home

www.cleantownapp.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
cleantownapp.com

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Bibado.BibadoInvestments.Bundler (M), PUP.Bibado.BibadoIn.Bundler (M)
100.00%

The domain www.cleantownapp.com has been seen to resolve to the following 11 IP addresses.

52.25.41.73
ec2-52-25-41-73.us-west-2.compute.amazonaws.com
May 19, 2016

52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
May 19, 2016

52.26.95.11
ec2-52-26-95-11.us-west-2.compute.amazonaws.com
April 20, 2016

54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
April 20, 2016

54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
April 20, 2016

52.35.10.15
ec2-52-35-10-15.us-west-2.compute.amazonaws.com
April 8, 2016

52.34.170.106
ec2-52-34-170-106.us-west-2.compute.amazonaws.com
April 8, 2016

52.25.23.136
ec2-52-25-23-136.us-west-2.compute.amazonaws.com
April 8, 2016

54.191.37.5
ec2-54-191-37-5.us-west-2.compute.amazonaws.com
April 8, 2016

54.69.11.66
ec2-54-69-11-66.us-west-2.compute.amazonaws.com
April 8, 2016

52.88.159.85
ec2-52-88-159-85.us-west-2.compute.amazonaws.com
April 8, 2016

File downloads found at URLs served by www.cleantownapp.com.

1 / 68      (Adware)
http://www.cleantownapp.com/c?x=OklGgr1vJQVID2 WiiWVSspzE3KXiZUxHO2ctzOMRf8=&c=p 8DS8mSpKE515GPvGLLC6AET0jCKZ3EGwE0AkqbkcNG6sQLCMQP2PJ0UTRdnKzRwzb0eJZzh6GXci1dGIDZWCuZgMkvHcVHj0K1n2Whey5sfm1AjoMdR8hPY0soRKSP&downloadAs=microsoft-office-2010.exe&fallback_url=http://pf.benjaminstrahs.com/s/1456006101/en/8/.../83929-92631-microsoft-office-2010.exe  (bf3a610d234276c7f2f971d506cd178f)

1 / 68      (Adware)
http://www.cleantownapp.com/c?x=ocw3CNo5AFxhZkpYxw68GxEBiHa8VxOT1Ig7EZwTcYc=&c=IL/RCMmkUWUmVxrf3YM38YgUsr59JDgE9KZOXRmoThGDRC0KjynYprUyPcpRR7fNb5Ad/a3Sn23pvgoX49Kqz5keLpEXw6c5e3dZNAV4LGH7qa5GZJob6p4L/2Zw YRt&downloadAs=microsoft-office-2010-professional.exe&fallback_url=http://pf.benjaminstrahs.com/s/1456008401/es/8/.../84962-1797817-microsoft-office-2010-professional.exe  (2c6e8558a922ecad714074e535a8c34a)

1 / 68      (Adware)
http://www.cleantownapp.com/c?x=wxSFviuUeiUYbEr/GGOYB9tKPmIzd5c/SDS5gs9TbjY=&c= J SMbqhAhu7DKpw0lr60B2Cn14ClARs2vcd3iEEvoVQbzFxdJcNfZFMF3MA1pDYupitLfh7j2gVvYU4VJeSiGvJXdv 4hclh7Rd4iX9tiZZ6qupZpP21NLIOrqq8TFQ&downloadAs=hotspot-shield-5.1.8.exe&fallback_url=http://mydati.com//download/.../HSS-773.exe  (beeb8244ef29bcd006bc5fc7dc840d08)

1 / 68      (Adware)
http://www.cleantownapp.com/c?x=eR v0rlAYZuvXmKueiHKMZdinN4mpEe ZWnG0XFJxQk=&c=sikllTYY6xePlqtnw/xdu9fJbxoRk9BQmfEB5g3sguJrG95ZlQFx2uQjpXBqWqGBlOnTIDNeABp3qSEKjVRxR8yjyjaCPhxRHicY1ssbfXpdRME9VAFJh3mssRIHQvBf&downloadAs=hotspot-shield-5.1.8.exe&fallback_url=http://mydati.com//download/.../HSS-773.exe  (beeb8244ef29bcd006bc5fc7dc840d08)

1 / 68      (Adware)
http://www.cleantownapp.com/c?x=wf8bfwdJODW8Fe3NqRc7e1efBWRaGlfQ Als9biCJmI=&c=7bUE5R4dLUFCoSQ2o6eMN6rv082cPHXdaiHxLww78yax4Iy3OkQ2AM/Vu4RDWmBn8gWDI4HV1E dbl0MKyl1S6phEMqxBpOfCy/zJ CbI9q44bx6mo3Qu/NeEVFHvwRt&downloadAs=left-4-dead-2-full-version.exe&fallback_url=http://pf.benjaminstrahs.com/s/1456005798/en/.../2/229399-1793899-left-4-dead-2.exe  (7113c2270747279f7ea831ce90d59cdd)

1 / 68      (Adware)
http://www.cleantownapp.com/c?x=NwVKBqUDBXk3nJZoPuDnEzwQ7PurwqjbAoTh1zIwI30=&c=pWkT42zg5mu8pkqF8mC21DihlP0Z1229yK/FswSqElZThMf6CjFzG8cehLQS2Czh7UqwJMJZULa7LWmTTRqVJCkAcAhAg9mInVFutKKQm/Cj6Oa3JasFcKIfClCao9Rk&downloadAs=need-for-speed-underground-2.exe&fallback_url=http://pf.benjaminstrahs.com/s/1456004688/fr/.../2/225569-1800110-need-for-speed-underground-2.exe  (172e7aa08fffa4bd27072de50cd32435)

1 / 68      (Adware)
http://www.cleantownapp.com/c?x=KrREqRdQ/0bhvO/ogXuF0AqreFTiELhSqiZvRiXwop8=&c=xOpGmIl/oKgRueFfDGIIlNXrHEENzLNIlep0clIpK/AtCG5CJXOerB9flC3cdY4ZnK9Nw6/Xvr49KaTxvl49fwij1khsahkye0jjMQgHn5JfmUVVLzHMrpd AAeHrVvA&downloadAs=microsoft-office-2010.exe&fallback_url=http://pf.benjaminstrahs.com/s/1456004622/en/8/.../83929-92631-microsoft-office-2010.exe  (a8df249ebaae5bbd17b59ddc07fbe3e9)

The following 6 files have been seen to comunicate with www.cleantownapp.com in live environments.

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.