home

www.giftbundlesign.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
giftbundlesign.com

Scanner detections:
Detections  (86% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.installCore.GERYONADS.Installer (M)
100.00%

Malwarebytes
PUP.Optional.InstallCore
50.00%

VIPRE Antivirus
InstallCore
50.00%

Sophos
Install Core Click run software (PUA), PUA.Install Core Click run software
50.00%

Dr.Web
Trojan.InstallCore.1027
50.00%

AVG
Generic
50.00%

Qihoo 360 Security
HEUR/QVM42.1.Malware.Gen, HEUR/QVM06.1.Malware.Gen
50.00%

K7 AntiVirus
Adware
33.33%

ESET NOD32
Win32/InstallCore.ADV.gen potentially unwanted application
33.33%

Avira AntiVirus
PUA/InstallCore.A.65
33.33%

Vba32 AntiVirus
SScope.Malware-Cryptor.InstallCore
33.33%

McAfee
Artemis!9A826135A3B7
16.67%

ESET NOD32
Win32/InstallCore.ACP.gen potentially unwanted (variant)
16.67%

Baidu Antivirus
Adware.Win32.InstallCore
16.67%

The domain www.giftbundlesign.com has been seen to resolve to the following 15 IP addresses.

52.38.209.219
ec2-52-38-209-219.us-west-2.compute.amazonaws.com
July 6, 2016

52.33.46.229
ec2-52-33-46-229.us-west-2.compute.amazonaws.com
July 6, 2016

52.32.12.104
ec2-52-32-12-104.us-west-2.compute.amazonaws.com
July 6, 2016

54.191.246.249
ec2-54-191-246-249.us-west-2.compute.amazonaws.com
July 6, 2016

54.186.99.90
ec2-54-186-99-90.us-west-2.compute.amazonaws.com
July 6, 2016

52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
May 15, 2016

54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
May 15, 2016

54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
May 15, 2016

52.25.41.73
ec2-52-25-41-73.us-west-2.compute.amazonaws.com
May 15, 2016

54.191.37.5
ec2-54-191-37-5.us-west-2.compute.amazonaws.com
February 19, 2016

54.69.11.66
ec2-54-69-11-66.us-west-2.compute.amazonaws.com
February 19, 2016

52.88.159.85
ec2-52-88-159-85.us-west-2.compute.amazonaws.com
February 19, 2016

52.35.10.15
ec2-52-35-10-15.us-west-2.compute.amazonaws.com
February 19, 2016

52.34.170.106
ec2-52-34-170-106.us-west-2.compute.amazonaws.com
February 19, 2016

52.25.23.136
ec2-52-25-23-136.us-west-2.compute.amazonaws.com
February 19, 2016

File downloads found at URLs served by www.giftbundlesign.com.

1 / 68      (PUP)
http://www.giftbundlesign.com/c?x=RjhdtDQmQXOBIEZ/9PPaBaveWnYVuxcPuUkHVSE1HIE=&c=Jl3IwIrOhXjYVU1/u1GylNgNKdR89 gpFM0KqO7qGOR4fMVRA2Tex5r3kCnfX7gFeI yjVsW4nWNkmailbd3 4fM730GyMFktsUXRkt877w46Ew49qjBj3T56yuszsTDB9rG2b1DwmhyFhKeJZm/eQ==&downloadAs=Java_Update.exe&fallback_url=http://javadl.sun.com/webapps/.../AutoDL?BundleId=94214  (icreinstall_java_update.exe)

10 / 68    (PUP)
http://www.giftbundlesign.com/c?x=qoOY 0tNtXtXPEIwcyf0y3ltyJar TA4LyeNKBR8KTQ=&c=5vw1Sk9GOBohKhk9nJMdTrSCWV6p72Dhesw tNxMA7CY2UhCfVP53qfVSzSPytXr2370d8/TywShI63dxRuh7toN0yWhRVTcbYqkU1DdEe79B/zORrILP6WVeDcsjr1/7XgkfLoXfLmcoAdhAHwQtw==&downloadAs=Java_Update.exe&fallback_url=http://javadl.sun.com/webapps/.../AutoDL?BundleId=94214  (9a826135a3b794997b35cc79a3289d55)

0 / 68
http://www.giftbundlesign.com/c?x=WMr8smeXNek1rczIX3Bm0/pVeWZc7XOx9nGMcOPVe18=&c=9oRIpkFogwqQRpo3/jYLoXQzn//OY/JCf2wThJdtSoz2tEq/547a/DOXMyltnogDJlLDDTTvjxhvFrxsXSLjSq6Afs9TiXSUMP58/iGjHeXATK1FXdnYTrR/rGhiIbXyKTkkEs1Xw39//Qncm8eMeQ==&downloadAs=Java_Update.exe&fallback_url=http://javadl.sun.com/webapps/.../AutoDL?BundleId=94214  (javainstall(x64).exe)

1 / 68      (PUP)
http://www.giftbundlesign.com/c?x=5wuNB/l FPaffUjo4EpNnONkABm55jS7IoG/qNHFOfo=&c=gycQW5PgRU6keumxibqOFBHzLwfEuYWe93v5WtTU6E21AZsl2aNSeCnJYKRmZV3YEtPtrkXvQ9vZnMEOC/SQuTHCgOfq5kG2mpOvoF3w1CzZWorJEtWayegTeYrLzopmPKvr zD2WXena32E2KWkXQ==&downloadAs=Java_Update.exe&fallback_url=http://javadl.sun.com/webapps/.../AutoDL?BundleId=94214  (icreinstall_java_update.exe)

11 / 68    (PUP)
http://www.giftbundlesign.com/c?x=pJt3vTulbI5QUdAPvSl/cGINYFAVG0qTs7F iFwTWd8=&c=xeg26BUHrwtebidlf2mnSGNtCJMbL8IojdWoo8rZr0FrdLHCPiMOwGf4QHU2O78Q21IG I/8Fq6ZFtNgL/nf7iZBqgsD9GHZ1j3NuKeEllm8QJmWx0U22LAZur/TeVMBuQc/kSLgutiqu7uWe4dZUA==&downloadAs=Java_Update.exe&fallback_url=http://javadl.sun.com/webapps/.../AutoDL?BundleId=94214  (7fd483eb80284815701cb9cf899cd6da)

1 / 68      (PUP)
http://www.giftbundlesign.com/c?x=4fHziw9ZChXYfaKVpfUzYQbs wALmLRopLNxYRkU/qM=&c=PCWN7Vo0aMq96IFUWehQ/g8tcEoJgMv9LGNN0D13KCI7dZIKmE0fAiz0a97mZ3I4GE7cgsIcxz 86a20ejLYZIyEy4pLuBPuuMojyhpBxu3ZjqfTv5Ofw4iNI2bRpVnJiv5zhb4XWatxSi6o3O5EkA==&downloadAs=Java_Update.exe&fallback_url=http://javadl.sun.com/webapps/.../AutoDL?BundleId=94214  (icreinstall_java_update.exe)

11 / 68    (PUP)
http://www.giftbundlesign.com/c?x=YrhaRs/ahJw0LKBJwHHkYem3 GtkjPM2kWbKv6Y6op4=&c=F0IuLO7 UyM0LC56EfcOyt/I5cH2jAbBmZVYhE120x Wsv6TugB CLjdMUD5g3OUt0iwtvhIcXgMEBipiYSHzD7ExHIrgHYf72BaNsvXmnB8pBsLiUJ0rDAAyRWekyBtSSva/KlCaXyMjjouim97qg==&downloadAs=Java_Update.exe&fallback_url=http://javadl.sun.com/webapps/.../AutoDL?BundleId=94214  (7fd483eb80284815701cb9cf899cd6da)

1 / 68      (PUP)
http://www.giftbundlesign.com/c?x=RkjkfGvlcY6FUyriQKZeoRuu5CMXQmaB5PAuZaQTdNA=&c=MsX1sDpjn28SqHn7O12x9aM865ibrDuNjoYJSdyLgaSSDwIQSMp0e1oyNATj5M78 /EEXbiNut5ZpZ ZBcCt1TQZqDfgZ3a1qqczz1jzKqWDSX9qDW6iwcoKa2YVg2/xH 1gYQpGQ9xD5261MEsEQ==&downloadAs=Java_Update.exe&fallback_url=http://javadl.sun.com/webapps/.../AutoDL?BundleId=94214  (4cb2a26bce626967383b6c69586c8898)

11 / 68    (PUP)
http://www.giftbundlesign.com/c?x=pyzLB0beoTmtScNGazoG2WppkJH5iWI0hCbPO4Kwcqk=&c=XbPm GY7knqwCW45nGAlTyMn0jbKxknqmRDOrEwX7lWyiQfBBX2RfiPXGdwYxaslfuwKGEOiScefiwm8bByAMN5RxoEG/MgC30WJRHaVofi0X1mIJhJBEcQKr2LH9bYHmeH/qh90XzT KhosyloXoQ==&downloadAs=Java_Update.exe&fallback_url=http://javadl.sun.com/webapps/.../AutoDL?BundleId=94214  (d1418407ff3386736d93df5aa10bd98f)

1 / 68      (PUP)
http://www.giftbundlesign.com/c?x=QS8zW4asTWAHC9k1uW14nk3oITxQWR2n9nqZbUWZpRs=&c=VYdxjQwqAL4oDNQoAtrx4HEyYgSTpRKHpXlx2Hz8toQ5CjHgWepG5YlPA lXH8LAhEDxq5iHASnEq0QPjEOyb3w7C1qaAk8T61IlrhOPDlBvqZpv5LaaVCI6oCZvfNIXFjxdjbNZZe39ESX1LFLEng==&downloadAs=Java_Update.exe&fallback_url=http://javadl.sun.com/webapps/.../AutoDL?BundleId=94214  (icreinstall_java_update.exe)

1 / 68      (PUP)
http://www.giftbundlesign.com/c?x=98vP3PmyrBXF LLitTW7qii/rOcga5mxYglNliJJo4A=&c=GjjTpm4EQJ6XOMRReSn/J12F3/axgSTFP88nyhLFPf1BHEIHnT0HsGumYBmNlIC7GMNvxitnpUQrGI79kV/ToITQK9G6hbHi6a3J4/o2D/D9P0FcusiMSrYxl BhV0qXF7nXtZ44a2gh2VhFB9DKhA==&downloadAs=Java_Update.exe&fallback_url=http://javadl.sun.com/webapps/.../AutoDL?BundleId=94214  (icreinstall_java_update.exe)

1 / 68      (PUP)
http://www.giftbundlesign.com/c?x=F9x6u2DoZ8J3aflzMzS4hHIieTtoUVfxLFcIGoC/ibA=&c= /godwy/eq4XlsVwWHG5WRegU0EEXKVgJn0TUe97sjW4G9aqIw4hZc3zrc41NU3mfWAzTbdS/ZpsWapES9QYsAs2OxTgR1wNwKjPGPte7i3ik07Vn9fkuqY8GquEaqTNFy6KhlGXg1qtVqJZYq1Rqg==&downloadAs=Java_Update.exe&fallback_url=http://javadl.sun.com/webapps/.../AutoDL?BundleId=94214  (icreinstall_java_update.exe)

The following 23 files have been seen to comunicate with www.giftbundlesign.com in live environments.

TCP » 52.38.209.219:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.33.46.229:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.33.46.229:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 52.38.209.219:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.38.209.219:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.38.209.219:80
browser.exe (Browser)

TCP » 52.33.46.229:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 52.33.46.229:80
Client.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.33.46.229:80
ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 52.33.46.229:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.33.46.229:80
browserair.exe (BrowserAir by Goobzo)

TCP » 52.38.209.219:80
3.9.0.128_20140916045038.exe (The KMPlayer by PandoraTV)

TCP » 52.38.209.219:80
e5be.tmp

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

TCP » 52.38.209.219:80
client.exe

 
Latest 20 of 59 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.