cntb.express-files.com

Faglaro Enterprises Limited

Domain Information

The domain cntb.express-files.com registered by Faglaro Enterprises Limited was initially registered in December of 2011 through INTERNET.BS CORP.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Salt Lake City, Utah within the United States which resides on the Hosting Services, Inc. network.
Registrar:
INTERNET DOMAIN SERVICE BS CORP

Server location:
Utah, United States (US)

Create date:
Tuesday, December 06, 2011

Expires date:
Tuesday, December 06, 2016

Updated date:
Saturday, December 12, 2015

ASN:
AS29854 WESTHOST - WestHost, Inc.,US

Root domain:

Google Safe Browsing:
unwanted

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.ViaAdvertisingGroupLimited.Q, PUP.Installer.FaglaroEnterprisesLimited.j, PUP.Installer.FaglaroEnterprisesLimited.AA, PUP.Installer.FaglaroEnterprisesLimited.Q, PUP.Blisbury.FaglaroE.Bundler (M), PUP.Blisbury (M)
95.83%

ESET NOD32
Win32/YourFileDownloader (variant), Win32/ExpressFiles (variant), Win32/ExpressFiles potentially unwanted (variant)
79.17%

VIPRE Antivirus
Via Advertising, ExpressFiles Installer, Threat.4783941
66.67%

Trend Micro House Call
TROJ_SPNR.28I112, TROJ_GEN.F47V0820, TROJ_GEN.F47V0928, TROJ_GEN.FCBHZKN, TROJ_GEN.F47V0109, HV_ZYX_BL1329AD.TOMC, TROJ_GEN.F47V0808, HV_ZYX_BK08341C.TOMC, TROJ_GEN.F47V1025
45.83%

G Data
Win32.Application.ExpressFiles
37.50%

Dr.Web
Tool.DownLoader.42, Adware.Downware.747
33.33%

McAfee Web Gateway
Artemis!F12E0521859D, Artemis!332D3639F52B, Artemis!F8C9E52C9818, Artemis!293972EFFDD5, Artemis!3637553529E0, BehavesLike.Win32.Downloader.tc
33.33%

Emsisoft Anti-Malware
Riskware.Win32.ExpressFiles, Trojan.Win32.ExpressFiles.AMN, Trojan.Win32.Buzus!IK, Trojan.Win32.ExpressFiles.AMN!A2
33.33%

McAfee
Artemis!F12E0521859D, Artemis!332D3639F52B, Artemis!F8C9E52C9818, Artemis!293972EFFDD5, Artemis!3637553529E0
29.17%

avast!
Win32:Downloader-UGW [PUP], Win32:Expressfiles-A [PUP], Win32:PUP-gen [PUP]
29.17%

MicroWorld eScan
Win32/ExpressFiles
16.67%

Agnitum Outpost
Riskware.ExpressFiles
16.67%

IKARUS anti.virus
AdWare.Win32.ExpressFiles, Trojan.Win32.Buzus, PUA.ExpressFiles
12.50%

Comodo Security
TrojWare.Win32.UMal.~A, Application.Win32.EDown.FTVP
12.50%

K7 Gateway Antivirus
Unwanted-Program , Unwanted-File
8.33%

The domain cntb.express-files.com has been seen to resolve to the following 2 IP addresses.

199.195.196.180.static.midphase.com
April 13, 2016

February 6, 2014

File downloads found at URLs served by cntb.express-files.com.

1 / 68      (Adware)

2 / 68      (Adware)

7 / 68      (Adware)

2 / 68      (Adware)

3 / 68      (Adware)
http://cntb.express-files.com/?wmid=502&q=kaboom movie&subwmid=205b&ca=f16e79d7eb8c107519bfb66fb3f6feef  (the_big_bang_theory_-_the_complete_season_5_[hdtv]_extra_downloader_205b.exe)

1 / 68      (Adware)

10 / 68    (Adware)

4 / 68      (Adware)

6 / 68      (PUP)

9 / 68      (Adware)
http://cntb.express-files.com/.../  (loquillo_-_la_nave_de_los_locos__downloader_128.exe)

12 / 68    (Adware)

5 / 68      (Adware)

5 / 68      (Adware)
http://cntb.express-files.com/j5GBRWfRpBBO27hMb56lMDON5nMr9e9zL/.../NVmBKOcOVG5hDsX4clbHOQ=  (intouchables.2011.french.dvdrip.xvid-bloodymary.avi_downloader_98828.exe)

4 / 68      (Adware)
http://cntb.express-files.com/?wmid=001&q= creamy mami ova long goodbay&subwmid=98803b&ca=1b3102d03ffbd99b89460e9ac6a8d662  (brotherhood_dvdrip_(taegukgi_hwinalrimyeo)_-_with_english_subtitles_torrent_downloader_98803b.exe)

9 / 68      (Adware)
http://cntb.express-files.com/.../KdgIgh2QSIsk5Tns=  (loquillo_-_la_nave_de_los_locos__downloader_128.exe)

5 / 68      (Adware)
http://cntb.express-files.com/j5GMWXbfvFhu1a9Tb8v/.../KUEVvGjRgL1c5bA900RQbcNFE1nWAfe8Q9TmyLZOE5kXzjbzkhs2Q8  (intouchables.2011.french.dvdrip.xvid-bloodymary.avi_downloader_98828.exe)

 
Latest 30 of 37 download URLs

The following 19 files have been seen to comunicate with cntb.express-files.com in live environments.

URL:
http://cntb.express-files.com/

Title:
“SmileFiles”

Web server:
nginx/1.2.1 (PHP/5.4.45-0+deb7u2)