home

www.downloadscityclean.com

Domain Information

Server location:
Washington, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
downloadscityclean.com

Scanner detections:
Malware distribution  (92% detected)

Scan engine
Details
Detections

Dr.Web
Trojan.Swizzor.19587, Trojan.Siggen6.55368, Trojan.Siggen6.54687, Win32.Virut.56
58.33%

Norman
Gen:Variant.Graftor.267932, Trojan.Generic.KDV.391478, Win32.Ramnit.N, Gen:Variant.Razy.7204, Win32.Virtob.Gen.12
50.00%

Microsoft Security Essentials
Threat.Undefined
50.00%

ESET NOD32
Win32/AutoRun.Delf.LV worm, Win32/Ramnit.H virus, Win32/VB.OSK trojan, Win32/Parite.B virus, Win32/Virut.NBP virus
50.00%

avast!
Win32:AutoRun-CWJ [Trj], Win32:RmnDrp, Win32:Quolko, Win32:Parite, Win32:Vitro
50.00%

Kaspersky
Virus.Win32.Renamer, Virus.Win32.Nimnul, Trojan.Win32.Swisyn, Virus.Win32.Parite, Virus.Win32.Virut
50.00%

Emsisoft Anti-Malware
Gen:Variant.Graftor.267932, Win32.Ramnit.N, Gen:Variant.Razy.7204, Win32.Parite, Win32.Virtob.Gen.12
41.67%

McAfee
Virus.W32/Tainp.a, Trojan.Artemis!C5A65C40EA46, Virus.W32/Pate.b, Virus.W32/Virut.n.gen
41.67%

AVG
Worm/Delf.KKJ, Win32/Zbot.F, Win32/Parite, Win32/Virut
41.67%

F-Prot
W32/Autorun.ZF, W32/Ramnit.E, W32/Parite.B, W32/Virut.AI!Generic
41.67%

Reason Heuristics
Threat.Win.Reputation.IMP, PUP.installCore (M)
41.67%

F-Secure
Variant.Graftor.267932, Trojan.Generic.KDV.391478, Win32.Ramnit.N
33.33%

VIPRE Antivirus
Threat.4150696, Threat.4732184, Threat.4763461, Threat.46249
33.33%

Sophos
Virus 'W32/Renamer-L', Virus 'W32/Ramnit-A', Virus 'W32/Mofksys-B'
25.00%

The domain www.downloadscityclean.com has been seen to resolve to the following 52 IP addresses.

52.84.125.105
server-52-84-125-105.iad16.r.cloudfront.net
June 20, 2016

52.84.125.102
server-52-84-125-102.iad16.r.cloudfront.net
June 20, 2016

52.84.125.93
server-52-84-125-93.iad16.r.cloudfront.net
June 20, 2016

52.84.125.238
server-52-84-125-238.iad16.r.cloudfront.net
June 20, 2016

52.84.125.229
server-52-84-125-229.iad16.r.cloudfront.net
June 20, 2016

52.84.125.210
server-52-84-125-210.iad16.r.cloudfront.net
June 20, 2016

52.84.125.195
server-52-84-125-195.iad16.r.cloudfront.net
June 20, 2016

52.84.125.130
server-52-84-125-130.iad16.r.cloudfront.net
June 20, 2016

52.85.142.189
server-52-85-142-189.iad12.r.cloudfront.net
May 16, 2016

52.85.142.159
server-52-85-142-159.iad12.r.cloudfront.net
May 16, 2016

52.85.142.103
server-52-85-142-103.iad12.r.cloudfront.net
May 16, 2016

52.85.142.102
server-52-85-142-102.iad12.r.cloudfront.net
May 16, 2016

52.85.142.101
server-52-85-142-101.iad12.r.cloudfront.net
May 16, 2016

52.85.142.51
server-52-85-142-51.iad12.r.cloudfront.net
May 16, 2016

52.85.142.36
server-52-85-142-36.iad12.r.cloudfront.net
May 16, 2016

52.85.142.14
server-52-85-142-14.iad12.r.cloudfront.net
May 16, 2016

54.230.102.137
server-54-230-102-137.iad2.r.cloudfront.net
April 12, 2016

54.230.102.134
server-54-230-102-134.iad2.r.cloudfront.net
April 12, 2016

54.230.102.126
server-54-230-102-126.iad2.r.cloudfront.net
April 12, 2016

54.230.102.100
server-54-230-102-100.iad2.r.cloudfront.net
April 12, 2016

54.230.102.32
server-54-230-102-32.iad2.r.cloudfront.net
April 12, 2016

54.230.102.184
server-54-230-102-184.iad2.r.cloudfront.net
April 12, 2016

54.230.102.174
server-54-230-102-174.iad2.r.cloudfront.net
April 12, 2016

54.230.102.164
server-54-230-102-164.iad2.r.cloudfront.net
April 12, 2016

52.85.131.58
server-52-85-131-58.iad53.r.cloudfront.net
April 4, 2016

52.85.131.227
server-52-85-131-227.iad53.r.cloudfront.net
April 4, 2016

52.85.131.185
server-52-85-131-185.iad53.r.cloudfront.net
April 4, 2016

52.85.131.155
server-52-85-131-155.iad53.r.cloudfront.net
April 4, 2016

52.85.131.139
server-52-85-131-139.iad53.r.cloudfront.net
April 4, 2016

52.85.131.135
server-52-85-131-135.iad53.r.cloudfront.net
April 4, 2016

 
Showing 30 of 52 IP Addresses

File downloads found at URLs served by www.downloadscityclean.com.

10 / 68    (Malware)
http://www.downloadscityclean.com/.../installer.exe  (02ae9c296a073b888aafe54f1965c4d6)

10 / 68    (Infected)
http://www.downloadscityclean.com/.../installer.exe  (90fb1d5054aea97d29eb48fb4caf1fdb)

1 / 68      (PUP)
http://www.downloadscityclean.com/.../installer.exe  (7d761cf7a5b67af55f3407cc06c6055d)

0 / 68
http://www.downloadscityclean.com/.../installer.exe  (648878482ae1a9e7f5ee66c56d6384d3)

1 / 68      (PUP)
http://www.downloadscityclean.com/.../installer.exe  (e6e04dab09b7f48964f13942b74536d6)

10 / 68    (Malware)
http://www.downloadscityclean.com/.../installer.exe  (523722dc5ecc5d29e7d4485a71d709ec)

1 / 68      (PUP)
http://www.downloadscityclean.com/.../installer.exe  (c52b88a95a125800e3d8a4f6fa33e913)

1 / 68      (PUP)
http://www.downloadscityclean.com/.../installer.exe  (138ac23f75d1078f321ad9114b3df07b)

13 / 68    (Infected)
http://www.downloadscityclean.com/.../installer.exe  (e83a12417b23f11e27474f7471940693)

9 / 68      (Malware)
http://www.downloadscityclean.com/.../installer.exe  (2e47b6a8b18ad75c80f260dcb290dfc7)

4 / 68      (Malware)
http://www.downloadscityclean.com/.../installer.exe  (c5a65c40ea46af380aad4757d2f98e69)

12 / 68    (Malware)
http://www.downloadscityclean.com/.../installer.exe  (778b127d1c7638e596fee1aa455b0156)

1 / 68      (Malware)
http://www.downloadscityclean.com/.../installer.exe  (95fd20e856656927abc947c0603f6a77)

The following 33 files have been seen to comunicate with www.downloadscityclean.com in live environments.

TCP » 52.85.142.51:443
UCBrowser.exe (by UCWeb)

TCP » 52.85.142.103:80
se.exe

TCP » 52.84.125.229:80
Mobogenie.exe (Mobogenie by Mobogenie.com)

TCP » 52.85.142.14:443
browser.exe (Browser)

TCP » 52.84.125.229:443
clearscreenplayerbrowser.exe

TCP » 52.85.142.14:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.159:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 52.85.142.103:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.210:443
browser.exe (Browser)

TCP » 52.85.142.159:80
apptrailers.exe

TCP » 52.85.142.103:80
new_chrome.exe (1stBrowser by The 1stBrowser Authors)

TCP » 52.84.125.229:443
APK2Mobile.exe (TODO: <Product name> by TODO: <Company name>)

TCP » 54.192.195.177:443
online-guardian.exe

TCP » 54.192.195.177:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.105:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.210:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.105:443
online-guardian-v2.0.9.exe

TCP » 52.84.125.229:80
Trezaa.Service.exe (Trezaa.Service by Microsoft)

TCP » 52.84.125.210:80
Trezaa.Service.exe (Trezaa.Service by Microsoft)

TCP » 52.84.125.229:80
WeatherBug.exe (WeatherBug)

 
Latest 20 of 65 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.