» get.entityami.bid
Overview
Analysis
IPs Addresses (8)
Downloads (1)
Network (14)

get.entityami.bid

Domain Information

Server location:

Washington, United States (US)

ASN:

AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

Reason Heuristics

Adware.Bundler

100.00%

The domain get.entityami.bid has been seen to resolve to the following 8 IP addresses.

server-52-84-125-23.iad16.r.cloudfront.net

September 17, 2016

server-52-84-125-245.iad16.r.cloudfront.net

September 17, 2016

server-52-84-125-235.iad16.r.cloudfront.net

September 17, 2016

server-52-84-125-182.iad16.r.cloudfront.net

September 17, 2016

server-52-84-125-154.iad16.r.cloudfront.net

September 17, 2016

server-52-84-125-108.iad16.r.cloudfront.net

September 17, 2016

server-52-84-125-70.iad16.r.cloudfront.net

September 17, 2016

server-52-84-125-51.iad16.r.cloudfront.net

September 17, 2016

File downloads found at URLs served by get.entityami.bid.

1 / 68 (PUP)

http://get.entityami.bid/?hTHNF44ihxfraX2nXN6K_PLUS_C_SLASH_4FUmPFsD7 (autocad.exe.exe)

The following 14 files have been seen to comunicate with get.entityami.bid in live environments.

TCP » 52.84.125.23:80

TCP » 52.84.125.154:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.154:80

Mobogenie.exe (Mobogenie by Mobogenie.com)

TCP » 52.84.125.108:443

ManyCam.exe (ManyCam Virtual Webcam by Visicom Media)

TCP » 52.84.125.108:443

online-guardian-v2.0.9.exe

TCP » 52.84.125.154:80

Mobogenie.exe (Mobogenie by Mobogenie.com)

TCP » 52.84.125.154:443

online-guardian-v2.0.9.exe

TCP » 52.84.125.182:80

Trezaa.Service.exe (Trezaa.Service by Microsoft)

TCP » 52.84.125.23:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.108:443

scrubbing.exe (Scrubbing)

TCP » 52.84.125.182:443

ManyCam.exe (ManyCam Virtual Webcam by Visicom Media)

TCP » 52.84.125.23:80

browser.exe (Browser)

TCP » 52.84.125.23:443

stormwatchapp.exe

TCP » 52.84.125.23:443

online-guardian-v2.0.9.exe

TCP » 52.84.125.235:443

onlineguardian-v2.exe

TCP » 52.84.125.70:443

ManyCam.exe (ManyCam Virtual Webcam by Visicom Media)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.