www.towersapplicationnow.com

Domain Information

Server location:
Washington, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

ESET NOD32
Win32/InstallCore.AEO.gen potentially unwanted application, Win32/InstallCore.ACY.gen potentially unwanted application, Win32/Sality.NBA virus
100.00%

Dr.Web
Trojan.InstallCore.1683, Trojan.InstallCore.978, Win32.Sector.30
85.71%

avast!
Win32:Malware-gen, Win32:SaliCode
71.43%

McAfee
Artemis!05BA2C8937AA, Artemis!0756591F5975, Trojan.Artemis!05BA2C8937AA
57.14%

F-Prot
W32/Sality.gen2
57.14%

Microsoft Security Essentials
Threat.Undefined
57.14%

Kaspersky
Virus.Win32.Sality
57.14%

AhnLab V3 Security
PUP/Win32.Downloader
42.86%

Reason Heuristics
Adware.Bundler (M)
42.86%

F-Secure
Win32.Sality.3
42.86%

Norman
Win32.Sality.3
42.86%

AVG
Win32/Sality
28.57%

AegisLab AV Signature
Suspicious.Cloud.Gen!c
14.29%

Agnitum Outpost
PUA.InstallCore
14.29%

Trend Micro House Call
PUA_INSTACOR
14.29%

The domain www.towersapplicationnow.com has been seen to resolve to the following 27 IP addresses.

server-52-84-125-242.iad16.r.cloudfront.net
May 23, 2016

server-52-84-125-176.iad16.r.cloudfront.net
May 23, 2016

server-52-84-125-146.iad16.r.cloudfront.net
May 23, 2016

server-52-84-125-135.iad16.r.cloudfront.net
May 23, 2016

server-52-84-125-116.iad16.r.cloudfront.net
May 23, 2016

server-52-84-125-73.iad16.r.cloudfront.net
May 23, 2016

server-52-84-125-56.iad16.r.cloudfront.net
May 23, 2016

server-52-84-125-19.iad16.r.cloudfront.net
May 23, 2016

server-54-230-102-66.iad2.r.cloudfront.net
April 16, 2016

server-54-230-102-26.iad2.r.cloudfront.net
April 16, 2016

server-54-230-102-242.iad2.r.cloudfront.net
April 16, 2016

server-52-85-131-196.iad53.r.cloudfront.net
April 14, 2016

server-52-85-131-167.iad53.r.cloudfront.net
April 14, 2016

server-52-85-131-155.iad53.r.cloudfront.net
April 14, 2016

server-52-85-131-114.iad53.r.cloudfront.net
April 14, 2016

server-52-85-131-51.iad53.r.cloudfront.net
April 14, 2016

server-52-85-131-30.iad53.r.cloudfront.net
April 14, 2016

server-52-85-131-235.iad53.r.cloudfront.net
April 14, 2016

server-52-85-131-206.iad53.r.cloudfront.net
April 14, 2016

server-54-230-102-52.iad2.r.cloudfront.net
April 11, 2016

server-54-230-102-51.iad2.r.cloudfront.net
April 11, 2016

server-54-230-102-21.iad2.r.cloudfront.net
April 11, 2016

server-54-230-102-211.iad2.r.cloudfront.net
April 11, 2016

server-54-230-102-167.iad2.r.cloudfront.net
April 11, 2016

server-54-230-102-158.iad2.r.cloudfront.net
April 11, 2016

server-54-230-102-157.iad2.r.cloudfront.net
April 11, 2016

server-54-230-102-60.iad2.r.cloudfront.net
April 11, 2016

File downloads found at URLs served by www.towersapplicationnow.com.

10 / 68    (Infected)
http://www.towersapplicationnow.com/.../installer.exe  (dd30ec0200815d299545ac1d728bf16f)

8 / 68      (Infected)
http://www.towersapplicationnow.com/.../installer.exe  (d8ef246f2472d75e50d5e7e980bf8f59)

8 / 68      (Infected)
http://www.towersapplicationnow.com/.../installer.exe  (fa59a74837c4bfad43b23d89dbe4badc)

3 / 68      (PUP)
http://www.towersapplicationnow.com/.../installer.exe  (277928c9d65e17d098cf982cb97ed70b)

17 / 68    (PUP)
http://www.towersapplicationnow.com/.../installer.exe  (0756591f597552415e42b0781d2e4811)

5 / 68      (PUP)
http://www.towersapplicationnow.com/.../installer.exe  (05ba2c8937aadf84325749a967a84363)

9 / 68      (Infected)
http://www.towersapplicationnow.com/.../installer.exe  (4d750e44d7c1212843cbdaaa7c3725d6)

The following 15 files have been seen to comunicate with www.towersapplicationnow.com in live environments.

 
Latest 20 of 36 files