home

www.chucklegrabbinaries.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
chucklegrabbinaries.com

Scanner detections:
Detections  (75% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.InstallCore.Bundler (M), PUP.installCore.BeijingQingchuanglianxiangTechnologyCo.Installer (M), PUP.InstallCore.Fukupef.Installer.Meta (M)
100.00%

K7 AntiVirus
Unwanted-Program
33.33%

ESET NOD32
Win32/InstallCore.ADX.gen potentially unwanted (variant)
33.33%

The domain www.chucklegrabbinaries.com has been seen to resolve to the following 11 IP addresses.

52.25.41.73
ec2-52-25-41-73.us-west-2.compute.amazonaws.com
May 16, 2016

52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
May 16, 2016

52.26.95.11
ec2-52-26-95-11.us-west-2.compute.amazonaws.com
April 15, 2016

54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
April 15, 2016

54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
April 15, 2016

52.25.23.136
ec2-52-25-23-136.us-west-2.compute.amazonaws.com
April 14, 2016

54.191.37.5
ec2-54-191-37-5.us-west-2.compute.amazonaws.com
April 14, 2016

54.69.11.66
ec2-54-69-11-66.us-west-2.compute.amazonaws.com
April 14, 2016

52.88.159.85
ec2-52-88-159-85.us-west-2.compute.amazonaws.com
April 14, 2016

52.35.10.15
ec2-52-35-10-15.us-west-2.compute.amazonaws.com
April 14, 2016

52.34.170.106
ec2-52-34-170-106.us-west-2.compute.amazonaws.com
April 14, 2016

File downloads found at URLs served by www.chucklegrabbinaries.com.

1 / 68      (PUP)
http://www.chucklegrabbinaries.com/c?x=cDgOclQkAVhvr3rIGDPvnMdsCQ5T7b7rEShoPMIzVXw=&c=j3ElHS Sj9C A8uNOGyfm6jLa3uHp07dt8U6KRvh1HX59IvE6kuEhd/otX8AoZ4KYCa/8Mea7qU3YuyGK1YM2qbjdxXbap0MEI/8rSVim XBI2J8T8 Tf/tba/20VcVB&downloadAs=PDFtoWordFree.exe&fallback_url=http://.../  (6febc0cfaa7a897b3934cedb0176509d)

1 / 68      (PUP)
http://www.chucklegrabbinaries.com/c?x=VeFb79/cdTn a/1HnIexV4wxt pQaOYGh7aqAQUYd6w=&c=lXwyTFSEyndn9l2EWYbcBKQCOYaFeAieSIYAA eJm3g/ VapO2h7d7Gd3wOrEtn6Hq8iEeYZyUJrDKuSC7bu9DNBJ5Gs/ZqF6MH8mXkSddDHDac06VNuYwVQtYqVxIK&downloadAs=FreeDVDtoAVIMP4WMVMPEG3GPFLVConverter.exe&fallback_url=http://www.downloadonic.com/freeaudiovideosoft.com/.../FreeDVDtoAVIMP4WMVMPEG3GPFLVConverter_IS.exe  (8a44808fb0f64617f71d3861c0bb474d)

0 / 68
http://www.chucklegrabbinaries.com/WVl6OTRQVTFhYldWU1dVRTBjRU5OYXpocVNIZHlUSFp2YkVodmNEbE1WMmw1ZUVscFNEVkljU1V5Ums4eFVsSnlRU1V6UkNaalBXUXdjMlJhWjNWSWMzUnNhbXhtYkhsVk9VTjFiVnBWV0RWV1drMXhXVEUyY1Rsa1pVcHpjVXhFZEV4WFZsaE9RbUkyZFRJMFJVcE1ObU5ZYldoSVIwOVFibWRwUkhwdWIwNWxTVk41TjFnMk1rSkRNVFZNTURSTWJrNW5iWE5tVFZWTGRETlBUMHBxU0Vwb1UzZFJNVk40ZEhKRGVtbzNaM0JKUjNSSloyTlVKbVJ2ZDI1c2IyRmtRWE05Um5KbFpWTm9iM0owWTNWMFVtVnRiM1psY2k1bGVHVW1abUZzYkdKaFkydGZkWEpzUFdoMGRIQWxNMEVsTWtZbE1rWjNkM2N1Wkc5M2JteHZZV1J2Ym1sakxtTnZiU1V5Um5Ob2IzSjBZM1YwY21WdGIzWmxjaTVqYjIwbE1rWm1hV3hsYzJSdmQyNXNiMkZrSlRKR1JuSmxaVk5vYjNKMFkzVjBVbVZ0YjNabGNsOUpVeTVsZUdVPQ==  (freeshortcutremover.zip)

1 / 68      (PUP)
http://www.chucklegrabbinaries.com/c?x=s6J xRt/agMzc5qd6YPenPgA5x2JHmdz17IBmBqKEjE=&c=De/P/il7O8dbYvxYEcNV0bIhCGvibUsMfWXE7j5yAIgiCBrpYNBB Skjag7vKm736zXvpVApfyZguPb4YGJKavQElWAAx 1JoBoojdkn9WmMzCmn RaU47gQeRnzy7YW&downloadAs=FreeDVDtoAVIMP4WMVMPEG3GPFLVConverter.exe&fallback_url=http://www.downloadonic.com/freeaudiovideosoft.com/.../FreeDVDtoAVIMP4WMVMPEG3GPFLVConverter_IS.exe  (8a44808fb0f64617f71d3861c0bb474d)

3 / 68      (PUP)
http://www.chucklegrabbinaries.com/c?x=G5IqNoXuSV1BSYRbnu2S71t7KN24Noho6bXVqmBiJwQ=&c=yV/ z/3u8dHjYB1QSrKX0a4MUCxbfQ 5phVJ72MJHLHAOWnAalDoGXpCfbexfPvR2iZukHoe4La/0gVyPTxectKkthR LE6y YkKruIrCV9orc1ctCUeeVTmwyo3etUA&downloadAs=FreeAudioEditor.exe&fallback_url=http://www.downloadonic.com/free-audio-editor.com/.../FreeAudioEditor_IS.exe  (093b5274b8b4e1455ba4bb69d0063afb)

The following 6 files have been seen to comunicate with www.chucklegrabbinaries.com in live environments.

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.