home

www.towersapplicationnow.com

Domain Information

Server location:
Washington, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
towersapplicationnow.com

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

ESET NOD32
Win32/InstallCore.AEO.gen potentially unwanted application, Win32/InstallCore.ACY.gen potentially unwanted application, Win32/Sality.NBA virus
100.00%

Dr.Web
Trojan.InstallCore.1683, Trojan.InstallCore.978, Win32.Sector.30
85.71%

avast!
Win32:Malware-gen, Win32:SaliCode
71.43%

McAfee
Artemis!05BA2C8937AA, Artemis!0756591F5975, Trojan.Artemis!05BA2C8937AA
57.14%

F-Prot
W32/Sality.gen2
57.14%

Microsoft Security Essentials
Threat.Undefined
57.14%

Kaspersky
Virus.Win32.Sality
57.14%

AhnLab V3 Security
PUP/Win32.Downloader
42.86%

Reason Heuristics
Adware.Bundler (M)
42.86%

F-Secure
Win32.Sality.3
42.86%

Norman
Win32.Sality.3
42.86%

AVG
Win32/Sality
28.57%

AegisLab AV Signature
Suspicious.Cloud.Gen!c
14.29%

Agnitum Outpost
PUA.InstallCore
14.29%

Trend Micro House Call
PUA_INSTACOR
14.29%

The domain www.towersapplicationnow.com has been seen to resolve to the following 27 IP addresses.

52.84.125.242
server-52-84-125-242.iad16.r.cloudfront.net
May 23, 2016

52.84.125.176
server-52-84-125-176.iad16.r.cloudfront.net
May 23, 2016

52.84.125.146
server-52-84-125-146.iad16.r.cloudfront.net
May 23, 2016

52.84.125.135
server-52-84-125-135.iad16.r.cloudfront.net
May 23, 2016

52.84.125.116
server-52-84-125-116.iad16.r.cloudfront.net
May 23, 2016

52.84.125.73
server-52-84-125-73.iad16.r.cloudfront.net
May 23, 2016

52.84.125.56
server-52-84-125-56.iad16.r.cloudfront.net
May 23, 2016

52.84.125.19
server-52-84-125-19.iad16.r.cloudfront.net
May 23, 2016

54.230.102.66
server-54-230-102-66.iad2.r.cloudfront.net
April 16, 2016

54.230.102.26
server-54-230-102-26.iad2.r.cloudfront.net
April 16, 2016

54.230.102.242
server-54-230-102-242.iad2.r.cloudfront.net
April 16, 2016

52.85.131.196
server-52-85-131-196.iad53.r.cloudfront.net
April 14, 2016

52.85.131.167
server-52-85-131-167.iad53.r.cloudfront.net
April 14, 2016

52.85.131.155
server-52-85-131-155.iad53.r.cloudfront.net
April 14, 2016

52.85.131.114
server-52-85-131-114.iad53.r.cloudfront.net
April 14, 2016

52.85.131.51
server-52-85-131-51.iad53.r.cloudfront.net
April 14, 2016

52.85.131.30
server-52-85-131-30.iad53.r.cloudfront.net
April 14, 2016

52.85.131.235
server-52-85-131-235.iad53.r.cloudfront.net
April 14, 2016

52.85.131.206
server-52-85-131-206.iad53.r.cloudfront.net
April 14, 2016

54.230.102.52
server-54-230-102-52.iad2.r.cloudfront.net
April 11, 2016

54.230.102.51
server-54-230-102-51.iad2.r.cloudfront.net
April 11, 2016

54.230.102.21
server-54-230-102-21.iad2.r.cloudfront.net
April 11, 2016

54.230.102.211
server-54-230-102-211.iad2.r.cloudfront.net
April 11, 2016

54.230.102.167
server-54-230-102-167.iad2.r.cloudfront.net
April 11, 2016

54.230.102.158
server-54-230-102-158.iad2.r.cloudfront.net
April 11, 2016

54.230.102.157
server-54-230-102-157.iad2.r.cloudfront.net
April 11, 2016

54.230.102.60
server-54-230-102-60.iad2.r.cloudfront.net
April 11, 2016

File downloads found at URLs served by www.towersapplicationnow.com.

10 / 68    (Infected)
http://www.towersapplicationnow.com/.../installer.exe  (dd30ec0200815d299545ac1d728bf16f)

8 / 68      (Infected)
http://www.towersapplicationnow.com/.../installer.exe  (d8ef246f2472d75e50d5e7e980bf8f59)

8 / 68      (Infected)
http://www.towersapplicationnow.com/.../installer.exe  (fa59a74837c4bfad43b23d89dbe4badc)

3 / 68      (PUP)
http://www.towersapplicationnow.com/.../installer.exe  (277928c9d65e17d098cf982cb97ed70b)

17 / 68    (PUP)
http://www.towersapplicationnow.com/.../installer.exe  (0756591f597552415e42b0781d2e4811)

5 / 68      (PUP)
http://www.towersapplicationnow.com/.../installer.exe  (05ba2c8937aadf84325749a967a84363)

9 / 68      (Infected)
http://www.towersapplicationnow.com/.../installer.exe  (4d750e44d7c1212843cbdaaa7c3725d6)

The following 15 files have been seen to comunicate with www.towersapplicationnow.com in live environments.

TCP » 52.84.125.146:443
browserairexec.exe (BrowserAir by Goobzo)

TCP » 52.85.131.30:443
browser.exe (Browser)

TCP » 52.84.125.116:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.176:443
citrio.exe (Citrio by CatalinaGroup)

TCP » 52.84.125.242:443
browserairexec.exe (BrowserAir by Goobzo)

TCP » 52.84.125.146:443
UCBrowser.exe (by UCWeb)

TCP » 52.84.125.19:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.116:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.73:443
megacubo.exe (Megacubo by www.megacubo.net)

TCP » 52.84.125.73:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.56:443
online-guardian-v2.0.9.exe

TCP » 52.84.125.19:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.116:80
browser.exe (Browser)

TCP » 52.84.125.19:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.19:443
online-guardian-v2.0.9.exe

TCP » 52.84.125.73:80
OrbitDM.exe (Orbit Downloader by Orbitdownloader.com)

TCP » 52.84.125.116:80
Trezaa.Service.exe (Trezaa.Service by Microsoft)

TCP » 52.84.125.146:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.84.125.19:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.84.125.19:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

 
Latest 20 of 36 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.