home

www.quickdownloadbundle.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
quickdownloadbundle.com

Scanner detections:
Detections  (75% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.InstallCore.iLightMe.Installer (M), PUP.InstallCore.RE11 (M), PUP.InstallCore.EST (M)
75.00%

Microsoft Security Essentials
Worm:Win32/NeksMiner.A
25.00%

F-Secure
Application:W32/Generic.70053c248f!Online
25.00%

Dr.Web
Adware.InstallCore.669
25.00%

ESET NOD32
Win32/InstallCore.ACY.gen potentially unwanted application
25.00%

The domain www.quickdownloadbundle.com has been seen to resolve to the following 10 IP addresses.

52.25.41.73
ec2-52-25-41-73.us-west-2.compute.amazonaws.com
May 20, 2016

52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
May 20, 2016

54.191.37.5
ec2-54-191-37-5.us-west-2.compute.amazonaws.com
April 18, 2016

54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
April 18, 2016

54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
April 18, 2016

54.69.11.66
ec2-54-69-11-66.us-west-2.compute.amazonaws.com
April 18, 2016

52.88.159.85
ec2-52-88-159-85.us-west-2.compute.amazonaws.com
April 18, 2016

52.35.10.15
ec2-52-35-10-15.us-west-2.compute.amazonaws.com
April 18, 2016

52.34.170.106
ec2-52-34-170-106.us-west-2.compute.amazonaws.com
April 18, 2016

52.26.95.11
ec2-52-26-95-11.us-west-2.compute.amazonaws.com
April 18, 2016

File downloads found at URLs served by www.quickdownloadbundle.com.

2 / 68      (false positives)
http://www.quickdownloadbundle.com/c?x=F0IgiEgYKI2g9vLh0pDbk9ns9vluYxZ0p2UXF5gpsIg=&c=vnPxhPnknZg4FUoL/1DZB0VXfIAA KXC1d5lmttgWHHWcsbcjGqDdXKH/oucYKmbSkBF1tVbav/G1hPoB4lRfHV uKOk244MI6JgUmBxFs4DCh8cTEo6xG/5QxwN67hz&downloadAs=flashplayer-win10&fallback_url=http://.../flashplayer19ax_ra_install.exe  (wrar420.exe)

1 / 68      (PUP)
http://www.quickdownloadbundle.com/WVl6OTRQWEZJSlRKR04zRjBTMUEzT0Rkd1NURnlhblZ0WVV4MmJHOWFPRTFRUTNOVloxUkdUSFJtZEVreWVFWkxWU1V6UkNaalBUbEtTalZYUkZoVlQyOWpjVXBZVkVwSGJHSkNOa1UwTWs1RmFWUnplSHAxTkZKR1UwdEthV1JxUWtaVU5WYzNRM0pEWTJSV1VHcDVVa3RwZGtaRmJIQk1aRTl1VTBsTVRVRmhObGMyWldwc1JtTjBTbXRsVDI5RFRUWllOalZSWlZOSE0yMTRNamRQU0hCdVZTVXlSbEJxYWtwUWVGaGpSVzFuWTFaUlVsWXdiM1l6Y1ZCM2FIZEVlVzFRZUVSWVpuSXpVQ1V5Um01VGFIY2xNMFFsTTBRbVpUMHdKbVJ2ZDI1c2IyRmtRWE05ZFZSdmNuSmxiblF1WlhobEptWmhiR3hpWVdOclgzVnliRDFvZEhSd0pUTkJKVEpHSlRKR2QybHVaRzkzY3pFd2NHOXlkR0ZzTG1OdmJTVXlSbVJoZEdFbE1rWmtiM2R1Ykc5aFpDMTFkRzl5Y21WdWRDVXlSbWx1YzNSaGJHeGxjaVV5Um5WVWIzSnlaVzUwTG1WNFpRPT0=  (utorrent.exe)

3 / 68      (PUP)
http://www.quickdownloadbundle.com/c?x=Qj Mp/VvfKYigE0IpmzmjO/LzKKwDpcxfaMfS5nJU0s=&c=BabcUSIMPbd8S3aqoAIK44k9rjYdMQtCFUyTl32qLbjZ3bzWUScfT2hAYg1naYVCCZQDXFYCPeF0n4iEkPpj4x1t5N0vD2nAXQGLuvJcYBRxMyhwx0AVkAp25kxe5/Iwm/sR23nJ3gI9UQz9PLoWfZ2m3qWASq16QDytuX2s20QAlu0vhUOpN0IgNLB 7uZW&e=0&downloadAs=sogou-pinyin-62d.exe&fallback_url=http://qpdownload.com/data/sogou-pinyin/.../sogou-pinyin-62d.exe  (dd0f440a5f93ed15baaf861be453cc8f)

1 / 68      (PUP)
http://www.quickdownloadbundle.com/c?x=r37ko1qG7L5mB//Tvqkji61/UH1wtajC9H ojx/DeyI=&c=GfxP3a4N1Zw9KbCwBpU9iC86yqceLxDqxH7/nB/zt6ZMpsr39HZHwlg7cYgkNty /eF2JMBM9zz9M/oCHHpZxEhfzdp0qUswkbsi/ZLwzruVD3VR7/iVYu/Qn gOFmLhTZ aqRWa0XmCI7P6K6 vrpH4FAU0fPMFU2xPeFSdMopShsm81wGPCLloAnJOpMbA&e=0&downloadAs=setup.exe&fallback_url=http://qpdownload.com/data/paltalk/.../pal-install-r86012.exe  (fd740d2a5f39674a3e44fa26f3c72cb2)

The following 6 files have been seen to comunicate with www.quickdownloadbundle.com in live environments.

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.