home

get.nastyfound.bid

Domain Information

Server location:
Virginia, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
nastyfound.bid

The domain get.nastyfound.bid has been seen to resolve to the following 20 IP addresses.

54.230.193.30
server-54-230-193-30.iad53.r.cloudfront.net
September 1, 2016

54.230.193.212
server-54-230-193-212.iad53.r.cloudfront.net
September 1, 2016

54.230.193.184
server-54-230-193-184.iad53.r.cloudfront.net
September 1, 2016

54.230.193.122
server-54-230-193-122.iad53.r.cloudfront.net
September 1, 2016

54.230.193.103
server-54-230-193-103.iad53.r.cloudfront.net
September 1, 2016

54.230.193.91
server-54-230-193-91.iad53.r.cloudfront.net
September 1, 2016

54.230.193.51
server-54-230-193-51.iad53.r.cloudfront.net
September 1, 2016

54.230.193.47
server-54-230-193-47.iad53.r.cloudfront.net
September 1, 2016

52.84.125.241
server-52-84-125-241.iad16.r.cloudfront.net
August 20, 2016

52.84.125.192
server-52-84-125-192.iad16.r.cloudfront.net
August 20, 2016

52.84.125.143
server-52-84-125-143.iad16.r.cloudfront.net
August 20, 2016

52.84.125.123
server-52-84-125-123.iad16.r.cloudfront.net
August 20, 2016

52.84.125.32
server-52-84-125-32.iad16.r.cloudfront.net
August 19, 2016

52.84.125.253
server-52-84-125-253.iad16.r.cloudfront.net
August 19, 2016

52.84.125.243
server-52-84-125-243.iad16.r.cloudfront.net
August 19, 2016

52.84.125.230
server-52-84-125-230.iad16.r.cloudfront.net
August 19, 2016

52.84.125.215
server-52-84-125-215.iad16.r.cloudfront.net
August 19, 2016

52.84.125.120
server-52-84-125-120.iad16.r.cloudfront.net
August 19, 2016

52.84.125.83
server-52-84-125-83.iad16.r.cloudfront.net
August 19, 2016

52.84.125.80
server-52-84-125-80.iad16.r.cloudfront.net
August 19, 2016

File downloads found at URLs served by get.nastyfound.bid.

0 / 68
http://get.nastyfound.bid/?PKOrsmnjb0YUfHbeZG_SLASH_Gn7zer2SZL6Qyj8dZS6SxB2dWVuM5RDs4ZQ_EQUALS__EQUALS_&flp=1  (the.forest.v0.31b.rar)

0 / 68
http://get.nastyfound.bid/?PKOrsmnjb0Zmt3mDwi40As5KeCkD_SLASH_855_PLUS_KcDVmzrg7s_EQUALS_&flp=1  (52d3e327-53ae-c528-0fca-c913e191daf0_1d1e4379dcec714)

3 / 68      (PUP)
http://get.nastyfound.bid/?MFto9GBcUTmVAn6GGBAvp8uqHo_SLASH_CcUS2  (meatloaf storytellers avi.exe)

The following 12 files have been seen to comunicate with get.nastyfound.bid in live environments.

TCP » 52.84.125.143:443
UCBrowser.exe (by UCWeb)

TCP » 52.84.125.80:80
beamrise.exe (Beamrise by The Beamrise Authors)

TCP » 52.84.125.120:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.143:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.120:443
APK2Mobile.exe (TODO: <Product name> by TODO: <Company name>)

TCP » 52.84.125.120:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.80:443
online-guardian-v2.0.9.exe

TCP » 52.84.125.215:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.241:443
browser.exe (Browser)

TCP » 52.84.125.83:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.120:80
iminent browser.exe (Iminent Browser by The Iminent Browser Authors)

TCP » 52.84.125.253:80
Trezaa.Service.exe (Trezaa.Service by Microsoft)

TCP » 52.84.125.80:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.84.125.83:80
parishoners.exe (Parishoners)

TCP » 52.84.125.120:80
nflbills.crx

TCP » 52.84.125.120:443
online-guardian-v2.0.9.exe

TCP » 52.84.125.192:443
online-guardian-v2.0.9.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.