home

www.bundledownloadsfarm.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
bundledownloadsfarm.com

Scanner detections:
Detections  (75% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.InstallCore.Installer.Installer (M)
100.00%

The domain www.bundledownloadsfarm.com has been seen to resolve to the following 11 IP addresses.

52.25.41.73
ec2-52-25-41-73.us-west-2.compute.amazonaws.com
May 15, 2016

52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
May 15, 2016

52.26.95.11
ec2-52-26-95-11.us-west-2.compute.amazonaws.com
April 18, 2016

54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
April 18, 2016

54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
April 18, 2016

52.25.23.136
ec2-52-25-23-136.us-west-2.compute.amazonaws.com
April 11, 2016

54.191.37.5
ec2-54-191-37-5.us-west-2.compute.amazonaws.com
April 11, 2016

54.69.11.66
ec2-54-69-11-66.us-west-2.compute.amazonaws.com
April 11, 2016

52.88.159.85
ec2-52-88-159-85.us-west-2.compute.amazonaws.com
April 11, 2016

52.35.10.15
ec2-52-35-10-15.us-west-2.compute.amazonaws.com
April 11, 2016

52.34.170.106
ec2-52-34-170-106.us-west-2.compute.amazonaws.com
April 11, 2016

File downloads found at URLs served by www.bundledownloadsfarm.com.

1 / 68      (Adware)
http://www.bundledownloadsfarm.com/c?x=2ftKKKiq0ayA v5P4OFuiy/Ckj1ykeQg4QO2cd0JoAk=&c=CkXxojAOZbfG3G3fSkn6puPnDn9JJDjtAsIjfPYqp0ItY7qaadXtDw U0bphOwXilevoLYn b/S JMyBl8SHTpIGi 8k1By2I a20BYXeodtlXRK7CaU8wz89BXDFhdy&downloadAs=Boleto-Expresso_2027.exe&fallback_url=http://www.neointerativa.com/_home/download/.../BoletoV20R27_Demo.exe  (6710d8dcf0d19b6ba380f22b88d9575f)

1 / 68      (Adware)
http://www.bundledownloadsfarm.com/c?x=S Eu480AnnoFUF6kSz1fuAJ7SdodLCHXfqq/4m1lYxE=&c=KXTaMTioNhv2BeyeHmjE8hF7QC6Kl6qrff0Wsf9/HkN4oKSOA9ZyTokgDzxAFYph3gpb5GfbfZVBHTD3ff61sp5YgYLAv0eu2zMDaGccsfHBDZVQaAEM3voB44Ih1YbN&downloadAs=HP-Photosmart-C3180-Driver_6106324700.exe&fallback_url=http://files.ultradownloads.com.br/.../266364-HP_Vista_MFP_Ph1.exe  (2140e5ccb91039ae6ae3d12bb6b4831b)

1 / 68      (Adware)
http://www.bundledownloadsfarm.com/c?x=9SRyJiC1PIn1FEVonny1TzsHoxBtSx0Zs220IB6q26s=&c=2S93EnL2SN/SO5rx8ODxvtW04yO1563p0HCzX8mX2y3TEsz1mPm32fouLUGTDXc60Fmmbsh9UTQt6GakAYOVtyrHIIB8IkC8L2t8CJeBJ3/Mg/ mDbA4PHr2ILyddDAG&downloadAs=Mamae-Que-Nos-Faz.zip&fallback_url=http://www.sofontes.com.br/files/.../Mamae-Que-Nos-Faz.zip  (setup.exe)

0 / 68
http://www.bundledownloadsfarm.com/c?x=sX3Vr4HDokHGy8hPvVKDyMyvk04E/LRg2C0lNxIKs6c=&c=LMyd5w qy1rBLHlNxASSDvjoBLvV155jcMN u5lTN4tVELoprmoyUv2i//KId5VITgj5c HcwG/h81P5xv92fPVpH8UKhvUc1P2E X7AyIY3UNuVIbWi6iGfFPj TtNx&downloadAs=David-Copperfield.pdf&fallback_url=http://files.ultradownloads.com.br/.../278146-David-Copperfield.pdf  (david-copperfield.zip)

The following 6 files have been seen to comunicate with www.bundledownloadsfarm.com in live environments.

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.