home

www.ranchbundleshead.com

Domain Information

Server location:
Washington, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
ranchbundleshead.com

Scanner detections:
Malware distribution  (74% detected)

Scan engine
Details
Detections

ESET NOD32
Win32/InstallCore.AFN.gen potentially unwanted application, Win32/InstallCore.ACY.gen potentially unwanted application, Win32/InstallCore.AFY potentially unwanted application, Win32/Sality.NBA virus
77.78%

avast!
Win32:Malware-gen, Win32:Sality, Win32:SaliCode, Win32:VB-OJQ [Wrm], Win32:Kukacka, Win32:Agent-AODJ [Trj]
72.22%

F-Prot
W32/Sality.gen2, W32/VB.AD.gen, W32/Heuristic-CO3!Eldorado (not disinfectable)
66.67%

Dr.Web
Trojan.InstallCore.1681, Trojan.InstallCore.978, Win32.Sector.30, Trojan.Siggen6.54687
61.11%

McAfee
Artemis!0FD3D2207301, Artemis!0756591F5975, Artemis!57C8EDE2C92A, Trojan.Artemis!0FD3D2207301, Trojan.RDN/Generic Downloader.x
61.11%

Microsoft Security Essentials
Threat.Undefined
61.11%

Kaspersky
Virus.Win32.Sality, Trojan.Win32.Swisyn
55.56%

Norman
Win32.Sality.3
50.00%

AVG
Win32/Sality
44.44%

Emsisoft Anti-Malware
Trojan.Generic.6753864, Win32.Sality
38.89%

Reason Heuristics
PUP.installCore (M), Adware.Bundler (M)
33.33%

VIPRE Antivirus
Threat.4150696, Trojan.Win32.Generic, Threat.4721115, Threat.4763461, Threat.4775899
33.33%

F-Secure
Win32.Sality.3, Trojan.Generic.6753864
27.78%

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F], PE:Malware.Generic(Thunder)!1.A1C4 [F]
22.22%

AhnLab V3 Security
PUP/Win32.Downloader
16.67%

The domain www.ranchbundleshead.com has been seen to resolve to the following 91 IP addresses.

54.230.193.56
server-54-230-193-56.iad53.r.cloudfront.net
September 3, 2016

54.230.193.41
server-54-230-193-41.iad53.r.cloudfront.net
September 3, 2016

54.230.193.21
server-54-230-193-21.iad53.r.cloudfront.net
September 3, 2016

54.230.193.4
server-54-230-193-4.iad53.r.cloudfront.net
September 3, 2016

54.230.193.241
server-54-230-193-241.iad53.r.cloudfront.net
September 3, 2016

54.230.193.124
server-54-230-193-124.iad53.r.cloudfront.net
September 3, 2016

54.230.193.121
server-54-230-193-121.iad53.r.cloudfront.net
September 3, 2016

54.230.193.93
server-54-230-193-93.iad53.r.cloudfront.net
September 3, 2016

52.85.131.43
server-52-85-131-43.iad53.r.cloudfront.net
August 3, 2016

52.85.131.230
server-52-85-131-230.iad53.r.cloudfront.net
August 3, 2016

52.85.131.209
server-52-85-131-209.iad53.r.cloudfront.net
August 3, 2016

52.85.131.183
server-52-85-131-183.iad53.r.cloudfront.net
August 3, 2016

52.85.131.131
server-52-85-131-131.iad53.r.cloudfront.net
August 3, 2016

52.85.131.113
server-52-85-131-113.iad53.r.cloudfront.net
August 3, 2016

52.85.131.78
server-52-85-131-78.iad53.r.cloudfront.net
August 3, 2016

52.84.125.191
server-52-84-125-191.iad16.r.cloudfront.net
July 29, 2016

52.84.125.186
server-52-84-125-186.iad16.r.cloudfront.net
July 29, 2016

52.84.125.161
server-52-84-125-161.iad16.r.cloudfront.net
July 29, 2016

52.84.125.112
server-52-84-125-112.iad16.r.cloudfront.net
July 29, 2016

52.84.125.46
server-52-84-125-46.iad16.r.cloudfront.net
July 29, 2016

52.84.125.25
server-52-84-125-25.iad16.r.cloudfront.net
July 29, 2016

52.84.125.195
server-52-84-125-195.iad16.r.cloudfront.net
July 29, 2016

52.84.125.193
server-52-84-125-193.iad16.r.cloudfront.net
July 29, 2016

52.85.131.232
server-52-85-131-232.iad53.r.cloudfront.net
July 14, 2016

52.85.131.141
server-52-85-131-141.iad53.r.cloudfront.net
July 14, 2016

52.85.131.127
server-52-85-131-127.iad53.r.cloudfront.net
July 14, 2016

52.85.131.104
server-52-85-131-104.iad53.r.cloudfront.net
July 14, 2016

52.85.131.56
server-52-85-131-56.iad53.r.cloudfront.net
July 14, 2016

52.85.131.22
server-52-85-131-22.iad53.r.cloudfront.net
July 14, 2016

52.85.131.245
server-52-85-131-245.iad53.r.cloudfront.net
July 14, 2016

 
Showing 30 of 91 IP Addresses

File downloads found at URLs served by www.ranchbundleshead.com.

0 / 68
http://www.ranchbundleshead.com/.../installer.exe  (22e65383954565bb3a85df93ad8c657b)

9 / 68      (Infected)
http://www.ranchbundleshead.com/.../installer.exe  (0d35248bb8d45b4c8e07c3fe076893f9)

9 / 68      (Infected)
http://www.ranchbundleshead.com/.../installer.exe  (c2ebad314cce4f73976892844f4a8e23)

5 / 68      (Malware)
http://www.ranchbundleshead.com/.../installer.exe  (3dbfccd0f46b6aa544b0f0ce940b936b)

0 / 68
http://www.ranchbundleshead.com/.../installer.exe  (flashplayer20ax_db_install.exe)

10 / 68    (Malware)
http://www.ranchbundleshead.com/.../installer.exe  (5e2e87bbd5064b594ae32c384a712b19)

12 / 68    (Infected)
http://www.ranchbundleshead.com/.../installer.exe  (3ec49e6a3c9c7269e007a17f9a90b95a)

0 / 68
http://www.ranchbundleshead.com/.../installer.exe  (4c04ee1117e4e28e9e0987b6ce408341)

1 / 68      (PUP)
http://www.ranchbundleshead.com/.../installer.exe  (367b125e1c93807b9a226bde1fd9b91d)

10 / 68    (Infected)
http://www.ranchbundleshead.com/.../installer.exe  (171e42e783d3dea00d8b441620ae448e)

8 / 68      (Infected)
http://www.ranchbundleshead.com/.../installer.exe  (396b902cdc824e57297031998e8455a7)

1 / 68
http://www.ranchbundleshead.com/.../installer.exe  (0fd3d2207301676339aaa81e7fd86f3c)

10 / 68    (Malware)
http://www.ranchbundleshead.com/.../installer.exe  (3635acd47ab1ddf3098b15ef17a370f7)

11 / 68    (Infected)
http://www.ranchbundleshead.com/.../installer.exe  (1c9ddffc6cffba25b3361b2e4bbbb772)

6 / 68      (PUP)
http://www.ranchbundleshead.com/.../installer.exe  (57c8ede2c92aefd75a3ee7e6d3aa4370)

10 / 68    (Malware)
http://www.ranchbundleshead.com/.../installer.exe  (898b7b47ca75af9763b5333b266aa9e4)

17 / 68    (PUP)
http://www.ranchbundleshead.com/.../installer.exe  (0756591f597552415e42b0781d2e4811)

11 / 68    (Infected)
http://www.ranchbundleshead.com/.../installer.exe  (d41377cb07fd9da9be238e68c2e12e98)

3 / 68      (PUP)
http://www.ranchbundleshead.com/.../installer.exe  (98c517d9c2b537466dfd6045ace31681)

1 / 68      (Malware)
http://www.ranchbundleshead.com/.../installer.exe  (fbd92a08b7ee9b292b0e17134cb4377e)

0 / 68
http://www.ranchbundleshead.com/.../installer.exe  (6f413f7c39f63e309a1cb5697b6fbf41)

10 / 68    (PUP)
http://www.ranchbundleshead.com/.../installer.exe  (0fd3d2207301676339aaa81e7fd86f3c)

0 / 68
http://www.ranchbundleshead.com/.../installer.exe  (97b458709201d43421f6e778ae337fdc)

The following 76 files have been seen to comunicate with www.ranchbundleshead.com in live environments.

TCP » 52.84.125.146:443
browserairexec.exe (BrowserAir by Goobzo)

TCP » 52.85.142.51:443
UCBrowser.exe (by UCWeb)

TCP » 52.85.142.214:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.186:80
se.exe

TCP » 52.85.142.216:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.179:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.18:80
jingling.exe

TCP » 52.85.142.79:80
browser.exe (Browser)

TCP » 52.85.142.135:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.214:443
jingling.exe

TCP » 52.85.142.216:80
Mobogenie.exe (Mobogenie by Mobogenie.com)

TCP » 52.85.131.30:443
browser.exe (Browser)

TCP » 52.85.142.232:80
mobogenieP2sp.exe (mobogenie by mobogenie.com)

TCP » 52.84.125.25:80
crossbrowse.exe (Crossbrowse)

TCP » 52.85.142.216:80
Mobogenie.exe (Mobogenie by Mobogenie.com)

TCP » 52.85.142.18:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.214:80
browser.exe (Browser)

TCP » 52.84.125.112:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.188:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.40:443
UCBrowser.exe (UC Browser by UCWeb)

 
Latest 20 of 221 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.