home

ttb.friafiler.com

Tuguu SLU

Domain Information

The domain ttb.friafiler.com registered by Tuguu SLU was initially registered in August of 2013 through SOLUCIONES CORPORATIVAS IP,SLU. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Portland, Oregon within the United States which resides on the Amazon.com, Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Oregon) region datacenter.
Registrar:
SOLUCIONES CORPORATIVAS IP, SL

Server location:
Oregon, United States (US)

Create date:
Wednesday, August 14, 2013

Expires date:
Monday, August 14, 2017

Updated date:
Thursday, December 31, 2015

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
friafiler.com

Whois:
2 friafiler.com records

Scanner detections:
Detections  (75% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.SmartSecureSoftwareSl.H, PUP.Softpulse.Sambamed.Bundler (M), PUP.Softpulse.Appsecur.Bundler (M), PUP.Softpulse.VolvanPr.Bundler (M)
100.00%

VIPRE Antivirus
Trojan.Win32.Generic
16.67%

avast!
Win32:SoftPulse-AH [PUP]
16.67%

Microsoft Security Essentials
Threat.Undefined
16.67%

Dr.Web
Trojan.MulDrop5.40191
16.67%

McAfee
SoftPulse
16.67%

Malwarebytes
PUP.Optional.MultiPlug
16.67%

K7 AntiVirus
Unwanted-Program
16.67%

Agnitum Outpost
PUA.Downloader
16.67%

Clam AntiVirus
Win.Trojan.Softpulse-44
16.67%

Kaspersky
not-a-virus:AdWare.Win32.SoftPulse
16.67%

NANO AntiVirus
Trojan.Win32.Agent.dfjvlg
16.67%

Zillya! Antivirus
Adware.Agent.Win32.13299
16.67%

Avira AntiVirus
APPL/Softpulse.Gen8
16.67%

G Data
Application.Bundler.DomaIQ
16.67%

The domain ttb.friafiler.com has been seen to resolve to the following 4 IP addresses.

54.149.159.30
ec2-54-149-159-30.us-west-2.compute.amazonaws.com
March 3, 2016

52.10.156.255
ec2-52-10-156-255.us-west-2.compute.amazonaws.com
March 3, 2016

50.112.177.75
ec2-50-112-177-75.us-west-2.compute.amazonaws.com
September 30, 2014

54.201.201.245
ec2-54-201-201-245.us-west-2.compute.amazonaws.com
September 30, 2014

File downloads found at URLs served by ttb.friafiler.com.

0 / 68
http://ttb.friafiler.com/download/request/.../jFUaI6bS?__tc=1411298602.208&mkwid=MDxStGoz&pcrid=3158849802&kword=spotify&match=e&fileName=spotify  (spotifysetup.exe)

1 / 68      (Adware)
http://ttb.friafiler.com/download/request/.../jFUaI6bS?__tc=1415989884.071&mkwid=62OW2Ag5&pcrid=6082596390&kword=download youtube videos&match=e&fileName=youtube-downloader  (youtube downloader.exe)

1 / 68      (Adware)
http://ttb.friafiler.com/download/request/.../jFUaI6bS?__tc=1425126843.462&mkwid=n6anMPBq&pcrid=3158849987&kword=teamviewer&match=e&fileName=teamviewer  (teamviewer.exe)

1 / 68      (Adware)
http://ttb.friafiler.com/download/request/.../jFUaI6bS?__tc=1448472451.12&mkwid=Puvk27Qk&pcrid=6082596434&kword=sudoku&match=e&fileName=classic-sudoku  (classic sudoku.exe)

1 / 68      (Adware)
http://ttb.friafiler.com/download/request/.../jFUaI6bS?__tc=1448472491.641&mkwid=Puvk27Qk&pcrid=6082596434&kword=sudoku&match=e&fileName=classic-sudoku  (classic sudoku.exe)

1 / 68      (Adware)
http://ttb.friafiler.com/download/request/.../jFUaI6bS?__tc=1448472404.109&mkwid=Puvk27Qk&pcrid=6082596434&kword=sudoku&match=e&fileName=classic-sudoku  (classic sudoku.exe)

0 / 68
http://ttb.friafiler.com/download/request/.../jFUaI6bS?__tc=1422646437.807&mkwid=12wZJyHF&pcrid=3158849802&kword=spotify&match=e&fileName=spotify  (spotifysetup.exe)

30 / 68    (Adware)
http://ttb.friafiler.com/download/request/.../jFUaI6bS?__tc=1410432655.37&mkwid=MDxStGoz&pcrid=3158849802&kword=spotify&match=e&fileName=spotify  (spotify.exe)

The following 2 files have been seen to comunicate with ttb.friafiler.com in live environments.

TCP » 54.149.159.30:80
HostSecure.exe (ExtFirefox by Microsoft)

TCP » 52.10.156.255:80
HostSecure.exe (ExtFirefox by Microsoft)

TCP » 54.149.159.30:80
browser.exe (speed browser by Smart Applications)

URL:
http://ttb.friafiler.com/

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
nginx (PHP/5.3.10-1ubuntu3.17)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.