home

www.citypresentbulk.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
citypresentbulk.com

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.InstallCore.RES (M), PUP.installCore.BeijingQingchuanglianxiangTechnologyCo.Installer (M), PUP.InstallCore.AGORASA.Installer (M), PUP.InstallCore (M)
100.00%

Microsoft Security Essentials
Threat.Undefined
5.88%

Dr.Web
Trojan.InstallCore.1411
5.88%

The domain www.citypresentbulk.com has been seen to resolve to the following 21 IP addresses.

54.200.224.121
ec2-54-200-224-121.us-west-2.compute.amazonaws.com
July 18, 2016

54.148.183.210
ec2-54-148-183-210.us-west-2.compute.amazonaws.com
July 18, 2016

54.191.246.249
ec2-54-191-246-249.us-west-2.compute.amazonaws.com
July 2, 2016

54.149.195.20
ec2-54-149-195-20.us-west-2.compute.amazonaws.com
July 2, 2016

52.41.114.34
ec2-52-41-114-34.us-west-2.compute.amazonaws.com
July 2, 2016

52.33.46.229
ec2-52-33-46-229.us-west-2.compute.amazonaws.com
June 18, 2016

54.200.103.60
ec2-54-200-103-60.us-west-2.compute.amazonaws.com
June 18, 2016

54.148.209.28
ec2-54-148-209-28.us-west-2.compute.amazonaws.com
June 18, 2016

52.38.209.219
ec2-52-38-209-219.us-west-2.compute.amazonaws.com
June 7, 2016

52.33.165.25
ec2-52-33-165-25.us-west-2.compute.amazonaws.com
June 7, 2016

52.32.12.104
ec2-52-32-12-104.us-west-2.compute.amazonaws.com
June 7, 2016

54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
May 23, 2016

54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
May 23, 2016

52.25.41.73
ec2-52-25-41-73.us-west-2.compute.amazonaws.com
May 23, 2016

52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
May 23, 2016

54.69.11.66
ec2-54-69-11-66.us-west-2.compute.amazonaws.com
February 23, 2016

52.88.159.85
ec2-52-88-159-85.us-west-2.compute.amazonaws.com
February 23, 2016

52.35.10.15
ec2-52-35-10-15.us-west-2.compute.amazonaws.com
February 23, 2016

52.34.170.106
ec2-52-34-170-106.us-west-2.compute.amazonaws.com
February 23, 2016

52.25.23.136
ec2-52-25-23-136.us-west-2.compute.amazonaws.com
February 23, 2016

54.191.37.5
ec2-54-191-37-5.us-west-2.compute.amazonaws.com
February 23, 2016

File downloads found at URLs served by www.citypresentbulk.com.

1 / 68      (PUP)
http://www.citypresentbulk.com/c?x=7hmNttxkoJ3k pu67HWKEnX8GHf05ZgWx9xdux2CmdU=&c=7pXuzMvkAs7d/wtmJ0KTddEZv 6fRqkP5BpCnUeK8X4z/ZCUdClCskOwmswhIEH1Bo0Cen1B26 5fnV2BsGy/i7ylfD6mk7iHs8RMwvjreqU2cuuI1h8F2qpWes7C9W5w1/Jn6QzekKoVQXjImHi2w==&e=0&fallback_url=http://bi.sciagnij.pl/0/.../Transmission_Qt_2.84_x86_32_installer.exe&downloadAs=installer_Transmission_sciagnij.exe  (ff0515599a7ee4c63069c27c2db42513)

3 / 68      (PUP)
http://www.citypresentbulk.com/c?x=PdtMcTUU4XB9bWgUCkJgx6JmF42cfz7H8SBfyKjQQ4Y=&c=nuJ2fGZaA1oZ4bGZUl9lOlu12JolkEfCz G0Cd4sm27OkKO F4TGNESYLPg3fytfOJrc6FEhTpFgjZJbSMDdZS oOYeFqEWehw7CSLoUSS1RjNuebCKWsMJRTWTH9xi2AZq P96PKatKNdmshRkBaQ==&e=0&fallback_url=https://products.office.com/.../try&downloadAs=installer_Microsoft_Word_sciagnij.exe  (7f54be3d0f87fefd9605d99517343080)

1 / 68      (PUP)
http://www.citypresentbulk.com/c?x=zVm CGqcMCu3VCy65MO9TTRq9o3ctswlRVci47HMetU=&c=kGeWgbF5mDeNGSUL8hOtce76CpsWZyMjY5z2mkRYEEdmNlhRVk80pdUBzLDFuSzX09YliGa1Khld7Poshbql0jxcoca03gSSgo/8Ibc8F0QM0YlcMgaT8rvg3lX4IAo5RPEIBocucmn2bnfIoJ1Wyg==&e=0&fallback_url=http://bi.sciagnij.pl/0/.../paint.net.4.0.9.install.zip&downloadAs=installer_Paint.NET_sciagnij.exe  (a815ea52ce1b56e6b1643ad7a1f57200)

1 / 68      (PUP)
http://www.citypresentbulk.com/c?x=/y/ 6PfjmDmFcqFiAOxLCCYoW1pCSn5JMXaN WFSxq4=&c=crESnqMkkBvJHqNc6lq24gsLFFuy2dp7bpStpfJl4/AtW4LftTe09hAHpf9TVQ/7PFHLmomUWpjAqm1JYRl5/OVq 94wOozl/8tOfDEdk5qoxDc3Y8ROYxeMIcOUHSws9lF7iO 36hgTpTeCcDZFMg==&e=0&fallback_url=http://www.fileplanet.com/59831/.../Real-War-Demo&downloadAs=installer_Real_War_sciagnij.exe  (968b9bc179782df64c313efcd143e94d)

3 / 68      (PUP)
http://www.citypresentbulk.com/c?x=mElpIZX4z GPyUNMkcDATVZirppPTUsk8zLBKFjUVjc=&c=PYq2j3K8mCFG0rzaunYcaVhEZQNHHpCpg3qztiGY7BEAkcixvHyIUE0CzqTKSvoJU9v0P7cTPcCQqh pcUK8aRz2XnhMpn9J5glqjSL84JrfAJOxLd7oTXpzxNYpJ4knUvA7i5OwX7bp298AJt/00g==&e=0&fallback_url=https://products.office.com/.../try&downloadAs=installer_Microsoft_Word_sciagnij.exe  (7f54be3d0f87fefd9605d99517343080)

1 / 68      (PUP)
http://www.citypresentbulk.com/c?x=uCqkiYefgEyTniXwUAofnBw5CthlXIm/IF9JOo zUWY=&c=bYbhrgM4o9sqesaDiZ6uoyrtymjdICGfTEVMCYdOl7/5DvZI1H/LhGIj5 8eClKSq4JYXAnkE//RM699sGXpDJRjO QDrpuNS4DNhAi9phU4u8fFIRghCHzQngbrx3gBTcceHruEwMHbDhOzPwEz3A==&e=0&fallback_url=http://bi.sciagnij.pl/0/.../Nero2015_setup-16.0.05000_3p_trial.exe&downloadAs=installer_Nero_7_sciagnij.exe  (e772c5c9e0608b97622eb77d94689c35)

1 / 68      (PUP)
http://www.citypresentbulk.com/c?x=HvNbqtns5HsG 7LC88 K1R8xhje3DJLrfed004J9TtI=&c=NDxpC0Q2A7mwQ7quyDdKPAVrNytQyz6zORtYY4lfH9oLVvyod9b1ZeyC98kH677XqGVNEdoFJGVSHl0CcPuTPQ15eBZbSi/yeRagieJiMusc0JdXedNFDse54/SbBsI4jR25bStu7ZupXgiuDunp2A==&e=0&fallback_url=http://www.download.cenega.pl/.../?ID=674&downloadAs=installer_Codename:_Panzers_-_Phase_One_sciagnij.exe  (installer_codename-_panzers_-_phase_one_sciagnij.exe)

1 / 68      (PUP)
http://www.citypresentbulk.com/c?x=QUbfafiVKY7ezK6eJOdN0TaArvXGXsqw4ZOUz0SsErs=&c=N mgc2riujKn8/gmYe7GWd2T xuC7XRTBUJe05m9khLO/fUkC 5JXykJMk18bFiXK/DlymTE/6GT2QRPtP7DgZf3xvAEc28ffI/eofi3bwASD1IsZpAfDU6tTx0Usn/sCI/pBPnkJso8mDmNptzznw==&e=0&fallback_url=https://chrome.google.com/webstore/detail/.../gighmmpiobklfepjocnamgkkbiglidom?hl=pl&downloadAs=installer_AdBlock_dla_Chrome_sciagnij.exe  (1fd1ba84be8e35949bc3aad09e6ec3e1)

1 / 68      (PUP)
http://www.citypresentbulk.com/c?x=WfZ6zNKZnhj3rAR9ujwlvJQHBmu/S7cf6DiTm9ckXMQ=&c=ZGm2oxqsDptBSoxwxPTjvFY6529PzfhXLnrOzlt1fh29tg5We4M 4LPTt2u6IflhmEQa gUc2s06izJsX5oIPYn4dFdVhuJVi29dO9fkouvhfwvYz3JXrmazRIB2CVvd2rrqx9pfhVZdO2EngwAGQA==&e=0&fallback_url=http://bi.sciagnij.pl/0/gry/n/.../nfsmwdemo.zip&downloadAs=installer_Need_for_Speed:_Most_Wanted_sciagnij.exe  (installer_need_for_speed-_most_wanted_sciagnij.exe)

1 / 68      (PUP)
http://www.citypresentbulk.com/c?x=BmfT/NlJwndRapXUmdkjWva2Tci2NpstRd3LOKRVf3M=&c=6dYHVMdwAYTNTWFGVfW6Pv92fbHT4BZabNeWF EWZyiubfm1PO7ucjul0GfVTIhlTvam5kwOB0IEZMFKMMoG94IZpEsFNV9Etmv4/OkYciC6V41yWCc2cQVVGJ5CF IcTJ5kLMt3a0pub1PAfuf1Zg==&e=0&fallback_url=http://bi.sciagnij.pl/0/.../Instaluj_PIT_Format_2015.exe&downloadAs=installer_PIT_Format_sciagnij.exe  (dca3f1ca18219cb67586d1efaf4df2a1)

1 / 68      (PUP)
http://www.citypresentbulk.com/c?x=AOA Y7Kq0VPm5hXqwAAi6OrIekC8gYn01a2qpG4eGMk=&c=QyOvFXGfI3lxZvo/BKmcCnQ57SUu/ccRx1DGYr35NgoU7MKbEDnVmx14bI0Utd0vZI5NGc0W2vvNOr1TevBB09iCt3ho7L GSoStSd8S7ipzYWBq6kBIbglUTG4xvk74xvc5SM2ykkuTPPTgz3HWqg==&e=0&fallback_url=http://bi.sciagnij.pl/0/.../zyczu-mc.zip&downloadAs=installer_Minecraft_Launcher_by_Zyczu_sciagnij.exe  (icreinstall_installer_minecraft_launcher_by_zyczu_sciagnij.exe)

1 / 68      (PUP)
http://www.citypresentbulk.com/c?x=vGUed5CwKX5W7yw1a0DCgcY67Q/55M/2ocyZowMAQR8=&c=kUxBOzpSCWDc8usXYfo6nr9QllB8Oz7hW4FjR7paf6Q7QQO8pAW63b3SSjNGMqMYodt jPNsArvVW6uCT38SxK44ylAw bZAFUeRfPaC oGuhtUjcR19HlLsarEgb6uWIw9ygRiGAmFvPLbzxDavXg==&e=0&fallback_url=http://bi.sciagnij.pl/0/.../Metro_2033_Language_patch.exe&downloadAs=installer_Metro_2033_spolszczenie_sciagnij.exe  (8d51c7b7fdfe9261f1c12b6b17d0679e)

1 / 68      (PUP)
http://www.citypresentbulk.com/c?x=K1Gkd80DvCpxsBo0q0DbbdY5vhAnnMrYbRH3OPFtm2w=&c=iP ls3qEfHQqsbVwzHI8B4iI2c59JRhsI4pN8j1nd/QXIHnv39LWVO4L0hw8BENti2rTonT0wU4L1L Qgdot5uiMi 1yqgPRH5 xuO0ZmXfN/Eag1f1ujQZ9eecf8c 1&fallback_url=http://bi.sciagnij.pl/0/.../310073-instalator_sciagnij.exe&downloadAs=installer_PDF_Stamper_sciagnij.exe  (a6bb85d0da6028711ab825fa01667f74)

1 / 68      (PUP)
http://www.citypresentbulk.com/c?x=LrUB6erOlbLLmtycqBWICA9b9IEv7hrP9zoo28GGUUA=&c=AVUO3Xr8quc0NFeAT5VBTapPciihVH1EaDrw3h83 7xX5EgQtDxjT5fp6Dg7XuzUfvJazWFOgay3jzUG7xHateC/H/0ZiNHd8GLMmG/wmRH8GBqIwDNSy39hr/9pj92XPbVRyP0wsBP4eNRcsbDmYw==&e=0&fallback_url=http://bi.sciagnij.pl/.../0/fallout_spolszczenie.zip&downloadAs=installer_Fallout_spolszczenie_sciagnij.exe  (3f27834d1f6256684ab0c39c536ad9bb)

1 / 68      (PUP)
http://www.citypresentbulk.com/c?x=tr8bcQxRvlXIhEFOeslpH7iRtT q5bcglZfMWHsUAsU=&c=mDFD44fQb0WmFOjxYMHNoPPVFywN nEfSJuR2aEojHxJii3 H0W5arrwwL6BFAcdbTmy61jRwr16qg/lj WxaSDhcPo8LZjiVqyBetKEzlPYHzV703cuLZVyfUqvsSz7xAY1jPE276O KxlXJuqaxQ==&e=0&fallback_url=http://bi.sciagnij.pl/0/gry/t/.../titan_quest_demo.zip&downloadAs=installer_Titan_Quest_sciagnij.exe  (944727772e059139173af36bc195fbc7)

1 / 68      (PUP)
http://www.citypresentbulk.com/c?x=YsPLgLfPARYZLaon5ffGsi3S4NvWmvSUNESC/SeZg9Y=&c=9Hc9vfuGQtH01IRjmyHTidut6uGQWeS6FOtvL93tNrJTaE4/q1Anew1GgK1wjgsIeCVrsM5Gr5HbSxKfan 98s2fbLl4Atw4u4Mczr/YuNZs1k0y/Vm4K pS5kn9WpiSkhUs uYsJqc0YxMM/SfCIQ==&e=0&fallback_url=http://www.portal24h.pl/pobierz/pobieranie/.../1379-sins-of-a-solar-empire-rebellion.html?chk=f6f92c420503e80c0c70193bb052a5c3&no_html=1&downloadAs=installer_Sins_of_a_Solar_Empire:_Rebellion_spolszczenie_sciagnij.exe  (installer_sins_of_a_solar_empire-_rebellion_spolszczenie_sciagnij.exe)

1 / 68      (PUP)
http://www.citypresentbulk.com/c?x=dmxJ3QzcVzY 51Uk5l4OdOyi3yEIDuFPZJJGHh3g2SE=&c=zyrIJlECNBe0xsI KFGKZ33yJmuWxEV5o8MUMFiO8 fIr9EiBh63KRhbSKCNcY3o9tkT0i8GQgkqNU4/rG4N6xJik6YoSPeOEnXdmvl0okwu1wyvB0RYGy1BcKRkstPW&downloadAs=FreeDVDtoAVIMP4WMVMPEG3GPFLVConverter.exe&fallback_url=http://www.downloadonic.com/freeaudiovideosoft.com/.../FreeDVDtoAVIMP4WMVMPEG3GPFLVConverter_IS.exe  (8a44808fb0f64617f71d3861c0bb474d)

1 / 68      (PUP)
http://www.citypresentbulk.com/c?x=f2slcWoDvZ4yL52IMWOVuGeZl7nV8r3MntoqPL2fh5Y=&c=MIvSQ9xQDRdC6rNDH tyeKlhOdE2 QFpt07cFVsuuUWRloHCbBGslSFFOpEghnZWo95ZkAfneGIp6rgah05mk/H02rGEGnDpWO5aBpsv9/7Ms3 sJ5vuwgmzR/8ymBSoembQ8tAaLdhBE/MZ p5jng5I/aQ9uo gw87QZ5gNDw8=&downloadAs=FreeWiFiHotspot.exe&fallback_url=http://www.downloadonic.com/free-wifi-hotspot.com/.../FreeWiFiHotspot_IS.exe  (setup.exe)

The following 36 files have been seen to comunicate with www.citypresentbulk.com in live environments.

TCP » 52.38.209.219:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.33.46.229:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.33.46.229:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 52.38.209.219:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.38.209.219:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 54.200.224.121:80
browser.exe (Browser)

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 54.200.224.121:80
kometa.exe (Kometa by @COMPANY_FULLNAME@)

TCP » 52.38.209.219:80
browser.exe (Browser)

TCP » 52.33.46.229:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 54.200.224.121:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.200.224.121:80
ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 54.200.224.121:80
browser.exe (Browser)

TCP » 52.33.46.229:80
Client.exe

TCP » 54.200.224.121:80
kmplayer_3.8.0.123.exe.exe (The KMPlayer by PandoraTV)

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.33.46.229:80
ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 52.33.46.229:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

 
Latest 20 of 77 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.