» cdn.bubbledock.net
Overview
Analysis
IPs Addresses (39)
Downloads (6)
Network (27)
Website Detail

cdn.bubbledock.net

Nosibay

Domain Information

The domain cdn.bubbledock.net registered by Nosibay was initially registered in January of 2010 through OVH. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dulles, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).

Registrant:

Nosibay

Registrar:

OVH

Server location:

Virginia, United States (US)

Create date:

Friday, January 22, 2010

Expires date:

Sunday, January 22, 2017

Updated date:

Monday, January 18, 2016

ASN:

AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:

bubbledock.net

Whois:

2 bubbledock.net records

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

McAfee

Artemis!DCE50AB19831, Artemis!1625D12A0FA3, Artemis!B80241F8D24A, Artemis!89F8212D6EAB, Artemis!AFE87ED50398, Trojan.Artemis!484039B92DF4

100.00%

Trend Micro House Call

Suspici.E50E09E0, Suspicious_GEN.F47V1222, Suspicious_GEN.F47V0320, Suspicious_GEN.F47V0403, Suspicious_GEN.F47V0217, Suspicious_GEN.F47V0514

100.00%

Dr.Web

Adware.Downware.9155, Adware.Downware.10519, Adware.Downware.10519, Adware.Downware.9155

100.00%

VIPRE Antivirus

BubbleDock, Threat.4791953

100.00%

Reason Heuristics

PUP.Installer.NOSIBAY.Y, PUP.Installer.NOSIBAY.S

83.33%

AVG

Generic

83.33%

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

66.67%

Malwarebytes

PUP.Optional.BubbleDock.A, PUP.Optional.Nosibay.A

50.00%

ESET NOD32

Win32/BubbleDock, Win32/BubbleDock.A potentially unwanted

50.00%

Baidu Antivirus

PUA.Win32.BubbleDock

50.00%

Bkav FE

W32.HfsAdware

50.00%

AhnLab V3 Security

PUP/Win32.BubbleDock

33.33%

IKARUS anti.virus

PUA.BubbleDock

33.33%

herdProtect (fuzzy)

a variant of e5f582616edd6afaebba63cf45489ac60cdf855b, a variant of 25bb8f30a453504e14586428beba718818f27324

33.33%

K7 AntiVirus

Trojan , Riskware

33.33%

The domain cdn.bubbledock.net has been seen to resolve to the following 39 IP addresses.

52.85.131.106

server-52-85-131-106.iad53.r.cloudfront.net

July 17, 2016

52.85.131.83

server-52-85-131-83.iad53.r.cloudfront.net

July 17, 2016

52.85.131.230

server-52-85-131-230.iad53.r.cloudfront.net

July 17, 2016

52.85.131.207

server-52-85-131-207.iad53.r.cloudfront.net

July 17, 2016

52.85.131.195

server-52-85-131-195.iad53.r.cloudfront.net

July 17, 2016

52.85.131.160

server-52-85-131-160.iad53.r.cloudfront.net

July 17, 2016

52.85.131.156

server-52-85-131-156.iad53.r.cloudfront.net

July 17, 2016

52.85.131.136

server-52-85-131-136.iad53.r.cloudfront.net

July 17, 2016

52.85.142.172

server-52-85-142-172.iad12.r.cloudfront.net

May 18, 2016

52.85.142.169

server-52-85-142-169.iad12.r.cloudfront.net

May 18, 2016

52.85.142.124

server-52-85-142-124.iad12.r.cloudfront.net

May 18, 2016

52.85.142.98

server-52-85-142-98.iad12.r.cloudfront.net

May 18, 2016

52.85.142.35

server-52-85-142-35.iad12.r.cloudfront.net

May 18, 2016

52.85.142.31

server-52-85-142-31.iad12.r.cloudfront.net

May 18, 2016

52.85.142.14

server-52-85-142-14.iad12.r.cloudfront.net

May 18, 2016

52.85.142.186

server-52-85-142-186.iad12.r.cloudfront.net

May 18, 2016

54.240.160.230

server-54-240-160-230.iad12.r.cloudfront.net

February 22, 2016

54.240.160.214

server-54-240-160-214.iad12.r.cloudfront.net

February 22, 2016

54.240.160.190

server-54-240-160-190.iad12.r.cloudfront.net

February 22, 2016

54.240.160.185

server-54-240-160-185.iad12.r.cloudfront.net

February 22, 2016

54.240.160.178

server-54-240-160-178.iad12.r.cloudfront.net

February 22, 2016

54.240.160.161

server-54-240-160-161.iad12.r.cloudfront.net

February 22, 2016

54.240.160.51

server-54-240-160-51.iad12.r.cloudfront.net

February 22, 2016

54.240.160.252

server-54-240-160-252.iad12.r.cloudfront.net

February 22, 2016

54.192.195.10

server-54-192-195-10.iad53.r.cloudfront.net

February 8, 2016

54.192.195.209

server-54-192-195-209.iad53.r.cloudfront.net

February 8, 2016

54.192.195.197

server-54-192-195-197.iad53.r.cloudfront.net

February 8, 2016

54.192.195.120

server-54-192-195-120.iad53.r.cloudfront.net

February 8, 2016

54.192.195.91

server-54-192-195-91.iad53.r.cloudfront.net

February 8, 2016

54.192.195.67

server-54-192-195-67.iad53.r.cloudfront.net

February 8, 2016

Showing 30 of 39 IP Addresses

File downloads found at URLs served by cdn.bubbledock.net.

12 / 68 (PUP)

http://cdn.bubbledock.net/bootstrap/ca/BOO001/.../Install_BubbleDock.exe (setup_204628.exe)

11 / 68 (PUP)

http://cdn.bubbledock.net/setup/ca/.../62042.Bubble_Dock.BBD023.no.exe (dce50ab19831fd682f1bca06196cb417)

9 / 68 (PUP)

http://cdn.bubbledock.net/dld/update/2015_03_20/.../AddonsUI.exe (b80241f8d24acd250dd3d3d2d86e6dd1)

10 / 68 (PUP)

http://cdn.bubbledock.net/bootstrap/ca/BOO001/.../Install_BubbleDock.exe (1625d12a0fa3723676cdc14fc9f2fc74)

6 / 68 (PUP)

http://cdn.bubbledock.net/setup/ca/.../62773.Bubble_Suite.BBS001.no.exe (89f8212d6eab043f1af712a17c3970bc)

16 / 68 (PUP)

http://cdn.bubbledock.net/setup/ca/.../63100.Bubble_Dock.BBD023.no.exe (6cfc89e105878e4d0a6e1532dcbb0b46)

The following 27 files have been seen to comunicate with cdn.bubbledock.net in live environments.

TCP » 52.85.142.35:443

UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.195.197:443

online-guardian-v2.0.9.exe

TCP » 52.85.142.172:80

jingling.exe

TCP » 54.192.195.120:443

onlineguardian-v2.exe

TCP » 52.85.142.14:443

browser.exe (Browser)

TCP » 52.85.142.14:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.172:80

UCBrowser.exe (by UCWeb)

TCP » 52.85.142.31:80

browserairexec.exe (BrowserAir by Goobzo)

TCP » 52.85.142.98:443

UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.195.197:443

online-guardian-v2.0.9.exe

TCP » 52.85.142.186:443

browser.exe (Speed Browser by Long Mile Solutions)

TCP » 52.85.131.106:443

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.85.142.35:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.35:443

apptrailers.exe

TCP » 52.85.131.230:443

browser.exe (Browser)

TCP » 52.85.142.14:443

online-guardian-v2.0.9.exe

TCP » 52.85.142.172:443

lader.exe (Lader)

TCP » 52.85.142.186:80

client.exe (ClientWrapper)

TCP » 52.85.142.186:443

stormwatchbrowser.exe

TCP » 52.85.142.186:80

browser.exe (Browser)

Latest 20 of 55 files

URL:

http://cdn.bubbledock.net/

Network:

Amazon Cloudfront

Web server:

AmazonS3

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.