» www.citybitscontent.com
Overview
Analysis
IPs Addresses (16)
Downloads (9)
Network (13)

www.citybitscontent.com

Domain Information

Server location:

Oregon, United States (US)

ASN:

AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:

citybitscontent.com

Scanner detections:

Detections (89% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.InstallCore.FC.Installer (M), PUP.InstallCore.RE11 (M)

100.00%

The domain www.citybitscontent.com has been seen to resolve to the following 16 IP addresses.

ec2-52-41-114-34.us-west-2.compute.amazonaws.com

June 25, 2016

ec2-52-33-165-25.us-west-2.compute.amazonaws.com

June 25, 2016

ec2-52-33-46-229.us-west-2.compute.amazonaws.com

June 25, 2016

ec2-52-32-12-104.us-west-2.compute.amazonaws.com

June 25, 2016

ec2-54-149-195-20.us-west-2.compute.amazonaws.com

June 25, 2016

ec2-52-24-26-116.us-west-2.compute.amazonaws.com

May 19, 2016

ec2-52-25-41-73.us-west-2.compute.amazonaws.com

May 19, 2016

ec2-52-34-170-106.us-west-2.compute.amazonaws.com

April 19, 2016

ec2-52-88-159-85.us-west-2.compute.amazonaws.com

April 17, 2016

ec2-52-35-10-15.us-west-2.compute.amazonaws.com

April 17, 2016

ec2-52-26-95-11.us-west-2.compute.amazonaws.com

April 17, 2016

ec2-52-25-23-136.us-west-2.compute.amazonaws.com

April 17, 2016

ec2-54-191-37-5.us-west-2.compute.amazonaws.com

April 17, 2016

ec2-54-148-57-212.us-west-2.compute.amazonaws.com

April 17, 2016

ec2-54-69-198-37.us-west-2.compute.amazonaws.com

April 17, 2016

ec2-54-69-11-66.us-west-2.compute.amazonaws.com

April 17, 2016

File downloads found at URLs served by www.citybitscontent.com.

0 / 68

http://www.citybitscontent.com/WVl6OTRQVE54TkhaaGNESTRTelJ1V2tadVFtSnNjaVV5UmxOVVJuZzRWa1ZKUlRCeFNuQTJUa0ZHZDI0eU5YQlpaeVV6UkNaalBUQjZRU1V5UWxaYVptMUJSa0ZPUkRoSk5VUmFWMFZuYVU5SFRHSm5NMWgwZW14RVdrOUZKVEpDWVVaNlRtTlJUVFpxVmpneFZWWmxUSEUzUzFnME9FRnFOV3AwYVRkUlExVjFjRUV5TTBoR2IwZEpNR1FsTWtZd1ZWRmtVMmxvUjI5MmNUZHRTVlJsWmxabllUaDZjMFJIYkhoWk4xQkNUMDFvV0VOMFFXbHFRblptZDBscEptWmhiR3hpWVdOclgzVnliRDFvZEhSd0pUTmhKVEptSlRKbVpHOTNibXh2WVdRdWJXbGpjbTl6YjJaMExtTnZiU1V5Wm1SdmQyNXNiMkZrSlRKbVpTVXlabUVsTW1ZNUpUSm1aV0U1TVROak9HSXROVEZoTnkwME1XSTNMVGcyT1RjdE9XWXdaREJoTnpJM05HRmhKVEptUlhoalpXeFdhV1YzWlhJdVpYaGxKbVJ2ZDI1c2IyRmtRWE05UlhoalpXd3RWbWxsZDJWeUxURXlNakF4TFdSd0xtVjRaUT09 (excel-viewer-12201-dp.zip)

1 / 68 (Adware)

http://www.citybitscontent.com/c?x=mbC9Vc3pwmixQp6giBenCqenioWVtfM2NOOTDouepJA=&c=8UNiQFkCaf9OZjCXavQ9e0xfoxU3PMoadtx7r0FcHPUBEdmh4ShaloYdB3XQok/t8EpV4o0se 5WOuGX8SDTaYDm0w6x2Gk2Ks25biKh3P91twOn5KGFlRv1TJRKCXJ2&fallback_url=http://storage.dobreprogramy.pl/.../spring_publisher5.msi&downloadAs=SpringPublisher-33856-dp.exe (0b01b4e683a76cc9489e6039cd1f0282)

1 / 68 (Adware)

http://www.citybitscontent.com/c?x=vP72 jJMc7WFgl78X2fgIF2Ik6AInFEitAQ192uj bo=&c=ke0o1/apxrTZ9oveDLhFxKaUv NxpGUUUGGCRX3GBh Lp3 lgbz8YDavhujGsa7o3w8MASdHTLUZGMYtos7vHxDS0ztDtRlal3/kWSVulY/4Q9FsQE/1Ay02GBDK0D4r&fallback_url=http://www.posteriza.com/es/.../posteriza_install.exe&downloadAs=Posteriza-42719-dp.exe (a63cdf695b26f85cb8873e4d5a74489f)

1 / 68 (PUP)

http://www.citybitscontent.com/c?x=V4O4Pk49jWY25bXrCbGZ2vhgPzPNRZ9yGq ozKao5uA=&c=TMG6hY7e/5XoOafvrFy5Bhw4sH8iGIN6DbU2UnpB0VM5r8jcPOEAOceSRziXm7B0sI1xu2N1lSW5H17mANCDmMiw3XEijhhysELDi2dh 6Gtw1YulIN7iJXrMD4f9bxS&fallback_url=http://programer.internetdsl.pl/.../faktura_s.exe&downloadAs=Faktura-13080-dp.exe (d1dacd8a01a5cfe16cba01734554d30f)

1 / 68 (Adware)

http://www.citybitscontent.com/c?x=gMBkExKFol25wgZ59HqRRo78s9l0PpTr40zMY2bj7dw=&c=hzYaz2swIoi/uOYXE58 WK3I/WPem2qmG3xxYekxkVv7bRb3D4u9ChiBVGXpgPMKFrUXTTyrotqHoiT08CYHMj8cjGWYWZiHpmOKX/84 PnV c7cRSLbI94pfz8thL n&fallback_url=https://ftp.mozilla.org/pub/firefox/releases/45.0/win64/.../Firefox Setup 45.0.exe&downloadAs=Firefox-13108-dp.exe (6d36310eba4452042e1160d9ba1e0219)

1 / 68 (Adware)

http://www.citybitscontent.com/c?x=muBmV4q5yWYLdHLjeiE6tcj9 q2hs6c8cFuwJEip nQ=&c=h0nqHV/nv7A3sjAItxp8gwRfyPpdxMEdTXsOXoYfBw2DS1WXRVpGulobZLQc3/xogWvvgxtdHKFwspfDpE169H8SMVuYWAm62IXBvsu97bi7iE/fQPtUpPJHklSRcW6e&fallback_url=http://ftp.adobe.com/pub/adobe/reader/win/AcrobatDC/.../AcroRdrDC1500720033_pl_PL.exe&downloadAs=Adobe-Acrobat-Reader-DC-62180-dp.exe (cec8ca4bb98a863bc681d6e846fa04e9)

1 / 68 (Adware)

http://www.citybitscontent.com/c?x=aVYOqCmLj LWGNuJqgtQqmjeudVAeNnaApr3g1bu1kA=&c=KQnmidXq84LruRsmn2mdDCeuoMPMv/8RfDxZH/rUUS5APt8KofwpdBM0Y65WYYhunQp3u1vZ1PgcPLUVSPz91/f02fBXg31bPRDGNAM5vfi2j06eLZ6 os7gtgcvp/X7&fallback_url=https://ftp.mozilla.org/pub/firefox/releases/45.0/win64/.../Firefox Setup 45.0.exe&downloadAs=Firefox-13108-dp.exe (678d3fc11676f1e0a221a049fdcffe5c)

1 / 68 (Adware)

http://www.citybitscontent.com/c?x=knyGGrtWQsolo6CzYM/AxnNPzTk47P2Gqx76A1lPUN8=&c=7h1JMhihiBiv7Tzoz5RT37YqUAv3z4uoGs0dSNc PRRY7ZoesQLwk7A73Jf9IB5qRSBA7DaRF/VB3oOF 75HCF6Di7ZbH0DIp055/gwH9VKmwG7XzBazLq8onra2PISc&fallback_url=http://fpdownload.adobe.com/get/flashplayer/pdc/.../install_flash_player.exe&downloadAs=Adobe-Flash-Player-13091-dp.exe (faeec54a77dd5f635fff25a75809f3f3)

1 / 68 (Adware)

http://www.citybitscontent.com/c?x=o8d/8ZPLJ9fr Fl8q4U2Nagi61U5u447XaexXZttDyg=&c=79hNLExb44I spVVRYm30AJuEGAQs1bUSYNNfyeduAw3tI/RBntaRb4us1259PatIQCTnTBx YQOVWRZlOzpOsODI6BVZV1D3DuO3fhSCbapm6UtGQW1gkpMzdo JxaH&fallback_url=http://www.catzilla.com/jdownloads/.../Catzilla.exe&downloadAs=Catzilla-38789-dp.exe (54455ab9bb9c6ee3d77ef5ec7644fd36)

The following 13 files have been seen to comunicate with www.citybitscontent.com in live environments.

TCP » 52.33.46.229:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.33.46.229:80

browserairexec.exe (BrowserAir by Goobzo)

TCP » 52.24.26.116:443

online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443

online-guardian-v2.0.9.exe

TCP » 52.33.46.229:80

citrio.exe (Citrio by CatalinaGroup)

TCP » 52.33.46.229:80

TCP » 52.24.26.116:443

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443

036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.33.46.229:80

ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 52.33.46.229:80

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.33.46.229:80

browserair.exe (BrowserAir by Goobzo)

TCP » 52.24.26.116:443

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443

Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.