home

dl.bluelabs.net

Blue Labs, LLC

Domain Information

The domain dl.bluelabs.net registered by Blue Labs, LLC was initially registered in June of 2005 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in San Francisco, California within the United States which resides on the Amazon.com, Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Northern California) region datacenter.
Registrar:
GODADDY.COM, LLC

Server location:
California, United States (US)

Create date:
Friday, June 24, 2005

Expires date:
Friday, June 24, 2016

Updated date:
Thursday, October 30, 2014

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
bluelabs.net

Whois:
1 bluelabs.net record

Scanner detections:
Detections  (93% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Optional.BlueLabs, PUP.Optional.Installer, PUP.Optional.BlueLabs.Installer, Threat.Win.Reputation.IMP
93.02%

avast!
MSIL:GenMalicious-CY [Trj], Win32:VB-OJQ [Wrm], Win32:Agent-AODJ [Trj]
9.30%

Dr.Web
Trojan.SMSSend.5757, Adware.Downware.11071, Trojan.Siggen6.54687, Trojan.Inject1.28681
9.30%

herdProtect (fuzzy)
a variant of a9705400a33cf4b95b53495fcca0aee3b107aa26, a variant of 4be5d79f7f6bf5e007ec4b8a27ebefde9e8962e7, a variant of 1fdefa3580797c255c4e15748e0e1bd96b8b64cc
6.98%

F-Prot
W32/VB.AD.gen, W32/Renamer.A.gen, W32/Autorun.ZF
6.98%

ESET NOD32
Win32/VB.OSK trojan, Win32/Delf.NRJ worm, Win32/AutoRun.Delf.LV worm
6.98%

Microsoft Security Essentials
Threat.Undefined
4.65%

F-Secure
Trojan.Generic.6753864
2.33%

VIPRE Antivirus
Threat.4763461
2.33%

Norman
Trojan.Generic.6753864
2.33%

Sophos
Virus 'W32/Mofksys-B'
2.33%

McAfee
Virus.W32/Swisyn.ag
2.33%

The domain dl.bluelabs.net has been seen to resolve to the following 2 IP addresses.

54.183.41.226
ec2-54-183-41-226.us-west-1.compute.amazonaws.com
May 5, 2015

54.193.124.252
ec2-54-193-124-252.us-west-1.compute.amazonaws.com
May 5, 2015

File downloads found at URLs served by dl.bluelabs.net.

2 / 68      (Malware)
http://dl.bluelabs.net/download?product=openfreely&type=bundle|dsp|dhp&browser=chrome&bundleid=deskbarbl&trafficsource=shell&campaign=openfreely_shell  (openfreely.exe)

0 / 68
http://dl.bluelabs.net/download?product=freeeditor&type=bundle|dsp|dhp&browser=chrome&bundleid=deskbarnx&trafficsource=shell&campaign=freeeditor_shell  (freeeditor.exe)

1 / 68      (PUP)
http://dl.bluelabs.net/download?product=freeeditor&type=dhp&browser=chrome&bundleid=deskbarnx&trafficsource=shell&campaign=freeeditor_shell  (freeeditor.exe)

1 / 68      (PUP)
http://dl.bluelabs.net/download?product=freeopener&type=bundle|dsp|dhp&browser=chrome&bundleid=deskbarbl&trafficsource=shell&campaign=freeopener_shell  (freeopener.exe)

1 / 68      (Malware)
http://dl.bluelabs.net/download?product=freevideoplayer&type=bundle|dsp|dhp&browser=chrome&bundleid=deskbarnx&trafficsource=shell&campaign=freevideoplayer_shell  (freevideoplayer.exe)

1 / 68      (PUP)
http://dl.bluelabs.net/download?product=openfreely&type=bundle&browser=chrome&bundleid=deskbarbl&trafficsource=shell&campaign=openfreely_shell  (openfreely.exe)

1 / 68      (PUP)
http://dl.bluelabs.net/download?product=freeopener&type=dsp&browser=chrome&bundleid=deskbarbl&trafficsource=shell&campaign=freeopener_shell  (freeopener.exe)

1 / 68      (PUP)
http://dl.bluelabs.net/download.php?product=freeeditor_wd&type=both  (freeeditor.exe)

1 / 68      (PUP)
http://dl.bluelabs.net/download?product=iphotoeditor&type=bundle&browser=chrome&bundleid=lavasoft&trafficsource=adwords&campaign=iPhotoEditor-Search  (pspx7.3-installer.exe)

1 / 68      (PUP)
http://dl.bluelabs.net/download.php?product=freeviewer_wd&type=both  (freeviewer.exe)

2 / 68      (PUP)
http://dl.bluelabs.net/download.php?product=freeeditor  (freeeditor_setup.exe)

1 / 68      (PUP)
http://dl.bluelabs.net/download.php?product=freevideoplayer  (freevideoplayer_setup.exe)

1 / 68      (PUP)
http://dl.bluelabs.net/download.php?product=freeeditor_wd&type=none  (freeeditor.exe)

1 / 68      (PUP)
http://dl.bluelabs.net/download?product=ivideoplayer&type=bundle&browser=chrome&bundleid=lavasoft&trafficsource=adwords&campaign=iVideoPlayer-Content  (ivideoplayer.exe)

1 / 68      (PUP)
http://dl.bluelabs.net/download?product=freeopener&type=bundle&browser=chrome&bundleid=deskbarbl&trafficsource=shell&campaign=freeopener_shell  (freeopener.exe)

1 / 68      (PUP)
http://dl.bluelabs.net/download?product=freevideoplayer&type=bundle|dhp&browser=chrome&bundleid=deskbarnx&trafficsource=shell&campaign=freevideoplayer_shell  (freevideoplayer.exe)

2 / 68      (PUP)
http://dl.bluelabs.net/download?product=freeopener&type=bundle&browser=undefined&bundleid=deskbar&trafficsource=adwords  (freeopener.exe)

10 / 68    (Malware)
http://dl.bluelabs.net/download?product=freeviewer&type=bundle|dsp|dhp&browser=chrome&bundleid=deskbarnx&trafficsource=shell&campaign=freeviewer_shell  (freeviewer.exe)

2 / 68      (PUP)
http://dl.bluelabs.net/download.php?product=freevideoplayer_wd&type=none  (freevideoplayer.exe)

1 / 68      (PUP)
http://dl.bluelabs.net/download?product=ifreefonts&type=&browser=chrome&bundleid=lavasoft&trafficsource=adwords&campaign=iFreeFonts-Search  (ifreefonts.exe)

1 / 68      (PUP)
http://dl.bluelabs.net/download?product=freeopener&type=&browser=chrome&bundleid=deskbar&trafficsource=adwords  (freeopener.exe)

1 / 68      (PUP)
http://dl.bluelabs.net/download?product=freeeditor&type=&browser=chrome&bundleid=deskbarnx&trafficsource=shell&campaign=freeeditor_shell  (freeeditor.exe)

1 / 68      (PUP)
http://dl.bluelabs.net/download?product=freeviewer&type=bundle&browser=chrome&bundleid=deskbarnx&trafficsource=shell&campaign=freeviewer_shell  (freeviewer.exe)

1 / 68      (PUP)
http://dl.bluelabs.net/download?product=freeviewer&type=bundle|dsp&browser=chrome&bundleid=deskbarnx&trafficsource=shell&campaign=freeviewer_shell  (freeviewer.exe)

1 / 68      (PUP)
http://dl.bluelabs.net/download.php?product=openfreely_bundle  (openfreelysetup.exe)

2 / 68      (PUP)
http://dl.bluelabs.net/download.php?product=openfreely_bundle&type=none  (openfreely_setup.exe)

2 / 68      (PUP)
http://dl.bluelabs.net/download.php?product=freeopener_bundle  (freeopener_setup.exe)

1 / 68      (PUP)
http://dl.bluelabs.net/download.php?product=freevideoplayer_wd&type=both  (freevideoplayer.exe)

1 / 68      (PUP)
http://dl.bluelabs.net/download?product=freeeditor&type=bundle&browser=chrome&bundleid=deskbarnx&trafficsource=shell&campaign=freeeditor_shell  (freeeditor.exe)

1 / 68      (PUP)
http://dl.bluelabs.net/download?product=freevideoplayer&type=bundle&browser=chrome&bundleid=deskbarnx&trafficsource=shell&campaign=freevideoplayer_shell  (freevideoplayer.exe)

 
Latest 30 of 67 download URLs

The following 8 files have been seen to comunicate with dl.bluelabs.net in live environments.

TCP » 54.183.41.226:80
freeviewer.exe (Free Viewer by Blue Labs)

TCP » 54.193.124.252:80
freeviewer.exe (Free Viewer by Blue Labs)

TCP » 54.193.124.252:80
freevideoplayer.exe (Free Video Player by Blue Labs)

TCP » 54.183.41.226:80
freevideoplayer.exe (Free Video Player by Blue Labs)

TCP » 54.193.124.252:80
openfreely.exe (Open Freely by Blue Labs)

TCP » 54.183.41.226:80
freeviewer.exe (Free Viewer by Blue Labs)

TCP » 54.183.41.226:80
freedoctopdf.exe (FreeDOCtoPDF by Blue Labs)

TCP » 54.193.124.252:80
freeviewer.exe (Free Viewer by Blue Labs)

TCP » 54.183.41.226:80
openfreely.exe (Open Freely by Blue Labs)

TCP » 54.183.41.226:80
freeopener.exe (Free Opener by Blue Labs)

TCP » 54.183.41.226:80
freevideoplayer.exe (Free Video Player by Blue Labs)

TCP » 54.193.124.252:80
freeopener.exe (Free Opener by Blue Labs)

TCP » 54.183.41.226:80
openfreely.exe (Open Freely by Blue Labs)

TCP » 54.193.124.252:80
freedoctopdf.exe (FreeDOCtoPDF by Blue Labs)

URL:
http://dl.bluelabs.net/

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
Apache/2.2.29 (Amazon) (PHP/5.3.29)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.