home

files5.openoffice.fm

Domain Information

Server location:
Texas, United States (US)

ASN:
AS36351 SOFTLAYER - SoftLayer Technologies Inc.

Root domain:
openoffice.fm

Scanner detections:
Detections  (60% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.TomorrowSoftware.GOLDENBANNERS.Bundler (M), PUP.DownloadAdmin.SocialVoicingSolutions.Installer (M), PUP.Tightrope.DownloadAdmin.Bundler (M)
100.00%

Malwarebytes
PUP.Optional.InstallCore
33.33%

avast!
Win32:Malware-gen
33.33%

The domain files5.openoffice.fm has been seen to resolve to the following 4 IP addresses.

50.22.63.140
50.22.63.140-static.reverse.softlayer.com
January 4, 2016

50.22.63.138
50.22.63.138-static.reverse.softlayer.com
January 4, 2016

108.168.160.45
108.168.160.45-static.reverse.softlayer.com
September 7, 2014

50.97.63.217
50.97.63.217-static.reverse.softlayer.com
September 7, 2014

File downloads found at URLs served by files5.openoffice.fm.

1 / 68      (Adware)
http://files5.openoffice.fm/dl?bc=608  (openofficesuite-setup.exe)

0 / 68
http://files5.openoffice.fm/dl?bc=608  (openofficeorg31.msi)

1 / 68      (PUP)
http://files5.openoffice.fm/dl?bc=1193057  (openofficesuite-setup.exe)

3 / 68      (Adware)
http://files5.openoffice.fm/dl?bc=608  (openofficesuite-setup.exe)

0 / 68
http://files5.openoffice.fm/download?bc=608  (openofficesuite-setup.exe)

The following 236 files have been seen to comunicate with files5.openoffice.fm in live environments.

TCP » 50.97.63.217:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 50.97.63.217:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 50.97.63.217:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 50.97.63.217:80
TNT2User.exe (by Eshield)

TCP » 50.97.63.217:80
eshieldtoolbar.exe (by Eshield)

TCP » 50.22.63.138:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 50.22.63.140:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 50.97.63.217:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 50.22.63.140:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 50.22.63.138:80
update_31.exe (Fast Downloader Media)

TCP » 50.22.63.140:80
windowssoftwareupdater.exe (SoftwareUpdater)

TCP » 50.22.63.138:80
updateadmin.exe

TCP » 50.22.63.138:80
windowssoftwareupdater.exe (SoftwareUpdater)

TCP » 50.22.63.140:80
updateadmin.exe

TCP » 50.22.63.140:80
update_31.exe (Fast Downloader Media)

TCP » 50.22.63.138:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 50.22.63.138:80
netdownloader.exe

TCP » 50.22.63.140:80
netdownloader.exe

TCP » 50.97.63.217:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 50.22.63.140:80
update_14.exe (Fast Downloader Media)

 
Latest 20 of 319 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.