cdn.bubbledock.com

Nosibay

Domain Information

The domain cdn.bubbledock.com registered by Nosibay was initially registered in February of 2008 through OVH. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dulles, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).
Registrar:
OVH

Server location:
Virginia, United States (US)

Create date:
Friday, February 08, 2008

Expires date:
Wednesday, February 08, 2017

Updated date:
Monday, January 18, 2016

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.SIENSA.M, PUP.Installer.SIENSA.V, PUP.Installer.NOSIBAY.Y, PUP.DealPly.I, PUP.DealPly.H, PUP.Installer.NOSIBAY.DD, PUP.Installer.NOSIBAY.S, PUP.NOSIBAY.Installer (M), PUP.Nosibay.Optional.Installer.Meta (M), PUP.BanyanTreeTechnology (M), PUP.50OnRed.Innovati.Installer (M)
100.00%

VIPRE Antivirus
Iminent, BubbleDock, Adware.DealPly, Trojan.Win32.Generic, Threat.4791953, Trojan.Win32.Generic!SB.0
63.27%

Malwarebytes
PUP.Optional.Iminent.A, PUP.Optional.BubbleDock.A, PUP.DealPly, PUP.Optional.DealPly.A, PUP.Optional.Nosibay.A
55.10%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h, Trojan.MSIL.Zapchast, AdWare.Agent
55.10%

Trend Micro House Call
TROJ_GEN.R047H05I913, TROJ_GEN.F47V1207, TROJ_GEN.F47V0818, TROJ_GEN.F47V1113, TROJ_GEN.R0CBOH0JC13, TROJ_GEN.F47V1218, TROJ_GEN.F47V0418, TROJ_GEN.F47V0724
42.86%

Dr.Web
Adware.Downware.1460, Adware.BGuard.13, Adware.Shopper.328, Adware.Downware.5766, Adware.Downware.9155, Adware.Downware.10519, Adware.Downware.9155
26.53%

ESET NOD32
Win32/DealPly, Win32/BubbleDock, Win32/BubbleDock.A potentially unwanted
26.53%

Rising Antivirus
Trojan.Win32.Generic.14C6884E, PE:Malware.XPACK/RDM!5.1, NS:Malware.Install!1.9F62, NS:Malware.Install!1.9F21
24.49%

McAfee
Artemis!D8329A33486C, Artemis!0DBC7B4EC641, Artemis!AF46B04A9F29, Artemis!361143759E70, Artemis!B100CAE8E6D4, Artemis!8D2654E8D396, Artemis!2032937BC62C
22.45%

AVG
Generic, MalSign.Generic
22.45%

McAfee Web Gateway
Artemis!2637537B957A, Artemis!0DBC7B4EC641, Artemis!AF46B04A9F29, Artemis!B100CAE8E6D4, Artemis!F6B11B9B7C1C, Artemis!52B30300D3DF
18.37%

AhnLab V3 Security
PUP/Win32.BubbleDock
18.37%

Bkav FE
W32.Clod19d.Trojan, W32.Clod55c.Trojan, W32.Clod16e.Trojan, W32.HfsAdware
16.33%

K7 AntiVirus
Unwanted-Program , Trojan , Riskware
16.33%

K7 Gateway Antivirus
Unwanted-Program , Trojan , Riskware
16.33%

The domain cdn.bubbledock.com has been seen to resolve to the following 164 IP addresses.

server-52-84-125-48.iad16.r.cloudfront.net
August 24, 2016

server-52-84-125-252.iad16.r.cloudfront.net
August 24, 2016

server-52-84-125-175.iad16.r.cloudfront.net
August 24, 2016

server-52-84-125-160.iad16.r.cloudfront.net
August 24, 2016

server-52-84-125-142.iad16.r.cloudfront.net
August 24, 2016

server-52-84-125-131.iad16.r.cloudfront.net
August 24, 2016

server-52-84-125-130.iad16.r.cloudfront.net
August 24, 2016

server-52-84-125-60.iad16.r.cloudfront.net
August 24, 2016

server-54-192-19-168.iad12.r.cloudfront.net
August 22, 2016

server-54-192-19-146.iad12.r.cloudfront.net
August 22, 2016

server-54-192-19-109.iad12.r.cloudfront.net
August 22, 2016

server-54-192-19-61.iad12.r.cloudfront.net
August 22, 2016

server-54-192-19-40.iad12.r.cloudfront.net
August 22, 2016

server-54-192-19-229.iad12.r.cloudfront.net
August 22, 2016

server-54-192-19-199.iad12.r.cloudfront.net
August 22, 2016

server-54-192-19-184.iad12.r.cloudfront.net
August 22, 2016

server-52-84-125-81.iad16.r.cloudfront.net
July 4, 2016

server-52-84-125-39.iad16.r.cloudfront.net
July 4, 2016

server-52-84-125-237.iad16.r.cloudfront.net
July 4, 2016

server-52-84-125-202.iad16.r.cloudfront.net
July 4, 2016

server-52-84-125-194.iad16.r.cloudfront.net
July 4, 2016

server-52-84-125-172.iad16.r.cloudfront.net
July 4, 2016

server-52-84-125-117.iad16.r.cloudfront.net
July 4, 2016

server-52-84-125-110.iad16.r.cloudfront.net
July 4, 2016

server-52-85-131-201.iad53.r.cloudfront.net
July 3, 2016

server-52-85-131-189.iad53.r.cloudfront.net
July 3, 2016

server-52-85-131-175.iad53.r.cloudfront.net
July 3, 2016

server-52-85-131-167.iad53.r.cloudfront.net
July 3, 2016

server-52-85-131-124.iad53.r.cloudfront.net
July 3, 2016

server-52-85-131-121.iad53.r.cloudfront.net
July 3, 2016

 
Showing 30 of 164 IP Addresses

File downloads found at URLs served by cdn.bubbledock.com.

1 / 68      (PUP)

1 / 68      (PUP)

2 / 68      (PUP)

16 / 68    (PUP)

18 / 68    (Adware)

8 / 68      (PUP)

8 / 68      (PUP)

1 / 68      (PUP)

1 / 68      (Adware)

1 / 68      (Adware)

5 / 68      (Adware)

6 / 68      (PUP)

1 / 68      (PUP)

3 / 68      (PUP)

8 / 68      (PUP)

2 / 68      (PUP)

11 / 68    (PUP)

4 / 68      (PUP)

10 / 68    (PUP)

19 / 68    (PUP)

8 / 68      (PUP)

11 / 68    (PUP)

4 / 68      (PUP)

6 / 68      (PUP)

1 / 68      (PUP)

5 / 68      (PUP)

1 / 68      (PUP)

8 / 68      (PUP)

5 / 68      (PUP)

 
Latest 30 of 55 download URLs

The following 256 files have been seen to comunicate with cdn.bubbledock.com in live environments.

 
Latest 20 of 541 files

URL:
http://cdn.bubbledock.com/

Network:
Amazon Cloudfront

Web server:
AmazonS3