home

get.blue1209.info

OutBrowse

Domain Information

This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon.com, Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Registrar:
GoDaddy.com, LLC (R171-LRMS)

Server location:
Virginia, United States (US)

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US

Root domain:
blue1209.info

Whois:
1 blue1209.info record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Dr.Web
Trojan.OutBrowse.55, infected with Trojan.OutBrowse.83
100.00%

VIPRE Antivirus
Threat.4657539, Threat.4150696, Trojan.Win32.Generic.pak!cobra
100.00%

McAfee
Adware-OutBrowse.d, Adware-OutBrowse.e, Program.Adware-OutBrowse.e
100.00%

Malwarebytes
PUP.Optional.OutBrowse
100.00%

Trend Micro House Call
Suspici.202D3B0F, Suspici.8D175B40
100.00%

Avira AntiVirus
APPL/Downloader.Gen, APPL/Outbrowse.Gen
100.00%

AVG
Generic, Potentially harmful program Downloader.DII
100.00%

Reason Heuristics
PUP.SalyutemPlyus.R, PUP.Installer.SalyutemPlyus.R, PUP.Installer.FastDownloadgot, PUP.Bundler.Outbrowse
100.00%

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
80.00%

ESET NOD32
Win32/OutBrowse.BQ potentially unwanted application, Win32/OutBrowse.BS potentially unwanted application
80.00%

K7 AntiVirus
Unwanted-Program , Trojan
80.00%

AhnLab V3 Security
PUP/Win32.OutBrowse
60.00%

Sophos
Generic PUA HA, OutBrowse Revenyou
60.00%

G Data
Win32.Application.Agent.PJ22JG, MemScan:Application.Bundler.Outbrowse.AN
60.00%

Fortinet FortiGate
Riskware/OutBrowse
60.00%

The domain get.blue1209.info has been seen to resolve to the following 2 IP addresses.

50.19.105.103
ec2-50-19-105-103.compute-1.amazonaws.com
May 4, 2015

23.23.254.6
ec2-23-23-254-6.compute-1.amazonaws.com
May 4, 2015

File downloads found at URLs served by get.blue1209.info.

14 / 68    (Adware)
http://get.blue1209.info/1422733235/get62?p=18940&d=25092&l=24278&n=1&productname=Download Manager&d1=0&S=14227331839983,US,affl292,335,obn,68,Chrome,04d84452a348c28681fa3380bcc02fa1,subid=102620_53c2dd1cc6789d5eed8cd174aebcc691&exeurl=http://.../jre-7u60-windows-i586.exe&dynamicname=Java Runtime Environment&filename=java_runtime_enviroment_setup.exe  (java_runtime_enviroment_setup.exe.exe)

11 / 68    (Adware)
http://get.blue1209.info/.../get31?p=13481&d=19421&l=18584&n=1&productname=SpyHunter 4.6.1.3664&exeurl=SpyHunter - Download&dynamicname=SpyHunter 4.6.1.3664&filename=SpyHunter 4.6.1.3664&dt=1420280705&d1=11257  (spyhunter 4.6.1.3664.exe)

29 / 68    (Adware)
http://get.blue1209.info/1420308061/get31?p=414&d=24027&l=9338&n=1&productname=free-downloadss.com&d1=1&d2=1&d3=1&d4=1&d5=95&exeurl=https://s3.amazonaws.com/Minecraft.Download/.../Minecraft.exe&dynamicname=Minecraft&filename=Minecraft  (1ef7eb9bf3a40244c1d526a97499e2a1)

14 / 68    (Adware)
http://get.blue1209.info/1422733204/get62?p=18940&d=25092&l=24278&n=1&productname=Download Manager&d1=0&S=14227331839983,US,affl292,335,obn,68,Chrome,04d84452a348c28681fa3380bcc02fa1,subid=102620_53c2dd1cc6789d5eed8cd174aebcc691&exeurl=http://.../jre-7u60-windows-i586.exe&dynamicname=Java Runtime Environment&filename=java_runtime_enviroment_setup.exe  (java_runtime_enviroment_setup.exe.exe)

12 / 68    (Adware)
http://get.blue1209.info/1420316192/get31?p=18940&d=25092&l=24278&n=1&productname=Download Manager&d1=0&S=14203159927819,1188,qws_eusch10,554,obn,68,Chrome,5c10d1dc50a449f1e7da9c562ecd51c7,subid=010109667018015852126&cat=010109667&exeurl=http://.../install_flash_player_13_plugin.exe&dynamicname=Adobe Flash Player&filename=adobe_flash_setup.exe  (adobe_flash_setup.exe.exe)

URL:
http://get.blue1209.info/

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
Microsoft-IIS/8.0 (ASP.NET)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.