home

www.bundlebinariesheart.com

Domain Information

Server location:
Washington, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
bundlebinariesheart.com

Scanner detections:
Detections  (80% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.GRETECH.GretechC.Installer.Meta (L), Adware.Bundler (M)
75.00%

ESET NOD32
Win32/InstallCore.ACY.gen potentially unwanted application, Win32/Sality.NBA virus
50.00%

AhnLab V3 Security
PUP/Win32.Downloader
25.00%

Rising Antivirus
PE:Malware.Generic(Thunder)!1.A1C4 [F]
25.00%

IKARUS anti.virus
PUA.EoRezo
25.00%

F-Prot
W32/Sality.gen2
25.00%

F-Secure
Win32.Sality.3
25.00%

Dr.Web
Win32.Sector.30
25.00%

AVG
Win32/Sality
25.00%

Microsoft Security Essentials
Threat.Undefined
25.00%

avast!
Win32:SaliCode
25.00%

Emsisoft Anti-Malware
Win32.Sality
25.00%

Kaspersky
Virus.Win32.Sality
25.00%

Norman
Win32.Sality.3
25.00%

Sophos
Virus 'Mal/Sality-D'
25.00%

The domain www.bundlebinariesheart.com has been seen to resolve to the following 35 IP addresses.

52.84.125.146
server-52-84-125-146.iad16.r.cloudfront.net
May 23, 2016

52.84.125.135
server-52-84-125-135.iad16.r.cloudfront.net
May 23, 2016

52.84.125.116
server-52-84-125-116.iad16.r.cloudfront.net
May 23, 2016

52.84.125.73
server-52-84-125-73.iad16.r.cloudfront.net
May 23, 2016

52.84.125.56
server-52-84-125-56.iad16.r.cloudfront.net
May 23, 2016

52.84.125.19
server-52-84-125-19.iad16.r.cloudfront.net
May 23, 2016

52.84.125.242
server-52-84-125-242.iad16.r.cloudfront.net
May 23, 2016

52.84.125.176
server-52-84-125-176.iad16.r.cloudfront.net
May 23, 2016

52.85.142.98
server-52-85-142-98.iad12.r.cloudfront.net
May 15, 2016

52.85.142.51
server-52-85-142-51.iad12.r.cloudfront.net
May 15, 2016

52.85.142.28
server-52-85-142-28.iad12.r.cloudfront.net
May 15, 2016

52.85.142.221
server-52-85-142-221.iad12.r.cloudfront.net
May 15, 2016

52.85.142.210
server-52-85-142-210.iad12.r.cloudfront.net
May 15, 2016

52.85.142.204
server-52-85-142-204.iad12.r.cloudfront.net
May 15, 2016

52.85.142.192
server-52-85-142-192.iad12.r.cloudfront.net
May 15, 2016

52.85.142.101
server-52-85-142-101.iad12.r.cloudfront.net
May 15, 2016

52.85.131.155
server-52-85-131-155.iad53.r.cloudfront.net
April 21, 2016

52.85.131.114
server-52-85-131-114.iad53.r.cloudfront.net
April 21, 2016

52.85.131.51
server-52-85-131-51.iad53.r.cloudfront.net
April 21, 2016

52.85.131.30
server-52-85-131-30.iad53.r.cloudfront.net
April 21, 2016

52.85.131.206
server-52-85-131-206.iad53.r.cloudfront.net
April 21, 2016

52.85.131.196
server-52-85-131-196.iad53.r.cloudfront.net
April 21, 2016

52.85.131.171
server-52-85-131-171.iad53.r.cloudfront.net
April 21, 2016

52.85.131.167
server-52-85-131-167.iad53.r.cloudfront.net
April 21, 2016

54.230.102.26
server-54-230-102-26.iad2.r.cloudfront.net
April 15, 2016

54.230.102.242
server-54-230-102-242.iad2.r.cloudfront.net
April 15, 2016

54.230.102.66
server-54-230-102-66.iad2.r.cloudfront.net
April 15, 2016

54.230.102.158
server-54-230-102-158.iad2.r.cloudfront.net
April 12, 2016

54.230.102.157
server-54-230-102-157.iad2.r.cloudfront.net
April 12, 2016

54.230.102.60
server-54-230-102-60.iad2.r.cloudfront.net
April 12, 2016

 
Showing 30 of 35 IP Addresses

File downloads found at URLs served by www.bundlebinariesheart.com.

0 / 68
http://www.bundlebinariesheart.com/.../installer.exe  (60b85087c6b82e2c06f9d36e66db47fc)

1 / 68      (PUP)
http://www.bundlebinariesheart.com/.../installer.exe  (grlaunchertempsetup.exe)

3 / 68      (PUP)
http://www.bundlebinariesheart.com/.../installer.exe  (98c517d9c2b537466dfd6045ace31681)

11 / 68    (Infected)
http://www.bundlebinariesheart.com/.../installer.exe  (2a927a7b6eed2551e14d25f11a3350e0)

3 / 68      (PUP)
http://www.bundlebinariesheart.com/.../installer.exe  (277928c9d65e17d098cf982cb97ed70b)

The following 34 files have been seen to comunicate with www.bundlebinariesheart.com in live environments.

TCP » 52.84.125.146:443
browserairexec.exe (BrowserAir by Goobzo)

TCP » 52.85.142.51:443
UCBrowser.exe (by UCWeb)

TCP » 52.85.131.30:443
browser.exe (Browser)

TCP » 52.85.142.98:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.116:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.176:443
citrio.exe (Citrio by CatalinaGroup)

TCP » 52.84.125.242:443
browserairexec.exe (BrowserAir by Goobzo)

TCP » 52.85.142.221:80
browser.exe (Browser)

TCP » 52.84.125.146:443
UCBrowser.exe (by UCWeb)

TCP » 52.85.142.28:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.221:80
Mobogenie.exe (Mobogenie by Mobogenie.com)

TCP » 52.84.125.19:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.221:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.28:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.84.125.116:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.73:443
megacubo.exe (Megacubo by www.megacubo.net)

TCP » 52.84.125.73:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.28:443
citrio.exe (Citrio by CatalinaGroup)

TCP » 52.84.125.56:443
online-guardian-v2.0.9.exe

TCP » 52.85.142.210:443
stormwatchbrowser.exe

 
Latest 20 of 84 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.