home

www.bundleconecptquick.com

Domain Information

Server location:
Virginia, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
bundleconecptquick.com

Scanner detections:
Malware distribution  (80% detected)

Scan engine
Details
Detections

Dr.Web
Trojan.Swizzor.19587, Trojan.Swizzor.19586
75.00%

Emsisoft Anti-Malware
Gen:Variant.Graftor.267932, Gen:Variant.Razy.11021, Win32.Ramnit.N
75.00%

Norman
Gen:Variant.Graftor.267932, Gen:Variant.Razy.11021, Win32.Ramnit.N
75.00%

F-Secure
Variant.Graftor.267932
25.00%

AVG
Win32/Zbot.G
25.00%

ESET NOD32
Win32/Ramnit.H virus
25.00%

VIPRE Antivirus
Threat.4732184
25.00%

McAfee
Trojan.Artemis!43E2D2A972E4
25.00%

Kaspersky
Virus.Win32.Nimnul
25.00%

avast!
Win32:RmnDrp
25.00%

Reason Heuristics
PUP.installCore (M)
25.00%

The domain www.bundleconecptquick.com has been seen to resolve to the following 30 IP addresses.

54.230.102.232
server-54-230-102-232.iad2.r.cloudfront.net
March 4, 2016

54.192.195.152
server-54-192-195-152.iad53.r.cloudfront.net
March 3, 2016

54.192.195.131
server-54-192-195-131.iad53.r.cloudfront.net
March 3, 2016

54.192.195.82
server-54-192-195-82.iad53.r.cloudfront.net
March 3, 2016

54.192.195.54
server-54-192-195-54.iad53.r.cloudfront.net
March 3, 2016

54.192.195.200
server-54-192-195-200.iad53.r.cloudfront.net
March 3, 2016

54.230.102.115
server-54-230-102-115.iad2.r.cloudfront.net
March 2, 2016

54.230.102.88
server-54-230-102-88.iad2.r.cloudfront.net
March 2, 2016

54.230.102.31
server-54-230-102-31.iad2.r.cloudfront.net
March 2, 2016

54.230.102.22
server-54-230-102-22.iad2.r.cloudfront.net
March 2, 2016

54.230.102.245
server-54-230-102-245.iad2.r.cloudfront.net
March 2, 2016

54.230.102.220
server-54-230-102-220.iad2.r.cloudfront.net
March 2, 2016

54.230.102.209
server-54-230-102-209.iad2.r.cloudfront.net
March 2, 2016

54.230.102.175
server-54-230-102-175.iad2.r.cloudfront.net
March 2, 2016

54.240.160.127
server-54-240-160-127.iad12.r.cloudfront.net
February 29, 2016

54.240.160.99
server-54-240-160-99.iad12.r.cloudfront.net
February 29, 2016

54.240.160.24
server-54-240-160-24.iad12.r.cloudfront.net
February 29, 2016

54.240.160.239
server-54-240-160-239.iad12.r.cloudfront.net
February 29, 2016

54.240.160.206
server-54-240-160-206.iad12.r.cloudfront.net
February 29, 2016

54.240.160.164
server-54-240-160-164.iad12.r.cloudfront.net
February 29, 2016

54.240.160.153
server-54-240-160-153.iad12.r.cloudfront.net
February 29, 2016

54.240.160.136
server-54-240-160-136.iad12.r.cloudfront.net
February 29, 2016

54.192.195.149
server-54-192-195-149.iad53.r.cloudfront.net
February 26, 2016

54.192.195.94
server-54-192-195-94.iad53.r.cloudfront.net
February 26, 2016

54.192.195.20
server-54-192-195-20.iad53.r.cloudfront.net
February 26, 2016

54.192.195.19
server-54-192-195-19.iad53.r.cloudfront.net
February 26, 2016

54.192.195.219
server-54-192-195-219.iad53.r.cloudfront.net
February 26, 2016

54.192.195.197
server-54-192-195-197.iad53.r.cloudfront.net
February 26, 2016

54.192.195.194
server-54-192-195-194.iad53.r.cloudfront.net
February 26, 2016

54.192.195.183
server-54-192-195-183.iad53.r.cloudfront.net
February 26, 2016

 
Showing 30 of 30 IP Addresses

File downloads found at URLs served by www.bundleconecptquick.com.

1 / 68      (PUP)
http://www.bundleconecptquick.com/.../installer.exe  (29493d44a95efff0a6067911b050195f)

4 / 68      (Malware)
http://www.bundleconecptquick.com/.../installer.exe  (c5a65c40ea46af380aad4757d2f98e69)

9 / 68      (Malware)
http://www.bundleconecptquick.com/.../installer.exe  (c5b4565e6c8e37c46ab9e9de06144fbb)

0 / 68
http://www.bundleconecptquick.com/.../installer.exe  (a6a2fa2e0841e72e6056e71f6efc8b9e)

3 / 68      (Malware)
http://www.bundleconecptquick.com/.../installer.exe  (43e2d2a972e406b661335266c1af6e30)

The following 8 files have been seen to comunicate with www.bundleconecptquick.com in live environments.

TCP » 54.192.195.197:443
online-guardian-v2.0.9.exe

TCP » 54.192.195.94:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.195.94:443
online-guardian.exe

TCP » 54.192.195.197:443
online-guardian-v2.0.9.exe

TCP » 54.192.195.197:443
onlineguardian-v2.exe

TCP » 54.192.195.183:443
vosteran.exe

TCP » 54.240.160.136:80
ctfmon.exe

TCP » 54.240.160.239:80
PastaLeadsService.exe (PastaLeadsService)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.