home

get.actknuckles.bid

Domain Information

Server location:
Washington, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
actknuckles.bid

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Adware.Bundler
100.00%

The domain get.actknuckles.bid has been seen to resolve to the following 8 IP addresses.

52.84.125.105
server-52-84-125-105.iad16.r.cloudfront.net
August 31, 2016

52.84.125.232
server-52-84-125-232.iad16.r.cloudfront.net
August 31, 2016

52.84.125.231
server-52-84-125-231.iad16.r.cloudfront.net
August 31, 2016

52.84.125.220
server-52-84-125-220.iad16.r.cloudfront.net
August 31, 2016

52.84.125.210
server-52-84-125-210.iad16.r.cloudfront.net
August 31, 2016

52.84.125.208
server-52-84-125-208.iad16.r.cloudfront.net
August 31, 2016

52.84.125.176
server-52-84-125-176.iad16.r.cloudfront.net
August 31, 2016

52.84.125.106
server-52-84-125-106.iad16.r.cloudfront.net
August 31, 2016

File downloads found at URLs served by get.actknuckles.bid.

1 / 68      (PUP)
http://get.actknuckles.bid/?9CMnbr1jUX1_PLUS_kAw6zlHhCeMr2B4x0cmn  (ghost master.exe)

The following 20 files have been seen to comunicate with get.actknuckles.bid in live environments.

TCP » 52.84.125.176:443
citrio.exe (Citrio by CatalinaGroup)

TCP » 52.84.125.231:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.210:443
browser.exe (Browser)

TCP » 52.84.125.105:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.210:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.105:443
online-guardian-v2.0.9.exe

TCP » 52.84.125.231:443
clearscreenplayerbrowser.exe

TCP » 52.84.125.210:80
Trezaa.Service.exe (Trezaa.Service by Microsoft)

TCP » 52.84.125.231:443
cpx.exe (Google Embedded Application)

TCP » 52.84.125.210:80
ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 52.84.125.210:80
browser.exe (Browser)

TCP » 52.84.125.231:80
Trezaa.Service.exe (Trezaa.Service by Microsoft)

TCP » 52.84.125.231:443
WeatherBug.exe (WeatherBug)

TCP » 52.84.125.231:443
apptrailers.exe

TCP » 52.84.125.232:443
Client.exe

TCP » 52.84.125.232:80
Mobogenie.exe (Mobogenie by Mobogenie.com)

TCP » 52.84.125.105:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.84.125.105:443
stormwatchapp.exe

TCP » 52.84.125.210:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 52.84.125.210:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

 
Latest 20 of 44 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.