home

cntb.express-files.com

Faglaro Enterprises Limited

Domain Information

The domain cntb.express-files.com registered by Faglaro Enterprises Limited was initially registered in December of 2011 through INTERNET.BS CORP.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Salt Lake City, Utah within the United States which resides on the Hosting Services, Inc. network.
Registrar:
INTERNET DOMAIN SERVICE BS CORP

Server location:
Utah, United States (US)

Create date:
Tuesday, December 6, 2011

Expires date:
Tuesday, December 6, 2016

Updated date:
Saturday, December 12, 2015

ASN:
AS29854 WESTHOST - WestHost, Inc.,US

Root domain:
express-files.com

Whois:
3 express-files.com records

Google Safe Browsing:
unwanted

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.ViaAdvertisingGroupLimited.Q, PUP.Installer.FaglaroEnterprisesLimited.j, PUP.Installer.FaglaroEnterprisesLimited.AA, PUP.Installer.FaglaroEnterprisesLimited.Q, PUP.Blisbury.FaglaroE.Bundler (M), PUP.Blisbury (M)
95.83%

ESET NOD32
Win32/YourFileDownloader (variant), Win32/ExpressFiles (variant), Win32/ExpressFiles potentially unwanted (variant)
79.17%

VIPRE Antivirus
Via Advertising, ExpressFiles Installer, Threat.4783941
66.67%

Trend Micro House Call
TROJ_SPNR.28I112, TROJ_GEN.F47V0820, TROJ_GEN.F47V0928, TROJ_GEN.FCBHZKN, TROJ_GEN.F47V0109, HV_ZYX_BL1329AD.TOMC, TROJ_GEN.F47V0808, HV_ZYX_BK08341C.TOMC, TROJ_GEN.F47V1025
45.83%

G Data
Win32.Application.ExpressFiles
37.50%

Dr.Web
Tool.DownLoader.42, Adware.Downware.747
33.33%

Emsisoft Anti-Malware
Riskware.Win32.ExpressFiles, Trojan.Win32.ExpressFiles.AMN, Trojan.Win32.Buzus!IK, Trojan.Win32.ExpressFiles.AMN!A2
33.33%

McAfee
Artemis!F12E0521859D, Artemis!332D3639F52B, Artemis!F8C9E52C9818, Artemis!293972EFFDD5, Artemis!3637553529E0
29.17%

avast!
Win32:Downloader-UGW [PUP], Win32:Expressfiles-A [PUP], Win32:PUP-gen [PUP]
29.17%

MicroWorld eScan
Win32/ExpressFiles
16.67%

Agnitum Outpost
Riskware.ExpressFiles
16.67%

IKARUS anti.virus
AdWare.Win32.ExpressFiles, Trojan.Win32.Buzus, PUA.ExpressFiles
12.50%

Comodo Security
TrojWare.Win32.UMal.~A, Application.Win32.EDown.FTVP
12.50%

F-Prot
W32/Backdoor2.HMVS, W32/A-464331fe
8.33%

Baidu Antivirus
Trojan.Win32.ExpressFiles, Adware.Win32.Bbylon
8.33%

The domain cntb.express-files.com has been seen to resolve to the following 2 IP addresses.

199.195.196.180
199.195.196.180.static.midphase.com
April 13, 2016

204.45.126.106
February 6, 2014

File downloads found at URLs served by cntb.express-files.com.

1 / 68      (Adware)
http://cntb.express-files.com/?q=Jb And The Moonshine Band - Beer For Breakfast (2012)&wmid=000&subwmid=246&ca=2028e31c5596736a79b62777c8a928e7  (jb_and_the_moonshine_band_-_beer_for_breakfast__downloader_246.exe)

6 / 68      (Adware)
http://cntb.express-files.com/j5GCUnabvVNjn4pNY9a2LCjIpnoj8 x6JvDvfC36xyRzpYFqEuDYfVWhjyhHsZVeF TNVQo=  (uninstall.exe)

2 / 68      (Adware)
http://cntb.express-files.com/?q=Listy do m&wmid=246&subwmid=248a&ca=d0927f964cdf618600e58bc888df7faf  (recover_keys_5.0.2.58_downloader_248b.exe)

6 / 68      (Adware)
http://cntb.express-files.com/?q=diljit mitra nu shonk golian chalaun da mp3&wmid=000&subwmid=386&ca=718373ed057003590bdeb602d9d9a485  (unityprefabs.com_-_waterfall_prefab_(#unity3d_game_development)_downloader_190.exe)

12 / 68    (Adware)
http://cntb.express-files.com/?wmid=501&q=NCH WavePad Sound Editor Masters Edition 4.40 Keys [RH]&subwmid=205b&ca=5dd0994ad6876520ec58e47940007f6d  (uninstall39025646.exe)

2 / 68      (Adware)
http://cntb.express-files.com/?wmid=502&q=Sanford &subwmid=205b&ca=f16e79d7eb8c107519bfb66fb3f6feef  (gunsmoke.season.20.[complete]_downloader_205b.exe)

3 / 68      (Adware)
http://cntb.express-files.com/?wmid=502&q=kaboom movie&subwmid=205b&ca=f16e79d7eb8c107519bfb66fb3f6feef  (the_big_bang_theory_-_the_complete_season_5_[hdtv]_extra_downloader_205b.exe)

1 / 68      (Adware)
http://cntb.express-files.com/?q=rome total war gold edition no cd crack&wmid=881&subwmid=98818&ca=03a398313e91b49f80d7de22436b75de  (rome_total_war_gold_edition_no_cd_crack_downloader_98818.exe)

6 / 68      (Adware)
http://cntb.express-files.com/?q=ver video prohibido de gral villegas&wmid=000&subwmid=352b&ca=8c3beb388442dd94b2b75cf35ded6af4  (call_of_duty_pak0.pk3_file_downloader_415b.exe)

8 / 68      (Adware)
http://cntb.express-files.com/?q=budak cina sex&wmid=000&subwmid=352&ca=c41f1ee6bf46d1fab47d8a949c50e66e  (the_last_remnant__[mediafire]_downloader_229.exe)

2 / 68      (Adware)
http://cntb.express-files.com/?wmid=502&q=free autocad 2010 windows 7 32 bit&subwmid=205b&ca=f8d23e396e4ca61735fa5e85fd6ad235  (uninstall11817793.exe)

12 / 68    (Adware)
http://cntb.express-files.com/?wmid=340&subwmid=340b&q=Tera Patrick mpeg&ca=acab78d29fc6ff98de9a42172a48c573  (uninstall.exe)

12 / 68    (Adware)
http://cntb.express-files.com/?wmid=340&subwmid=340b&q=tengo ganas de ti&ca=8637bdcdea4b8e0c72a38af15d9ec6d3  (uninstall.exe)

4 / 68      (Adware)
http://cntb.express-files.com/?wmid=501&q=Think-Cell 5.2.21133&subwmid=205b&ca=43b6d651333819d47b8abf3c1cc80090  (simple_dns_plus_5.2_(build_117)_incl._crack_downloader_98818b.exe)

8 / 68      (Adware)
http://cntb.express-files.com/?q=free webmail hacktool 2011.rar&wmid=000&subwmid=224&ca=ba089998a9c8ad01f51e931bd70c176c  (the_last_remnant__[mediafire]_downloader_229.exe)

9 / 68      (Adware)
http://cntb.express-files.com/?q=Green.Street.Hooligans[2005]DvDrip[Eng]-aXXo.avi&ts=1348499521&wmid=001&subwmid=98828f&ca=c09dfc794557686eb9418c1941e5d4a7  (safedownloader.exe)

4 / 68      (PUP)
http://cntb.express-files.com/?wmid=502&q=The Sims 3 Lunar Lakes Crack No CD.zip&subwmid=205b&ca=55e457e6734af9b069eb402291a46707  (the_sims_3_lunar_lakes_crack_no_cd.zip_downloader_205b.exe)

8 / 68      (Adware)
http://cntb.express-files.com/.../  (loquillo_-_la_nave_de_los_locos__downloader_128.exe)

11 / 68    (Adware)
http://cntb.express-files.com/.../NdgG TZfVG5hDsX6MFSCK ABUWNkA8L3cVXDdw=  ({dd-ps3.rar}_downloader_411.exe)

11 / 68    (Adware)
http://cntb.express-files.com/j5GRX2ebiE1j2qpaeMv3N32B5HQm el5IfHpfDy/.../aaLkSjgDZO5chbFu7N  ({dd-ps3.rar}_downloader_411.exe)

11 / 68    (Adware)
http://cntb.express-files.com/j5GRX2ebiE1j2qpaeMv3N32B5HQm el5IfDvdzy/.../aaLkSjgDZO5chbFu7N  ({dd-ps3.rar}_downloader_411.exe)

5 / 68      (Adware)
http://cntb.express-files.com/j5GBRWvGrEkt8r9Wb9a1L3eX GxQtasyPYX2C2itgD416ddvEODYaQPm1Hleq8xSHenEXwvZwVMHwooCU4w8Qw7dIwQ3kn4WL5AwTnjA  (earl_klugh_discography_[lossless_mp3]_(1978-2011)_downloader_128.exe)

5 / 68      (Adware)
http://cntb.express-files.com/j5GBRWfRpBBO27hMb56lMDON5nMr9e9zL/.../NVmBKOcOVG5hDsX4clbHOQ=  (intouchables.2011.french.dvdrip.xvid-bloodymary.avi_downloader_98828.exe)

5 / 68      (Adware)
http://cntb.express-files.com/?q=artisteer 3.1.0.48375 keygen mac.rar&wmid=000&subwmid=224&ca=68a7dd34c9a39218a6c06d543cae20c3  (pikachus_tools_exe_downloader_257.exe)

1 / 68      (Adware)
http://cntb.express-files.com/?q=Mumford And Sons Sigh No More Album&wmid=987&subwmid=2322b&r=1&ca=4a7cfe52dbaf8f4a71489c4c65cd5258  (uninstall5342956.exe)

12 / 68    (Adware)
http://cntb.express-files.com/?wmid=501&q=ManyCam Pro 3.1 - Fully Cracked&subwmid=205b&ca=4ad03a3a0854d1ff117ff07a86b4122a  (uninstall39025646.exe)

4 / 68      (Adware)
http://cntb.express-files.com/?wmid=001&q= creamy mami ova long goodbay&subwmid=98803b&ca=1b3102d03ffbd99b89460e9ac6a8d662  (brotherhood_dvdrip_(taegukgi_hwinalrimyeo)_-_with_english_subtitles_torrent_downloader_98803b.exe)

8 / 68      (Adware)
http://cntb.express-files.com/j5HgAEDlpU901b5ga9a4Lm/IvCh8s4Ydea2 KkWLjiBquYgyfbaAN0OnwyVDqNRUavqBFA/.../wDlKYId4HT2VeOdzyCS2  (loquillo_-_la_nave_de_los_locos__downloader_128.exe)

8 / 68      (Adware)
http://cntb.express-files.com/.../KdgIgh2QSIsk5Tns=  (loquillo_-_la_nave_de_los_locos__downloader_128.exe)

5 / 68      (Adware)
http://cntb.express-files.com/j5GMWXbfvFhu1a9Tb8v/.../KUEVvGjRgL1c5bA900RQbcNFE1nWAfe8Q9TmyLZOE5kXzjbzkhs2Q8  (intouchables.2011.french.dvdrip.xvid-bloodymary.avi_downloader_98828.exe)

 
Latest 30 of 37 download URLs

The following 19 files have been seen to comunicate with cntb.express-files.com in live environments.

TCP » 199.195.196.180:80
EFupdater.exe (Express Files Updater by http://www.express-files.com/)

TCP » 199.195.196.180:80
EFupdater.exe

TCP » 199.195.196.180:80
EFupdater.exe (Express Files Updater by http://www.express-files.com/)

TCP » 199.195.196.180:80
ExpressFiles.exe (ExpressFiles Application by http://www.express-files.com/)

TCP » 199.195.196.180:80
EFupdater.exe

TCP » 199.195.196.180:80
uninstall433109428.exe (ExpressFiles Application by http://www.express-files.com/)

TCP » 199.195.196.180:80
ExpressFiles.exe (ExpressFiles Application by http://www.express-files.com/)

TCP » 199.195.196.180:80
EFupdater.exe (Express Files Updater by http://www.express-files.com/)

TCP » 199.195.196.180:80
EFupdater.exe (Express Files Updater by http://www.express-files.com/)

TCP » 199.195.196.180:80
EFupdater.exe (Express Files Updater by http://www.express-files.com/)

TCP » 199.195.196.180:80
ExpressFiles.exe (ExpressFiles Application by http://www.express-files.com/)

TCP » 199.195.196.180:80
EFupdater.exe

TCP » 199.195.196.180:80
ExpressFiles.exe (ExpressFiles Application by http://www.express-files.com/)

TCP » 199.195.196.180:80
EFupdater.exe

TCP » 199.195.196.180:80
ExpressFiles.exe (ExpressFiles Application by http://www.express-files.com/)

TCP » 199.195.196.180:80
ExpressFiles.exe (ExpressFiles Application by http://www.express-files.com/)

TCP » 199.195.196.180:80
ExpressFiles.exe (ExpressFiles Application by http://www.express-files.com/)

TCP » 199.195.196.180:80
EFupdater.exe (Express Files Updater by http://www.express-files.com/)

TCP » 199.195.196.180:80
uninstall.exe (ExpressFiles Application by http://www.express-files.com/)

URL:
http://cntb.express-files.com/

Title:
“SmileFiles”

Web server:
nginx/1.2.1 (PHP/5.4.45-0+deb7u2)

archievedownload.com

archievedownload.net

down4loading.net

down4loadist.net

failsmail.com

go-for-files.biz

go-for-files.com

smile-file.com

smile-files.com

thefailsmail.net

yfdownloader.com

yfdownloader.net

yofiledo.com

yorfiled.com

your-fd.net

yourfaild.net

yourfd.net

yourfdownloader.com

yourfdownloader.net

yourfiledl.com

yourfiledownloader.biz

yourfiledownloader.com

yourfiledownloader.info

yourfiledownloader.net

yourfiledownloader.org

all-shares.com

express-downloader.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.