» www.centertodaytower.com
Overview
Analysis
IPs Addresses (17)
Downloads (10)
Network (36)

www.centertodaytower.com

Domain Information

Server location:

Oregon, United States (US)

ASN:

AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:

centertodaytower.com

Scanner detections:

Detections (83% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.InstallCore.Installer.Installer (M)

83.33%

Microsoft Security Essentials

Worm:Win32/NeksMiner.A

16.67%

F-Secure

Application:W32/Generic.70053c248f!Online

16.67%

The domain www.centertodaytower.com has been seen to resolve to the following 17 IP addresses.

ec2-54-148-183-210.us-west-2.compute.amazonaws.com

August 29, 2016

ec2-52-41-114-34.us-west-2.compute.amazonaws.com

August 29, 2016

ec2-52-38-209-219.us-west-2.compute.amazonaws.com

August 29, 2016

ec2-52-36-112-186.us-west-2.compute.amazonaws.com

August 29, 2016

ec2-52-33-46-229.us-west-2.compute.amazonaws.com

August 29, 2016

ec2-54-200-224-121.us-west-2.compute.amazonaws.com

August 29, 2016

ec2-52-25-41-73.us-west-2.compute.amazonaws.com

May 16, 2016

ec2-52-24-26-116.us-west-2.compute.amazonaws.com

May 16, 2016

ec2-52-26-95-11.us-west-2.compute.amazonaws.com

April 20, 2016

ec2-54-148-57-212.us-west-2.compute.amazonaws.com

April 20, 2016

ec2-54-69-198-37.us-west-2.compute.amazonaws.com

April 20, 2016

ec2-54-191-37-5.us-west-2.compute.amazonaws.com

April 13, 2016

ec2-54-69-11-66.us-west-2.compute.amazonaws.com

April 13, 2016

ec2-52-88-159-85.us-west-2.compute.amazonaws.com

April 13, 2016

ec2-52-35-10-15.us-west-2.compute.amazonaws.com

April 13, 2016

ec2-52-34-170-106.us-west-2.compute.amazonaws.com

April 13, 2016

ec2-52-25-23-136.us-west-2.compute.amazonaws.com

April 13, 2016

File downloads found at URLs served by www.centertodaytower.com.

2 / 68 (false positives)

http://www.centertodaytower.com/c?x=JVyv//J/fyN5FIijOFLin5WbarmuSv2QVaC6MiLKKy4=&c=fczoJAbF3opKiTTNTGOGuHxiafcH8sFWtjNs2se9dNQ11kQ96Wp Zk059ejl40sYkLzlX7RaH8k98lnpi2JiRoz7UPGlp2eeJ7jQEdOir91G98oF0w6vmQBROM8uzJ46&fallback_url=http://office.microsoft.com/pl-pl/.../bezpatna-wersja-probna-produkty-microsoft-office-i-office-365-FX102858196.aspx&downloadAs=installer_Microsoft_PowerPoint_sciagnij.exe (wrar420.exe)

1 / 68 (Adware)

http://www.centertodaytower.com/c?x=ILF0mrZRt2lKsX6Pt6HJ7QYNvuZsk5azoDVBSrrCjvs=&c=KO01mTCtX7koHFtLxb4myXH5daS93LHTyBktJX3k3R YYIEJ/Q9pDS6uTUTO6h23gaSgIdvg/qTufLbXtu23LQGNycmdr t9B3XCYKaz4/44vO1FKHk0o6f4Fdbe3efV&fallback_url=http://office.microsoft.com/pl-pl/.../bezpatna-wersja-probna-produkty-microsoft-office-i-office-365-FX102858196.aspx&downloadAs=installer_Microsoft_Word_sciagnij.exe (3da465177c8909b12eff85ef6b5e5600)

1 / 68 (Adware)

http://www.centertodaytower.com/c?x=aUD/Utrn5qM1JLkXZ0aD6A IRyxsK6iMq6ser71N4XI=&c=Gtq6lxhJGq/buov4sZj/9Ha1RsbhgoeqNUrd3LaPIZZe3mTefBUPE0FtcI4SMrDa9gJHFlonDWquZVjktq0CZI8 qiHAZHhFac3zuSl18Sa2NwAGEpZH4YFnYa5xbXP1&fallback_url=http://office.microsoft.com/pl-pl/.../bezpatna-wersja-probna-produkty-microsoft-office-i-office-365-FX102858196.aspx&downloadAs=installer_Microsoft_PowerPoint_sciagnij.exe (icreinstall_installer_microsoft_powerpoint_sciagnij.exe)

1 / 68 (Adware)

http://www.centertodaytower.com/c?x=sAARVyX1NwHqp0pu0CloZMLq5hIj7YxqEHfIarGuoOU=&c=XrIatpIu0aRVl80cQEXU0neSbYZlyQi74NOOAPgdBjAsSjwBaBwT1Mgg9a0Mm/uU5sgc0IOSfLIkYM4pdvoxXeWFJkoxtSIkDcw5SYQOc7nk56Vz0QuNJUODfPh/R9 W&fallback_url=http://bi.sciagnij.pl/0/.../zyczu-mc.zip&downloadAs=installer_Minecraft_Launcher_by_Zyczu_sciagnij.exe (62acefc2d4bb16747b166dd23f8244de)

1 / 68 (Adware)

http://www.centertodaytower.com/c?x=CF8/ as6/DYqO2SIJed4Lo2iyVDudLqg7tYoVKLnMjc=&c=n57zz6xVmp9JECOM31/WdsLYjjKa2M9UMxGfayuKM6XcBofGLLMq056tf B9O/ozEN7HyOHRH3jy bIGrgYG7YlKsHwZeHL7qwKaKMHXItqFO27iqRQZE1Kb6Z6XM7zo&fallback_url=http://office.microsoft.com/pl-pl/.../bezpatna-wersja-probna-produkty-microsoft-office-i-office-365-FX102858196.aspx&downloadAs=installer_Microsoft_Word_sciagnij.exe (3da465177c8909b12eff85ef6b5e5600)

1 / 68 (Adware)

http://www.centertodaytower.com/c?x=1xidNhsicqBMpj yf5Y4UXUSpcrvve4zze1CNZw/7sk=&c=gK4wStU8mCwivjf6eRwcdx PCKf7/qFNyQg8N6I FzyU/fC/ARAXoQmBWKkQ8fG7xuqpr/Bi4St4hbApt/zCK6WL8U5zxJI0MU31fz OR7saw1W7fLRcZRiXnSFFShur&fallback_url=http://office.microsoft.com/pl-pl/.../bezpatna-wersja-probna-produkty-microsoft-office-i-office-365-FX102858196.aspx&downloadAs=installer_Microsoft_Word_sciagnij.exe (3da465177c8909b12eff85ef6b5e5600)

1 / 68 (Adware)

http://www.centertodaytower.com/c?x=nx0jQTeRvS89j/IIi/fNjuM2DH3aPxeJt/OP8z z7xs=&c=2r34aumyl9jXzIq6UUNvqrSaczM9luaI6j691nAU0N1q9l/24RSwn7TH2kFMT6XKyD4P1yg/zOmWNPt7dDRsQSQpzYzbHfZqOsMFOx54/aw0O0N6oQWP7iKHdoEgeIHb&fallback_url=http://office.microsoft.com/pl-pl/.../bezpatna-wersja-probna-produkty-microsoft-office-i-office-365-FX102858196.aspx&downloadAs=installer_Microsoft_Word_sciagnij.exe (3da465177c8909b12eff85ef6b5e5600)

1 / 68 (Adware)

http://www.centertodaytower.com/c?x= GFJyhCVcgXYxNKKmGUtHLZH88Ea4qA/5bgsEJ3of/Y=&c=O2Ryq9yRv8kc3jmy7IaJfX9cRzQwKljXHAFADVySKyBWZ7NontXc1/1g51zK/ItbrysfxUVsZE56I2szPfPpPcQzfpCzXxncgTbxNbwq3JxjBF0KznUGPQjRegutCFDe&fallback_url=http://bi.sciagnij.pl/0/.../ChromeSetup64bit.exe&downloadAs=installer_Google_Chrome_sciagnij.exe (icreinstall_installer_google_chrome_sciagnij.exe)

1 / 68 (Adware)

http://www.centertodaytower.com/c?x=PedEV0KJlRHHjI/YMhCu4eq4mG1y2ADO8F6w57fbZw4=&c=pUd3L Qpo8Dbnvw KjsOslky85CjQykKshkXsDZiTVoRwd9eek8Qqtn/Od7/bNvcJzhNQCJb4FOez4nk1GexrSg0Nxp7jf6RxtlJrSnvOU3W4Ta7m/6yrYR26XQCGqbW&fallback_url=http://bi.sciagnij.pl/0/.../aresregular238_installer.exe&downloadAs=installer_Ares_sciagnij.exe (icreinstall_installer_ares_sciagnij.exe)

1 / 68 (Adware)

http://www.centertodaytower.com/c?x=Ra659ro/ay/3Q9v9 9jf5Y q 6JnsnlFtPAzCvcKG7k=&c=TBAZXW6p2RUDBqTUGuXs 2Ra4nGFsILR56laNN7ImTE5E0Tb8JY8OZVyUnRgLIzKEeF5AhR5ERiPNNf9wH7Od5sfS6ESDH EpotbJEO7cxpZ8GVBjdYXPo12P69TIS3q&fallback_url=http://bi.sciagnij.pl/0/.../zyczu-mc.zip&downloadAs=installer_Minecraft_Launcher_by_Zyczu_sciagnij.exe (62acefc2d4bb16747b166dd23f8244de)

The following 36 files have been seen to comunicate with www.centertodaytower.com in live environments.

TCP » 52.38.209.219:80

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.33.46.229:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.33.46.229:80

browserairexec.exe (BrowserAir by Goobzo)

TCP » 52.38.209.219:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.38.209.219:80

browserairexec.exe (BrowserAir by Goobzo)

TCP » 54.200.224.121:80

browser.exe (Browser)

TCP » 52.24.26.116:443

online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443

online-guardian-v2.0.9.exe

TCP » 54.200.224.121:80

kometa.exe (Kometa by @COMPANY_FULLNAME@)

TCP » 52.38.209.219:80

browser.exe (Browser)

TCP » 52.33.46.229:80

citrio.exe (Citrio by CatalinaGroup)

TCP » 54.200.224.121:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.200.224.121:80

ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 54.200.224.121:80

browser.exe (Browser)

TCP » 52.33.46.229:80

TCP » 54.200.224.121:80

kmplayer_3.8.0.123.exe.exe (The KMPlayer by PandoraTV)

TCP » 52.24.26.116:443

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443

036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.33.46.229:80

ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 52.33.46.229:80

rlvknlg.exe (Relevant-Knowledge by TMRG)

Latest 20 of 77 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.