home

www.filestourcity.com

Domain Information

Server location:
Washington, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
filestourcity.com

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
(M), PUP.installCore (M), PUP.Bundler.MB, Adware.Bundler (M)
83.33%

Dr.Web
Trojan.Swizzor.19586, Win32.Sector.30, Trojan.InstallCore.1681
50.00%

Emsisoft Anti-Malware
Gen:Variant.Adware.Symmi.59817, Win32.Sality
33.33%

McAfee
Trojan.RDN/Generic.dx, Artemis!0FD3D2207301
33.33%

VIPRE Antivirus
Threat.4721115, Threat.4150696
33.33%

ESET NOD32
Win32/Sality.NBA virus, Win32/InstallCore.AFN.gen potentially unwanted application
33.33%

Microsoft Security Essentials
Threat.Undefined
16.67%

F-Prot
W32/Sality.gen2
16.67%

avast!
Win32:SaliCode
16.67%

AVG
Win32/Sality
16.67%

Kaspersky
Virus.Win32.Sality
16.67%

Norman
Win32.Sality.3
16.67%

Sophos
Virus 'Mal/Sality-D'
16.67%

Malwarebytes
PUP.Optional.InstallCore
16.67%

Avira AntiVirus
PUA/InstallCore.613319
16.67%

The domain www.filestourcity.com has been seen to resolve to the following 34 IP addresses.

54.230.102.171
server-54-230-102-171.iad2.r.cloudfront.net
April 15, 2016

54.230.102.151
server-54-230-102-151.iad2.r.cloudfront.net
April 15, 2016

54.230.102.128
server-54-230-102-128.iad2.r.cloudfront.net
April 15, 2016

54.230.102.96
server-54-230-102-96.iad2.r.cloudfront.net
April 15, 2016

54.230.102.95
server-54-230-102-95.iad2.r.cloudfront.net
April 15, 2016

54.230.102.226
server-54-230-102-226.iad2.r.cloudfront.net
April 15, 2016

54.230.102.201
server-54-230-102-201.iad2.r.cloudfront.net
April 15, 2016

54.230.102.197
server-54-230-102-197.iad2.r.cloudfront.net
April 15, 2016

52.85.131.138
server-52-85-131-138.iad53.r.cloudfront.net
April 14, 2016

52.85.131.127
server-52-85-131-127.iad53.r.cloudfront.net
April 14, 2016

52.85.131.43
server-52-85-131-43.iad53.r.cloudfront.net
April 14, 2016

52.85.131.37
server-52-85-131-37.iad53.r.cloudfront.net
April 14, 2016

52.85.131.232
server-52-85-131-232.iad53.r.cloudfront.net
April 14, 2016

52.85.131.211
server-52-85-131-211.iad53.r.cloudfront.net
April 14, 2016

52.85.131.178
server-52-85-131-178.iad53.r.cloudfront.net
April 14, 2016

52.85.131.148
server-52-85-131-148.iad53.r.cloudfront.net
April 14, 2016

52.85.142.89
server-52-85-142-89.iad12.r.cloudfront.net
April 5, 2016

52.85.142.73
server-52-85-142-73.iad12.r.cloudfront.net
April 5, 2016

52.85.142.242
server-52-85-142-242.iad12.r.cloudfront.net
April 5, 2016

52.85.142.162
server-52-85-142-162.iad12.r.cloudfront.net
April 5, 2016

52.85.142.127
server-52-85-142-127.iad12.r.cloudfront.net
April 5, 2016

52.85.142.119
server-52-85-142-119.iad12.r.cloudfront.net
April 5, 2016

52.85.142.96
server-52-85-142-96.iad12.r.cloudfront.net
April 5, 2016

52.85.142.91
server-52-85-142-91.iad12.r.cloudfront.net
April 5, 2016

54.192.195.82
server-54-192-195-82.iad53.r.cloudfront.net
March 2, 2016

54.192.195.200
server-54-192-195-200.iad53.r.cloudfront.net
March 2, 2016

54.192.195.197
server-54-192-195-197.iad53.r.cloudfront.net
February 27, 2016

54.192.195.194
server-54-192-195-194.iad53.r.cloudfront.net
February 27, 2016

54.192.195.152
server-54-192-195-152.iad53.r.cloudfront.net
February 27, 2016

54.192.195.149
server-54-192-195-149.iad53.r.cloudfront.net
February 27, 2016

 
Showing 30 of 34 IP Addresses

File downloads found at URLs served by www.filestourcity.com.

1 / 68      (PUP)
http://www.filestourcity.com/.../installer.exe  (installer_2.exe)

3 / 68      (PUP)
http://www.filestourcity.com/.../installer.exe  (installer.exe.torchdownload)

10 / 68    (PUP)
http://www.filestourcity.com/.../installer.exe  (0fd3d2207301676339aaa81e7fd86f3c)

1 / 68      (PUP)
http://www.filestourcity.com/.../installer.exe  (367b125e1c93807b9a226bde1fd9b91d)

12 / 68    (Infected)
http://www.filestourcity.com/.../installer.exe  (b99fd09405cc8daf1237ec91a3b63992)

3 / 68      (PUP)
http://www.filestourcity.com/.../installer.exe  (954c020786349fcd7e00be92dde468d9)

The following 12 files have been seen to comunicate with www.filestourcity.com in live environments.

TCP » 54.192.195.197:443
online-guardian-v2.0.9.exe

TCP » 52.85.131.148:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.195.197:443
online-guardian-v2.0.9.exe

TCP » 52.85.142.127:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.89:80
browser.exe (Browser)

TCP » 52.85.142.96:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.96:443
citrio.exe (Citrio by CatalinaGroup)

TCP » 54.192.195.197:443
onlineguardian-v2.exe

TCP » 52.85.142.119:443
onlineguardian-v2.exe

TCP » 52.85.142.119:80
Client.exe

TCP » 52.85.142.96:443
whatsapptime.exe

TCP » 52.85.142.242:80
Mobogenie.exe (Mobogenie by Mobogenie.com)

TCP » 52.85.142.91:443
nw.exe

TCP » 52.85.142.96:443
safeguardapp.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.