home

get.firecore.com

FireCore, LLC

Domain Information

The domain get.firecore.com registered by FireCore, LLC was initially registered in March of 2001 through NAME.COM, INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).
Registrar:
NAME.COM, INC.

Server location:
Virginia, United States (US)

Create date:
Wednesday, March 7, 2001

Expires date:
Wednesday, March 7, 2018

Updated date:
Friday, July 6, 2012

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
firecore.com

Whois:
2 firecore.com records

Scanner detections:
Detections  (60% detected)

Scan engine
Details
Detections

Reason Heuristics
Adware.InstallAssistant
100.00%

Trend Micro House Call
TROJ_GEN.F47V0724
33.33%

The domain get.firecore.com has been seen to resolve to the following 24 IP addresses.

54.230.101.43
server-54-230-101-43.iad2.r.cloudfront.net
December 1, 2014

54.192.101.109
server-54-192-101-109.iad2.r.cloudfront.net
December 1, 2014

54.192.101.89
server-54-192-101-89.iad2.r.cloudfront.net
December 1, 2014

54.192.101.81
server-54-192-101-81.iad2.r.cloudfront.net
December 1, 2014

54.192.101.71
server-54-192-101-71.iad2.r.cloudfront.net
December 1, 2014

54.230.103.110
server-54-230-103-110.iad2.r.cloudfront.net
December 1, 2014

54.230.102.206
server-54-230-102-206.iad2.r.cloudfront.net
December 1, 2014

54.230.101.65
server-54-230-101-65.iad2.r.cloudfront.net
December 1, 2014

216.137.33.253
server-216-137-33-253.iad2.r.cloudfront.net
October 9, 2014

216.137.33.105
server-216-137-33-105.iad2.r.cloudfront.net
October 9, 2014

54.230.103.217
server-54-230-103-217.iad2.r.cloudfront.net
October 9, 2014

54.230.103.191
server-54-230-103-191.iad2.r.cloudfront.net
October 9, 2014

54.230.103.77
server-54-230-103-77.iad2.r.cloudfront.net
October 9, 2014

54.230.100.247
server-54-230-100-247.iad2.r.cloudfront.net
October 9, 2014

54.230.100.84
server-54-230-100-84.iad2.r.cloudfront.net
October 9, 2014

54.230.100.25
server-54-230-100-25.iad2.r.cloudfront.net
October 9, 2014

54.230.100.125
server-54-230-100-125.iad2.r.cloudfront.net
September 4, 2014

54.230.100.9
server-54-230-100-9.iad2.r.cloudfront.net
September 4, 2014

54.230.100.6
server-54-230-100-6.iad2.r.cloudfront.net
September 4, 2014

54.230.103.103
server-54-230-103-103.iad2.r.cloudfront.net
September 4, 2014

54.230.102.253
server-54-230-102-253.iad2.r.cloudfront.net
September 4, 2014

54.230.102.160
server-54-230-102-160.iad2.r.cloudfront.net
September 4, 2014

54.230.101.139
server-54-230-101-139.iad2.r.cloudfront.net
September 4, 2014

54.230.100.222
server-54-230-100-222.iad2.r.cloudfront.net
September 4, 2014

File downloads found at URLs served by get.firecore.com.

2 / 68      (PUP)
http://get.firecore.com/aTVFlash-black.exe  (atvflash-black_2.2.exe)

1 / 68      (PUP)
http://get.firecore.com/aTVFlash.exe  (036c5c4aaf45a627d9e29ade5d935d39)

0 / 68
http://get.firecore.com/aTVFlash-black.exe  (4e6a15111b5a074e60be4ed138bda30a)

1 / 68      (PUP)
http://get.firecore.com/aTVFlash-black.exe  (95228970a4a0264fc562abc8ddfc42ae)

0 / 68
http://get.firecore.com/aTVFlash-black.exe  (fec92b5ca16a38ea135ee7cf2ce7e2af)

The following 2 files have been seen to comunicate with get.firecore.com in live environments.

TCP » 216.137.33.105:80
Client.exe

TCP » 54.230.102.253:80
client.exe

URL:
http://get.firecore.com/

Network:
Amazon Cloudfront

Web server:
CloudFront

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.