home

a.appbluebar.work

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
appbluebar.work

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Win.Reputation.IMP
100.00%

Emsisoft Anti-Malware
Gen:Variant.Adware.Mplug.47
33.33%

ESET NOD32
Win32/Adware.MultiPlug.MI application
33.33%

Lavasoft Ad-Aware
Gen:Variant.Adware.Mplug.47
33.33%

Dr.Web
Trojan.PWS.Qqpass.11207
33.33%

F-Secure
Gen:Variant.Adware.Mplug
33.33%

Norman
Gen:Variant.Adware.Mplug.47
33.33%

MicroWorld eScan
Gen:Variant.Adware.Mplug.47
33.33%

McAfee
Multiplug-FAD
33.33%

Malwarebytes
PUP.Optional.MultiPlug
33.33%

Zillya! Antivirus
Adware.MultiPlugGen.Win32.3
33.33%

K7 AntiVirus
Adware
33.33%

Arcabit
Trojan.Adware.Mplug.47
33.33%

NANO AntiVirus
Trojan.Win32.Qqpass.dstahs
33.33%

avast!
Win32:Rootkit-gen [Rtk]
33.33%

The domain a.appbluebar.work has been seen to resolve to the following 6 IP addresses.

52.27.128.62
ec2-52-27-128-62.us-west-2.compute.amazonaws.com
April 4, 2016

52.27.128.59
ec2-52-27-128-59.us-west-2.compute.amazonaws.com
April 4, 2016

52.27.128.56
ec2-52-27-128-56.us-west-2.compute.amazonaws.com
April 4, 2016

52.10.67.234
ec2-52-10-67-234.us-west-2.compute.amazonaws.com
July 1, 2015

52.26.142.209
ec2-52-26-142-209.us-west-2.compute.amazonaws.com
July 1, 2015

52.11.167.137
ec2-52-11-167-137.us-west-2.compute.amazonaws.com
July 1, 2015

File downloads found at URLs served by a.appbluebar.work.

1 / 68      (Malware)
http://a.appbluebar.work/hp/?q=Kik79wDP6dbXxTVNPRx tyYplN/z5s9fq2Yroaa0FrLlOjw4S084LaqFkZXHTBN/mqriVemUgW3tEDxWeLi26Le17vHqpP7HbyRfy77Xzb757sgiP1oGUC1nQxPAnHPjMkUz1ADXwJw2 9wabkZl/GDp40Ps2LqQjpq0jezNffdj6W/kw37S0NpvnEBuchKsjiHZYxFA7AmzXFvJWo69HsgkL12chQYWQ2jB0Jyc mP3CFx1eOmNZQirceh02xCQiBT78GyTf3CWu9nVtUOUppOf7scna/BuYPCzwN/htmxQGPll57WNfuS7F7GyW9bXxivnJIeYDnVxfnwQW7AK qQBRvQJVkxzpLEsMaU7NQQfVZIwFzz7nz53/.../AvKr9kPxXkI2s7HBCSfDZzeAlYJ8kXO8yw  (7 libros para -jvenes- cristianos.exe)

1 / 68      (Malware)
http://a.appbluebar.work/hp/?q=9VhCWolf/vjbiNPRJLt2KvdLZ3zW4teaOEsbV9Eh9PpwkfwJVsYW0RUdSFL ALuczGZuA7TV4FpbvPGvWR oMXGqPi9MymrE7g7pPFV/eXgW5kqTth UeWzArP17I8qYKhAlAAJl8eyTAOlXH1g0L8h7qpIFkkKZfHeZJ9fBzi6my2zG/9jwqwGywrO4zfH9q/Mh14oxpyHnOp0ubChfill1H1Rz5qirtDU76MvNPzfr1Gq7R5I5iQ2XTkZmYOR3lAOzTgQdYQ I/FsLDjMfpWU1/rJL3CaEYd0pnIJ7ugjE5IHyVY51QoOVyVBc66kU4IBUoC1fVMmAicPXH/3hmKPf3YgC9mYS3cq4KmaaZClgQwBoxMZzxwiQ2rX0afahR4pfQsHavDiD7/bKRkZtI giBPzkHlBqduXrnKJjpOU7JYPBjg8uO/KLxQnuzERb2TnN u9/FbqvVb04/cbSumFGbNVzmhRsnEqoeS6RNnJ0/StHu050EwlTxfTxAyuTWuDTCLjMA3j3XTCTXq9ryOIvKMEzORKnI8mGwJ sJhA25kHGi3XEA4s5KZ3h1dCo7mBgy97MVkzCQ6S9P9jdrRLz4mFn32ujpaQthx36IatUY4lCZkol4 He7FhFivemt2PqiK8zm2ddivEIcEXaoke 8Mi31zSbcx0EzYxVyCv68Bqcmy jI1JUghcWE9c T 9czcFH0bKRSul5i795Tpf G/.../ucgtI j0ns8qpkjOuu06ItpAly  (download.exe)

23 / 68    (PUP)
http://a.appbluebar.work/hp/?q=s0qd 8Q snSGpZTVNP FfT/xAxoVJjxXBJo8YVuctZMYZXGWWVGZLA8yPOkGXwTvD4LnSAfu0JGykX95MWE0vlf2OSkhpM3FM0/lrdkG uJ9HmkiDWcSFFM0hbSaRUo8W6rPmcz9sKVrZB8axIB7uug eDHRmeAMAGc8IlsxjxOoC4xOtji1ESvjThrwhooiHMLMQ9rUbo2jcMgKGoof8QgmUgWpZBM7W1iDQNWcTNlIBknlm NcW1s15zMKJ5QRpZXAeIXp6TZzDTEj3GK9NM10omQhOvK4dc0GmMCkanYkRR1CUA0FzrWj3YygmYoB1YtG2ZYGBMPnNlx9walVN0Yj568jQYmKyHCbqIc7hM/GncgxL/.../SD6kVxziyktRUx9CcW5ob6y  (swtor cartel coins generator.exe)

The following 2 files have been seen to comunicate with a.appbluebar.work in live environments.

TCP » 52.11.167.137:80
download.exe

TCP » 52.27.128.56:80
updating.exe

TCP » 52.27.128.59:80
download.exe

TCP » 52.27.128.62:80
updating.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.