» www.cleantourapplications.com
Overview
Analysis
IPs Addresses (11)
Downloads (18)
Network (6)

www.cleantourapplications.com

Domain Information

Server location:

Oregon, United States (US)

ASN:

AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:

cleantourapplications.com

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.installCore.MICROMAXSTUDIO.Installer (M), PUP.installCore.MICROMAX.Installer (M)

100.00%

The domain www.cleantourapplications.com has been seen to resolve to the following 11 IP addresses.

ec2-52-25-41-73.us-west-2.compute.amazonaws.com

May 16, 2016

ec2-52-24-26-116.us-west-2.compute.amazonaws.com

May 16, 2016

ec2-54-148-57-212.us-west-2.compute.amazonaws.com

April 18, 2016

ec2-54-69-198-37.us-west-2.compute.amazonaws.com

April 18, 2016

ec2-52-26-95-11.us-west-2.compute.amazonaws.com

April 18, 2016

ec2-52-34-170-106.us-west-2.compute.amazonaws.com

April 10, 2016

ec2-52-25-23-136.us-west-2.compute.amazonaws.com

April 10, 2016

ec2-54-191-37-5.us-west-2.compute.amazonaws.com

April 10, 2016

ec2-54-69-11-66.us-west-2.compute.amazonaws.com

April 10, 2016

ec2-52-88-159-85.us-west-2.compute.amazonaws.com

April 10, 2016

ec2-52-35-10-15.us-west-2.compute.amazonaws.com

April 10, 2016

File downloads found at URLs served by www.cleantourapplications.com.

1 / 68 (PUP)

http://www.cleantourapplications.com/c?x=1TIUzFo1APyy/bpdqYFf/juzEmXM6toSkdCWGVYWe6U=&c=AmC OeZTz8sXeqOsSOrXtAwuEkob YvaZKli4KQw7V3E2 SYfhRiWsxKAERj/acHiTTOyyH1k7fXWPPmZyQdMo7yJLBZBzZV5BOR/okFNbTa5zvXpmVO7bczdgesa2r6&fallback_url=http://res.hufftos.com/.../Firefox_Setup_21.0_fr.exe (icreinstall_firefox_setup_21.0_fr.exe)

1 / 68 (PUP)

http://www.cleantourapplications.com/c?x=8puyt4ASoTEa0ts7Nlb4Aa0R4TpjSaX5Moc3NIjoVRk=&c=pua7DtlOOU4IMy1qUueP6QxuNwCFDG0twdGVQ9DdV9x2ytxxx9Uwt06Xs8Cm4E5pU gE Kj00SEET7YQQsW/0wmIzORy6T9KTRSdxWRZu0Ym4S/6DetIk1r8bHKEodiN&fallback_url=http://res.prograbay.com/.../install_flashplayer11x32_mssd_aih_other.exe (ed6b2c9ba1e9ed992e260149ceccb800)

1 / 68 (PUP)

http://www.cleantourapplications.com/c?x=CWs6E37kjfcBcim WOQgyxMK4tVUPIYBOhYtVh0sVhE=&c= 4LJVIzqHYUXRfNi smEzIaPXonMkDMjyYnjINV42bd7NrF44QSCNF5CdekCj3U772sszEKM4j72XyCc3YixDX9uC8inBBfxwhZdihPwcioXZCVmLjp5tlGGsRnCKwt9&fallback_url=http://res.futboldwnld.com/.../SopCast-3.5.0.exe (icreinstall_sopcast-3.5.0.exe)

1 / 68 (PUP)

http://www.cleantourapplications.com/c?x=scyLQTJrZakXp71VjGuPf5y9UF8HtJOExlAeF1kYCn4=&c=0UpG1UjBLQjXATmbD1sl3El68BuihF74thnVjh6v2OCzZcazzIYdSIGiKHTPdEJFoOR2Uiyotm5ITXkwgY2ehJKjhZYi1VSW7BfNi BZqpOXW6MN48NH3csESqGi0c72U0dJ97foCH61REyUOq4oA5Y6MhjPs/NKS1zSX6rEWaXh1JdQuWvKdlxGOpRmO21w&fallback_url=http://res.hufftos.com/.../install_flashplayer11x32_mssd_aih_other.exe (setup.exe)

1 / 68 (PUP)

http://www.cleantourapplications.com/c?x=86Dqorc2uli4doe4mqHidmYUtd6x2G2Io1cCwX6kqHc=&c=7yi9gAHUuVZwGyqxl qXqtBnK3OL6N9Gs0xSSAHsZVud78wTJSSobI6FmZlKt/NnBIxKNvOZOxMfjeFFW7/e1irPI X8tEDPxOgQ3qCAvi3FErx8yBEnFwO8LqVAfnMp&fallback_url=http://res.hufftos.com/.../Firefox_Setup_21.0_fr.exe (icreinstall_firefox_setup_21.0_fr.exe)

1 / 68 (PUP)

http://www.cleantourapplications.com/c?x=NwCFy8L8CQQ8xMI CRbzWEZW5GDYy1zOKQABbFqsjCA=&c=3/1Ra KwlGTY/YYYHlCO1aGOopFHYkr95HLhER4NhyUJisKke/xEPbsxp22eakDAfqJHmHyatppeqgN35ZybtOR1vSkiEGngkVDc6cVMNtl1APhrvTtZwDzzd6oGqRqy&fallback_url=http://res.hufftos.com/.../ChromeSetup_fr.exe (8092e80b7335c65ebf2c84914b4e60b3)

1 / 68 (PUP)

http://www.cleantourapplications.com/c?x=BPkEWDtl0WxKKzC6DUA UpPWoC1tUTff5PGGZLFH0dI=&c=l2iICPQV5YAeiygNwNPznmemHB22jKQmXxM6QCRlITbMmZClTRqz5eg4EkGlZej/MM2hS2/3s879dmbLee2NLK ysIn TP0/oC0qEAuBQdAsJCOSNfHdACpd5gPw0K7q&fallback_url=http://res.hufftos.com/.../Firefox_Setup_21.0_fr.exe (icreinstall_firefox_setup_21.0_fr.exe)

1 / 68 (PUP)

http://www.cleantourapplications.com/c?x=GMAwDQDbvuHQZo/hM7rQ90ZogUtwXRetIX0WqqRQPoE=&c=4E9g4H1PDc0HFQC7y98b42l7p6QZTXVBC9YHS3RRY8DrocQ0v c4OnqgfTwjtArsnzjVhTXjmbKctJ6PFTpLujv2XYLPKb9PxYNNvIk5bhkJ8m9SFZsymWGF9ITeeJq/5zBwumOpBUBve890dDLfm8J4 bcKGBepvI/n0NC9E8/i4JENE0DzzypXq/TH9AFv&fallback_url=http://res.hufftos.com/.../install_flashplayer11x32_mssd_aih_other.exe (setup.exe)

1 / 68 (PUP)

http://www.cleantourapplications.com/c?x=re8VFMzV1atvE51AWZ1hwPzlPCkQgtZSwHBdsX8XPEo=&c=g9WNqWDVHcjJuyQCgMLLlSLNVfNVN2gq3TT0trOuG/nl1LiK5u85QwqXdnXh7sH9r1bzQh1WYBkvtXv6E3Ab43V7IQwna6kGa8qkyf5D87sBPZOCJbBZFKi8dp1kb7Sc&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe (2f2bc2548d18b12cde65f9f6ab05ca87)

1 / 68 (PUP)

http://www.cleantourapplications.com/c?x=uxb44Xtg9hV1qktyhXil/K yr75jqa K4jh 86h38Os=&c=pA5BuX8fEB/PaNpIUy26i QdnVxI H4knaZX4Be1wktddRfknBQSCY6aQ0N8OyaqgMfUXB5W1gLrotzClcn15beq0k7EPIfiYaZYCq6disMYOGWzca4A6GBz6AfkDy/6&fallback_url=http://res.hufftos.com/.../Firefox_Setup_21.0_fr.exe (icreinstall_firefox_setup_21.0_fr.exe)

1 / 68 (PUP)

http://www.cleantourapplications.com/c?x=TXTSmXGhFzH6pBoHOLEOcpZUmFZQjQyrtYLR9zxgE2Y=&c=zjqoy2YJHaJ4sYx1dMRhFshCRVIgo25HU0YnzyTA/q6CoBpaUyKGfyp5B82c5JJzqmsK06ZBdYmFr8QADxolfU4it/Syz1PpadH9IBHqr1L2dJnh1S0weKIyFTmFj7Lt&fallback_url=http://res.mshist.com/.../LeagueofLegends_EUW_Installer_9_15_2014.exe (e74701fc87476d09ea29e6c787dfac94)

1 / 68 (PUP)

http://www.cleantourapplications.com/c?x=IZ8MkyS98DrfRt VcmC5M2ZLrpAirtZvFt1S4YaJoM=&c=r2ll1Y3Rfq720bxDmR27oa63HZPgTV9NR8RE2AQT4rW9VF6Z29WbEGa46cV hQbus2fWsBsUDuu4JJeo7Y4XsWomu2EOlRgRwwj0CblPWfo35Nt3okFZmuBtx0rVuSDv&fallback_url=http://res.mshist.com/.../CandyCrushSaga.exe (47796d8aba98a91ea0c8d04394b83cd8)

1 / 68 (PUP)

http://www.cleantourapplications.com/c?x=aW4yCKTT2diObDHuOzeHXy5KNvbgPprazBKonOw1PfI=&c=m5A7tKxHowRuCAhMeYvxFeB1LSWXlz/zn 0xtYs9FkhF9UYGsUXdJgeLBhrQXZFPQ10JsZJcsajwvgnMmyogv0Hy FX6WbDfOp9zoXrZcQQlQcgonKPmHTMriq nBQ3R&downloadAs=skype.exe&fallback_url=http://res.prograbay.com/.../SkypeSetupFull.msi (eac0d7bf39be3ccade6e974252edc76b)

1 / 68 (PUP)

http://www.cleantourapplications.com/c?x=9UpurhC54rANhoj3NvE86bXfXVGPKolGkWeeLOZhDck=&c=m3Zeht/QoPn JqKhmn3r8uyRDUARbFE4MS0YYlyS0nicSIMc O1GWIoapbvh28smZa0WNETW/oEThlTKBHuupaX6M3vn0hm40fC2/KRAqpHhWm2S00WbEsx PR3QQXJi&fallback_url=http://res.hufftos.com/.../Firefox_Setup_21.0_fr.exe (icreinstall_firefox_setup_21.0_fr.exe)

1 / 68 (PUP)

http://www.cleantourapplications.com/c?x=mVTzESOqHX9IxUrm9r4wy2 TBy1XfmpDvhxiFczuKCY=&c=C1sKSveUcpBYmqfpPMgHNREB6d9pQ9F0HJjDRIkO2oX2/7CNZ7Ms fbthn4AAhKl3582nmysvUHbmpPH3y yWz5oFeE9p3VvT0DHVdT3Qkdgey7UZo2QYcsWwAem3LtBk7uxs2vOjT3uCZxnPKeBlXb3AWP9IPifhoXyXoMj3I7i46dSQcOpc8EMa2I5e5bn&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe (33470fa49941257d395cc71f6edb4297)

1 / 68 (PUP)

http://www.cleantourapplications.com/c?x=i5Szy3jw6weeVlfcFbSAkbORTar2LNq UMbYwmyB88w=&c=Zxnnab77QwclGIsPfxDO3uPGqYIH2QQkQj0gjcmZuxoi20uXyy v03BSLE7SWq2pofgGgJLoJdid1 EHSgVhMurFhI5yHHiytsQlF22k5B1GAkQAS9IC6d6JcLB15evM&fallback_url=http://res.hufftos.com/.../Firefox_Setup_21.0_fr.exe (icreinstall_firefox_setup_21.0_fr.exe)

1 / 68 (PUP)

http://www.cleantourapplications.com/c?x=f47ngJshczaRpBnqsT0CotsIWJeUFli GcNN/gFCy/c=&c=jqty0aCsib gliKNJ917JyUZaeOTnNrHv3gTS8 sPygUAsDtB0VRvbcWiHyEEJaP4/UBTRe ux8R WeYXGTASa9b07B9SV1S97Q33aVMrVotYzg33XeSx0ceLkptIhen&fallback_url=http://res.hufftos.com/.../install_virtualdj_home_v7.0.5.exe (1b27292b58d7599befc36c104c54b663)

1 / 68 (PUP)

http://www.cleantourapplications.com/c?x=6OfXlZxK1w1RMOLXw9H26am6XF6aNw8JPnCBOf/LqKg=&c=Wi3CipVPrB4vntXP9ghkxO8Ui4yPG5IwTVUncCrgQ40uRQgmKuDKjyTuYW2ww/SWOQInZIFI5n5Hw9XH8/rSBpbBaSE1lgDcVlrztHi1YQP 8X5GmhTWveuul3nZya7aL9frJrnG 3qXxdr98V2i5eJTS6vnRiSikVDVNd5ytLucqGiKz63tMGqfOuixdRO6&fallback_url=http://res.mshist.com/.../CandyCrushSaga.exe (86074bc8379eaaa9de57315aa8756ae7)

The following 6 files have been seen to comunicate with www.cleantourapplications.com in live environments.

TCP » 52.24.26.116:443

online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443

online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443

036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.24.26.116:443

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443

Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.