home

get.ambulanceb.bid

Domain Information

Server location:
Washington, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
ambulanceb.bid

Scanner detections:
Detections  (57% detected)

Scan engine
Details
Detections

Reason Heuristics
Adware.Downloader
100.00%

The domain get.ambulanceb.bid has been seen to resolve to the following 32 IP addresses.

52.85.131.143
server-52-85-131-143.iad53.r.cloudfront.net
August 15, 2016

52.85.131.78
server-52-85-131-78.iad53.r.cloudfront.net
August 15, 2016

52.85.131.68
server-52-85-131-68.iad53.r.cloudfront.net
August 15, 2016

52.85.131.42
server-52-85-131-42.iad53.r.cloudfront.net
August 15, 2016

52.85.131.32
server-52-85-131-32.iad53.r.cloudfront.net
August 15, 2016

52.85.131.21
server-52-85-131-21.iad53.r.cloudfront.net
August 15, 2016

52.85.131.16
server-52-85-131-16.iad53.r.cloudfront.net
August 15, 2016

52.85.131.160
server-52-85-131-160.iad53.r.cloudfront.net
August 15, 2016

54.192.19.178
server-54-192-19-178.iad12.r.cloudfront.net
August 15, 2016

54.192.19.160
server-54-192-19-160.iad12.r.cloudfront.net
August 15, 2016

54.192.19.96
server-54-192-19-96.iad12.r.cloudfront.net
August 15, 2016

54.192.19.58
server-54-192-19-58.iad12.r.cloudfront.net
August 15, 2016

54.192.19.57
server-54-192-19-57.iad12.r.cloudfront.net
August 15, 2016

54.192.19.47
server-54-192-19-47.iad12.r.cloudfront.net
August 15, 2016

54.192.19.31
server-54-192-19-31.iad12.r.cloudfront.net
August 15, 2016

54.192.19.225
server-54-192-19-225.iad12.r.cloudfront.net
August 15, 2016

52.84.125.96
server-52-84-125-96.iad16.r.cloudfront.net
August 14, 2016

52.84.125.82
server-52-84-125-82.iad16.r.cloudfront.net
August 14, 2016

52.84.125.13
server-52-84-125-13.iad16.r.cloudfront.net
August 14, 2016

52.84.125.207
server-52-84-125-207.iad16.r.cloudfront.net
August 14, 2016

52.84.125.190
server-52-84-125-190.iad16.r.cloudfront.net
August 14, 2016

52.84.125.173
server-52-84-125-173.iad16.r.cloudfront.net
August 14, 2016

52.84.125.168
server-52-84-125-168.iad16.r.cloudfront.net
August 14, 2016

52.84.125.97
server-52-84-125-97.iad16.r.cloudfront.net
August 14, 2016

54.192.19.81
server-54-192-19-81.iad12.r.cloudfront.net
August 14, 2016

54.192.19.42
server-54-192-19-42.iad12.r.cloudfront.net
August 14, 2016

54.192.19.18
server-54-192-19-18.iad12.r.cloudfront.net
August 14, 2016

54.192.19.195
server-54-192-19-195.iad12.r.cloudfront.net
August 14, 2016

54.192.19.189
server-54-192-19-189.iad12.r.cloudfront.net
August 14, 2016

54.192.19.148
server-54-192-19-148.iad12.r.cloudfront.net
August 14, 2016

 
Showing 30 of 32 IP Addresses

File downloads found at URLs served by get.ambulanceb.bid.

0 / 68
http://get.ambulanceb.bid/?PKOrsmnjb0arARQSmyMeonQ_PLUS_2MlEnNIzaDXJK_SLASH_IJA85WVuM5RDs4ZQ_EQUALS__EQUALS_&flp=1  (age of empires 2- the age of kings.rar)

0 / 68
http://get.ambulanceb.bid/?PKOrsmnjb0bzkZEKOBxnBBN_PLUS_rpyjmEmOmN_PLUS_ce9MdvydWVuM5RDs4ZQ_EQUALS__EQUALS_&flp=1  (win7 activation another windows 7 permanent activator.rar)

1 / 68      (PUP)
http://get.ambulanceb.bid/?8W6ZkPiXwc_PLUS_rklHUrgbPrUl3ncydiHY_PLUS_  (44c01868-aa47-7034-bed2-1264412e2080_1d1e07681d94763)

1 / 68      (PUP)
http://get.ambulanceb.bid/?dPZQVXi_PLUS_w2FAzKZvPaXtP3nYnqG9WspC  (ae0c4b48-382c-1919-90e3-d14e68c9a373_1d1e07756755fdb)

0 / 68
http://get.ambulanceb.bid/?PKOrsmnjb0Z2c_SLASH_Ca87BNiJ6VGshRMKYTG1dRwzfbcD5WVuM5RDs4ZQ_EQUALS__EQUALS_&flp=1  (c166d83b-d2bd-9869-8ba8-eb512af189ff_1d1dfe2552e3c43)

1 / 68      (PUP)
http://get.ambulanceb.bid/?bZilQ4_SLASH_W4DAMCkLv_PLUS_tcM_SLASH_yEv_SLASH_NdVb7_PLUS_5  (c7d6036e-1310-9e68-efc9-1008c61b5dfb_1d1e07250b50873)

1 / 68      (PUP)
http://get.ambulanceb.bid/?xZsqX23HMHq0QB_SLASH_8KPJ3VLMxk_SLASH_tuWcFZ  (fa1a8fda-8f77-4f16-7442-567fafda4181_1d1e0726d1af0d1)

The following 215 files have been seen to comunicate with get.ambulanceb.bid in live environments.

TCP » 52.84.125.173:443
Client.exe

TCP » 54.192.19.148:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.192.19.160:80
uvconverter.exe (TODO: <Product name> by TODO: <Company name>)

TCP » 54.192.19.148:80
notification.exe

TCP » 54.192.19.132:443
new_chrome.exe (1stBrowser by The 1stBrowser Authors)

TCP » 54.192.19.57:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 54.192.19.58:80
smu.exe (W by Search Module)

TCP » 54.192.19.58:80
smu.exe (W by Search Module)

TCP » 54.192.19.31:80
saber.exe

TCP » 54.192.19.31:80
safwaf.exe

TCP » 54.192.19.195:443
jingling.exe

TCP » 54.192.19.148:80
saber.exe

TCP » 54.192.19.178:80
uvconverter.exe

TCP » 54.192.19.58:80
browser.exe (Browser)

TCP » 54.192.19.18:80
uvconverter.exe

TCP » 54.192.19.57:443
online-guardian-v2.0.9.exe

TCP » 54.192.19.57:80
ed2k.exe (aMule by http://www.amule.org/)

TCP » 52.84.125.207:443
browserairexec.exe (BrowserAir by Goobzo)

TCP » 54.192.19.58:80
Mobogenie.exe (Mobogenie by Mobogenie.com)

TCP » 52.84.125.97:80
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

 
Latest 20 of 369 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.