home

www.bulkbundlescity.com

Domain Information

Server location:
Washington, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
bulkbundlescity.com

Scanner detections:
Malware distribution  (80% detected)

Scan engine
Details
Detections

ESET NOD32
Win32/InstallCore.ACY.gen potentially unwanted application, Win32/InstallCore.AFY potentially unwanted application, Win32/Sality.NAU virus
80.00%

Dr.Web
Trojan.InstallCore.978, Adware.InstallCore.653, Win32.Sector.12, Win32.Sector.30
80.00%

McAfee
Artemis!0756591F5975, Artemis!01F7F52C5EE3, Virus.W32/Sality.gen.z
80.00%

avast!
Win32:Malware-gen, Win32:Kukacka, Win32:SaliCode
60.00%

AhnLab V3 Security
PUP/Win32.Downloader
60.00%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.416209
40.00%

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
40.00%

Reason Heuristics
Adware.Bundler (M)
40.00%

F-Prot
W32/Sality.AK, W32/Sality.gen2
40.00%

Microsoft Security Essentials
Threat.Undefined
40.00%

AVG
Win32/Sality
40.00%

Emsisoft Anti-Malware
Win32.Sality.OG
40.00%

Norman
Win32.Sality.OG, Win32.Sality.3
40.00%

AegisLab AV Signature
Suspicious.Cloud.Gen!c
20.00%

Agnitum Outpost
PUA.InstallCore
20.00%

The domain www.bulkbundlescity.com has been seen to resolve to the following 18 IP addresses.

52.85.131.245
server-52-85-131-245.iad53.r.cloudfront.net
July 4, 2016

52.85.131.233
server-52-85-131-233.iad53.r.cloudfront.net
July 4, 2016

52.85.131.232
server-52-85-131-232.iad53.r.cloudfront.net
July 4, 2016

52.85.131.141
server-52-85-131-141.iad53.r.cloudfront.net
July 4, 2016

52.85.131.127
server-52-85-131-127.iad53.r.cloudfront.net
July 4, 2016

52.85.131.104
server-52-85-131-104.iad53.r.cloudfront.net
July 4, 2016

52.85.131.56
server-52-85-131-56.iad53.r.cloudfront.net
July 4, 2016

52.85.131.22
server-52-85-131-22.iad53.r.cloudfront.net
July 4, 2016

52.85.131.171
server-52-85-131-171.iad53.r.cloudfront.net
April 21, 2016

52.85.131.30
server-52-85-131-30.iad53.r.cloudfront.net
April 12, 2016

52.85.131.206
server-52-85-131-206.iad53.r.cloudfront.net
April 10, 2016

52.85.131.196
server-52-85-131-196.iad53.r.cloudfront.net
April 10, 2016

52.85.131.167
server-52-85-131-167.iad53.r.cloudfront.net
April 10, 2016

52.85.131.155
server-52-85-131-155.iad53.r.cloudfront.net
April 10, 2016

52.85.131.114
server-52-85-131-114.iad53.r.cloudfront.net
April 10, 2016

52.85.131.51
server-52-85-131-51.iad53.r.cloudfront.net
April 10, 2016

52.85.131.239
server-52-85-131-239.iad53.r.cloudfront.net
April 10, 2016

52.85.131.235
server-52-85-131-235.iad53.r.cloudfront.net
April 10, 2016

File downloads found at URLs served by www.bulkbundlescity.com.

9 / 68      (Infected)
http://www.bulkbundlescity.com/.../installer.exe  (331e3fa08bba93d3772a4ce825432ac3)

7 / 68      (PUP)
http://www.bulkbundlescity.com/.../installer.exe  (01f7f52c5ee319b71c1f0cf245b6da21)

17 / 68    (PUP)
http://www.bulkbundlescity.com/.../installer.exe  (0756591f597552415e42b0781d2e4811)

1 / 68      (inconclusive)
http://www.bulkbundlescity.com/.../installer.exe  (7d0777408e2f427228da14fdc0085220)

11 / 68    (Infected)
http://www.bulkbundlescity.com/.../installer.exe  (06cfdb351fabbe511dab266caed26989)

The following 3 files have been seen to comunicate with www.bulkbundlescity.com in live environments.

TCP » 52.85.131.30:443
browser.exe (Browser)

TCP » 52.85.131.233:443
instatime.exe

TCP » 52.85.131.196:80
SimpleDriverUpdater.exe (Simple Driver Updater)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.