home

www.filesbundleshare.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
filesbundleshare.com

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.InstallCore.Installer.Installer (M), PUP.InstallCore.FC.Installer (M)
100.00%

The domain www.filesbundleshare.com has been seen to resolve to the following 10 IP addresses.

54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
May 21, 2016

52.25.41.73
ec2-52-25-41-73.us-west-2.compute.amazonaws.com
May 21, 2016

52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
May 21, 2016

54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
May 21, 2016

52.35.10.15
ec2-52-35-10-15.us-west-2.compute.amazonaws.com
April 10, 2016

52.34.170.106
ec2-52-34-170-106.us-west-2.compute.amazonaws.com
April 10, 2016

52.25.23.136
ec2-52-25-23-136.us-west-2.compute.amazonaws.com
April 10, 2016

54.191.37.5
ec2-54-191-37-5.us-west-2.compute.amazonaws.com
April 10, 2016

54.69.11.66
ec2-54-69-11-66.us-west-2.compute.amazonaws.com
April 10, 2016

52.88.159.85
ec2-52-88-159-85.us-west-2.compute.amazonaws.com
April 10, 2016

File downloads found at URLs served by www.filesbundleshare.com.

1 / 68      (Adware)
http://www.filesbundleshare.com/c?x=/4RJ9OVJtYsQl2g1yIHn9QOrF/cggKcJhT2yQsAZ f8=&c=Y6/Cj DP9htbwUJ6lVWUz OCsRUg8xu1UL7kNyHsVkhFxW2tpRNT8OcZ8iiYZ05NE7L8Hvn AfTtUyXbYJ6HP 1nGE3VUFB/P0KM8jxMsN4ROinszKUgJpnDFV1Ey c6g8tG0Jlpp9XxcLfzIq4o4VBLxOWahSPKaMMEQ0Dz/hrm80eRxn2rdC HbSbDyLCP&downloadAs=mortal_kombat_4.exe&fallback_url=http://gamefabrique.com/dl/.../mortal_kombat_4.exe  (c.exe)

1 / 68      (Adware)
http://www.filesbundleshare.com/c?x=s/9nKLdNK6tRSxaIljRQTPAJE/po6FhX LeGtxiXW U=&c=qu/1 xK1jYjj9J6zMGwx1pbV8SZLyp/rOfabVmL91atfYlSX1fnZ0bPZY69u7tGvOQKOBtxnmDtselwEZfG4MWeLHpLNvSWduSecCJ5wqYiKjAuuBnBPg3T Hi8zxiJW0JV9mO1N3LTwQsDSX tKlfte8n9PJ3ILRk9QVafUoV/cC4GwVI OUjdGNMKVuRP2&downloadAs=super_mario_bros.exe&fallback_url=http://gamefabrique.com/dl/.../super_mario_bros.exe  (icreinstall_super_mario_bros.exe)

1 / 68      (Adware)
http://www.filesbundleshare.com/c?x=O0pBcU9Y71qqu5bt3JunH8gko2RSsRftzO48s0ZXZpk=&c=tMdIRnp0l X KlSRkltZnTiSvcylTgIcRqzuO3sTqXukJuL1PtoLD5S6TMwqlfAyzDJLoncIGbRDctZPf56rAtuU49r/kfXZVR3/RvDXo59bJMM0cMa 1f RcNle3r4&downloadAs=aladdin.exe&fallback_url=http://gamefabrique.com/dl/.../aladdin.exe  (icreinstall_aladdin.exe)

1 / 68      (Adware)
http://www.filesbundleshare.com/c?x=r1hbNmdy3l0K3mGAzo5n3UlfMxskLB8whnU3 P4c5G8=&c=MCLKWO1zp9WR4Zq kM 91qQvnazQg52JnaAz9LwUWUxbLiUwI6Ar1QRZfNKXWchvPzqPaLPrkrZ0hy3iFAyso9y3/VJly4jfeU7FM Mfp6wN0Ooxz6RKrFClAiAI1PyqZsd0uOPqHz3gsliF0pTHOFmDfKJxGV5wL6YV/oEhA84UugEdeec8Y48H0HaQQ4j8&downloadAs=goof_troop.exe&fallback_url=http://gamefabrique.com/dl/.../goof_troop.exe  (88d5bce228a9f90c8db15b987c5f765e)

The following 6 files have been seen to comunicate with www.filesbundleshare.com in live environments.

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.