home

www.bundlessignstag.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
bundlessignstag.com

Scanner detections:
Detections  (83% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.installCore.DarwenMa.Installer (M)
100.00%

The domain www.bundlessignstag.com has been seen to resolve to the following 8 IP addresses.

52.25.41.73
ec2-52-25-41-73.us-west-2.compute.amazonaws.com
May 15, 2016

52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
May 15, 2016

54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
April 20, 2016

54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
April 20, 2016

54.69.11.66
ec2-54-69-11-66.us-west-2.compute.amazonaws.com
April 20, 2016

52.88.159.85
ec2-52-88-159-85.us-west-2.compute.amazonaws.com
April 20, 2016

52.35.10.15
ec2-52-35-10-15.us-west-2.compute.amazonaws.com
April 20, 2016

52.26.95.11
ec2-52-26-95-11.us-west-2.compute.amazonaws.com
April 20, 2016

File downloads found at URLs served by www.bundlessignstag.com.

1 / 68      (Adware)
http://www.bundlessignstag.com/c?x=ZnhNLN841V1EKv6l6t 4wSBhFlsNogs2r0ySrS0Dh5I=&c=rPMn3otX4WT0vg50gM6/ycKKwCF0lbk/P5GWGU6M 2yYesDhsBvxRxs3wZFcD4lMlcF5Tud1IUdhcC3ERntm22SCcbTqFlQKzASCRgBoKDpwPQ8TSQjhMajcMMrzAinl&downloadAs=Google Chrome Setup.exe&fallback_url=http://www.downloadfree4.com/.../index.php  (icreinstall_c.exe)

1 / 68      (Adware)
http://www.bundlessignstag.com/c?x=6t jXv1gRnRBYTOBkKkX9Yx4 70HjmKJxAsD7scy5Es=&c=EN/oIlJQcZHZZ7GyWGXMSr0i6Nh8Obn72ozRy42KyQUDHXkQQ1OQhQKWfLFoz7pjs8o4y4ba 8Z6Vsgxk4Soy1IQKvAFbFlmYbxTxcxva2NnelKsyrB3lE4EnQt1rd1y&downloadAs=Google Chrome Setup.exe&fallback_url=http://www.downloadfree4.com/.../index.php  (09bb1c267d4eb8887b7fecd234b2b1e1)

1 / 68      (Adware)
http://www.bundlessignstag.com/c?x=bPinc1kJ/25vjBNlfv/c83YXv1OIFKd6Pn5TP1dofXo=&c=awY3eFg1lVfzoa7PFLNXqrKMgZEE9oVhv3xqeBMbCSV2EIMCJ1/u5dSt3SXgGg7MXfaBrPoXA7/xZpOk/R7I49NfJ6as9n6wb5nX0UNvX/lUddqUY8EuDEfD8Td3vXgb&downloadAs=Firefox Setup.exe&fallback_url=http://www.downloadfree4.com/.../download.php  (7e8b6da4ad5f71ce3a4baf463bbaa2b1)

1 / 68      (Adware)
http://www.bundlessignstag.com/c?x=5r8qxTwAy5zKPMaUoQ953AMdqIImAaH4mNWnMvDUB0M=&c=O LUOUaU9lflBOJ4W7UsbFhIGZFRIMyOsF1EnSDdB1WJ0rrcUt/nQeDhJz9pLixEWSftEK3BnnXypareH6GM0xdms79k39svdU740Q5xaUlpTgqMRqpVOnWO6H0hzLl1&downloadAs=Google Chrome Setup.exe&fallback_url=http://www.downloadfree4.com/.../index.php  (icreinstall_c.exe)

1 / 68      (Adware)
http://www.bundlessignstag.com/c?x=CILbNFp/G1s6OfYA8Ktxxo uK07SPOdRleb7ApDD3L8=&c=CiaY5PZFphessVrfqSP 1y9Vo0YoTjpoDn0zPiCUOBGAtgF7zLFpikPJHDxAB7VtIgMbZb3EICGG5/aWs0U0lrgrdvMa0q3P28V4lMJBjx244h P6HEJf4nryYP4OGH&downloadAs=DVD Decrypter Setup.exe&fallback_url=http://www.onlyfreedownloads.com/landing/bing3/.../download.php  (3cfdcace22cf1855c71a5bbfe27b7ed3)

1 / 68      (Adware)
http://www.bundlessignstag.com/c?x=Tja3vGNYcwMQJ8HADCcfalO0qIKHD W6N73C6Hy79QM=&c=8Tyo9w 4Bhx1SfvTtnQclTFjDGek5CzHgHE7B2KDibApzCtTYlsIz3Gmf0IdXUd/2y IAXYBewiJsNBtk5JO1b67mTYl1 tK1ZVayPsbuhKKeZZ71FTo0YSnVvcIZoFM&downloadAs=Google Chrome Setup.exe&fallback_url=http://www.downloadfree4.com/.../index.php  (icreinstall_c.exe)

0 / 68
http://www.bundlessignstag.com/WVl6OTRQV1pLVlROaFpTVXlRaVV5Um10U05IQXpiR3RaZFU1MmRXeDJPRUpUY2toNVJFaFJPVXRQV2tGT1NWSWxNa1pYUmxrbE0wUW1ZejFxUm14QmMzTTJTWEE1YTJKR2VXeEZjMFZuUzFVeWFrVk9KVEpDYkUwd1YxQldjbU15YVVoMFEyeExjQ1V5UW1Gc1ZuSnRhVXhwV0ZsVWFuaFVPVGgyVTNaYVJYaFBabWRoVFZoS2NWbzFKVEpDVVhwSFMyUkZiRWRGZHpCV2J6Um1kMHRqTjFVeVMxaDVNV0p0VDFOR1lYZDZaM2h5VERWMUpUSkNka3N3VVdwa01FeE5kemhpSm1SdmQyNXNiMkZrUVhNOVUzQnZkR2xtZVM1bGVHVT0=  (spotify.zip)

1 / 68      (Adware)
http://www.bundlessignstag.com/.../rw7&downloadAs=TeamViewer.exe  (8db3ba3f68997623cff51844535c33ec)

The following 6 files have been seen to comunicate with www.bundlessignstag.com in live environments.

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.