2016

52.20.104.240
ec2-52-20-104-240.compute-1.amazonaws.com
May 20, 2016

107.23.195.178
ec2-107-23-195-178.compute-1.amazonaws.com
May 20, 2016

54.152.144.243
ec2-54-152-144-243.compute-1.amazonaws.com
April 16, 2016

52.200.243.123
ec2-52-200-243-123.compute-1.amazonaws.com
April 16, 2016

107.23.42.50
ec2-107-23-42-50.compute-1.amazonaws.com
February 26, 2016

52.73.136.140
ec2-52-73-136-140.compute-1.amazonaws.com
February 26, 2016

52.71.117.99
ec2-52-71-117-99.compute-1.amazonaws.com
February 13, 2016

52.0.96.24
ec2-52-0-96-24.compute-1.amazonaws.com
February 13, 2016

50.63.202.85
ip-50-63-202-85.ip.secureserver.net
April 30, 2014

46.23.73.76
March 14, 2014

File downloads found at URLs served by facecores.com.

2 / 68      (PUP)
http://facecores.com/.../appcoresfacebook.exe  (ca001f5157f6a9eb2d8357302af35a8d)

29 / 68    (PUP)
http://facecores.com/.../appcolor.exe  (bcfa63ef9f40db9facfb8aa526164a6e)

30 / 68    (PUP)
http://facecores.com/.../appcolor.exe  (69538696f61786e98a45683199fbc474)

13 / 68    (PUP)
http://facecores.com/.../appcoresfacebook.exe  (3a0e111294e9f49a56b98cb68dac16f5)

1 / 68      (Malware)
http://facecores.com/appcolor.exe  (efde239d3129d904382866866731c8c4)

31 / 68    (PUP)
http://facecores.com/.../appcolor.exe  (74a973cb233ccef7c252cc06e466ad68)

29 / 68    (PUP)
http://facecores.com/.../appcolor.exe  (7fb498f6e1e8c2784102fa594ca1ca41)

3 / 68      (inconclusive)
http://facecores.com/.../appcoresfacebook.exe  (5b3142afa1ad6a3c4d2bba05a71c27b1)

The following 50 files have been seen to comunicate with facecores.com in live environments.

TCP » 52.206.43.234:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.206.43.234:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.206.43.234:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.206.43.234:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 107.23.198.240:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 107.23.198.240:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 107.23.198.240:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 107.23.198.240:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 107.23.198.240:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 107.23.42.50:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 50.63.202.85:80
tunnel.exe (by Microsoft)

TCP » 52.0.96.24:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 52.0.96.24:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 52.0.96.24:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 52.20.104.240:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 52.20.104.240:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 52.200.243.123:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 52.200.243.123:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 52.200.243.123:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

TCP » 52.200.243.123:80
kngjfmklipimnkegmcilmbhchklgjgfl.crx

 
Latest 20 of 53 files

February 26, 2016
www.facecores.com

URL:
http://facecores.com/

Google Analytics:
UA-7117339

Title:
“HugeDomains.com - FaceCores.com is for sale (Face Cores)”

Web server:
Microsoft-IIS/8.5 (ASP.NET)

90he.com

albionsecure.com

ambode.com

apheliononline.com

danielsbydesign.com

dapyx.com

ddlnow.com

debsoft.com

delight3d.com

descargarmobogenie.com

dominoesstars.com

ebookily.com

eezpix.com

electronicsengineers.com

fire-soft.com

freeloadz.com

freevideodownloadforpc.com

frmclstr.com

fxvan.com

gimpx.com

hope-media.com

installimesh.com

kamikazewargames.com

lolthai.com

lovetunisia.com

lucidms.com

mooregames.com

mtibia.com

mygameonline.com

orionbroking.com

30 of 50 related domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.