The domain cdn.bubbledock.com registered by Nosibay was initially registered in February of 2008 through OVH. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dulles, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).
Server location:
Virginia, United States (US)
Create date:
Friday, February 8, 2008
Expires date:
Wednesday, February 8, 2017
Updated date:
Monday, January 18, 2016
ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US
Scanner detections:
Detections (100% detected)
Scan engine
Details
Detections
Reason Heuristics
PUP.Installer.SIENSA.M, PUP.Installer.SIENSA.V, PUP.Installer.NOSIBAY.Y, PUP.DealPly.I, PUP.DealPly.H, PUP.Installer.NOSIBAY.DD, PUP.Installer.NOSIBAY.S, PUP.NOSIBAY.Installer (M), PUP.Nosibay.Optional.Installer.Meta (M), PUP.BanyanTreeTechnology (M), PUP.50OnRed.Innovati.Installer (M)
100.00%
VIPRE Antivirus
Iminent, BubbleDock, Adware.DealPly, Trojan.Win32.Generic, Threat.4791953, Trojan.Win32.Generic!SB.0
63.27%
Malwarebytes
PUP.Optional.Iminent.A, PUP.Optional.BubbleDock.A, PUP.DealPly, PUP.Optional.DealPly.A, PUP.Optional.Nosibay.A
55.10%
Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h, Trojan.MSIL.Zapchast, AdWare.Agent
55.10%
Trend Micro House Call
TROJ_GEN.R047H05I913, TROJ_GEN.F47V1207, TROJ_GEN.F47V0818, TROJ_GEN.F47V1113, TROJ_GEN.R0CBOH0JC13, TROJ_GEN.F47V1218, TROJ_GEN.F47V0418, TROJ_GEN.F47V0724
42.86%
Dr.Web
Adware.Downware.1460, Adware.BGuard.13, Adware.Shopper.328, Adware.Downware.5766, Adware.Downware.9155, Adware.Downware.10519, Adware.Downware.9155
26.53%
ESET NOD32
Win32/DealPly, Win32/BubbleDock, Win32/BubbleDock.A potentially unwanted
26.53%
Rising Antivirus
Trojan.Win32.Generic.14C6884E, PE:Malware.XPACK/RDM!5.1, NS:Malware.Install!1.9F62, NS:Malware.Install!1.9F21
24.49%
McAfee
Artemis!D8329A33486C, Artemis!0DBC7B4EC641, Artemis!AF46B04A9F29, Artemis!361143759E70, Artemis!B100CAE8E6D4, Artemis!8D2654E8D396, Artemis!2032937BC62C
22.45%
AVG
Generic, MalSign.Generic
22.45%
AhnLab V3 Security
PUP/Win32.BubbleDock
18.37%
Bkav FE
W32.Clod19d.Trojan, W32.Clod55c.Trojan, W32.Clod16e.Trojan, W32.HfsAdware
16.33%
K7 AntiVirus
Unwanted-Program , Trojan , Riskware
16.33%
Sophos
Generic PUA KK, PUA 'Bubble Dock' (of type Adware), Bubble Dock (PUA)
16.33%
Baidu Antivirus
PUA.Win32.BubbleDock, Trojan.Win32.BubbleDock, Hacktool.Win32.Downloader
10.20%
The domain cdn.bubbledock.com has been seen to resolve to the following 164 IP addresses.
server-52-84-125-48.iad16.r.cloudfront.net
August 24, 2016
server-52-84-125-252.iad16.r.cloudfront.net
August 24, 2016
server-52-84-125-175.iad16.r.cloudfront.net
August 24, 2016
server-52-84-125-160.iad16.r.cloudfront.net
August 24, 2016
server-52-84-125-142.iad16.r.cloudfront.net
August 24, 2016
server-52-84-125-131.iad16.r.cloudfront.net
August 24, 2016
server-52-84-125-130.iad16.r.cloudfront.net
August 24, 2016
server-52-84-125-60.iad16.r.cloudfront.net
August 24, 2016
server-54-192-19-168.iad12.r.cloudfront.net
August 22, 2016
server-54-192-19-146.iad12.r.cloudfront.net
August 22, 2016
server-54-192-19-109.iad12.r.cloudfront.net
August 22, 2016
server-54-192-19-61.iad12.r.cloudfront.net
August 22, 2016
server-54-192-19-40.iad12.r.cloudfront.net
August 22, 2016
server-54-192-19-229.iad12.r.cloudfront.net
August 22, 2016
server-54-192-19-199.iad12.r.cloudfront.net
August 22, 2016
server-54-192-19-184.iad12.r.cloudfront.net
August 22, 2016
server-52-84-125-81.iad16.r.cloudfront.net
July 4, 2016
server-52-84-125-39.iad16.r.cloudfront.net
July 4, 2016
server-52-84-125-237.iad16.r.cloudfront.net
July 4, 2016
server-52-84-125-202.iad16.r.cloudfront.net
July 4, 2016
server-52-84-125-194.iad16.r.cloudfront.net
July 4, 2016
server-52-84-125-172.iad16.r.cloudfront.net
July 4, 2016
server-52-84-125-117.iad16.r.cloudfront.net
July 4, 2016
server-52-84-125-110.iad16.r.cloudfront.net
July 4, 2016
server-52-85-131-201.iad53.r.cloudfront.net
July 3, 2016
server-52-85-131-189.iad53.r.cloudfront.net
July 3, 2016
server-52-85-131-175.iad53.r.cloudfront.net
July 3, 2016
server-52-85-131-167.iad53.r.cloudfront.net
July 3, 2016
server-52-85-131-124.iad53.r.cloudfront.net
July 3, 2016
server-52-85-131-121.iad53.r.cloudfront.net
July 3, 2016
Showing 30 of 164 IP Addresses
File downloads found at URLs served by cdn.bubbledock.com.
Latest 30 of 55 download URLs
The following 256 files have been seen to comunicate with cdn.bubbledock.com in live environments.
URL:
http://cdn.bubbledock.com/
Network:
Amazon Cloudfront