» a.arthistory.work
Overview
Analysis
IPs Addresses (4)
Downloads (8)
Network (3)

a.arthistory.work

Domain Information

Server location:

Arizona, United States (US)

ASN:

AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC,US

Root domain:

arthistory.work

Scanner detections:

Malware distribution (100% detected)

Scan engine

Details

Detections

Reason Heuristics

Threat.Win.Reputation.IMP

75.00%

VIPRE Antivirus

Threat.5180739

25.00%

Dr.Web

Trojan.Crossrider1.40163

25.00%

avast!

Win32:FakeDownload-G [PUP]

25.00%

Emsisoft Anti-Malware

Gen:Variant.Razy.5360

25.00%

The domain a.arthistory.work has been seen to resolve to the following 4 IP addresses.

ip-50-63-202-92.ip.secureserver.net

June 26, 2016

ec2-52-27-128-59.us-west-2.compute.amazonaws.com

July 7, 2015

ec2-52-27-128-56.us-west-2.compute.amazonaws.com

July 7, 2015

ec2-52-27-128-62.us-west-2.compute.amazonaws.com

July 7, 2015

File downloads found at URLs served by a.arthistory.work.

1 / 68 (Malware)

http://a.arthistory.work/hp/?q=Tlqd BVLvkjRV9/XZTKU/KiW8X96ee7et3tJUbkeMtrP8/K0jPUXWAf6B4rGWnm/NrWlDS0zHfQXLSIY2dpp5E6F7TujaRLNkwj/NrvoWJiC3Plh6sFMtYc24FGmswXeQN80dx0Fx9IIY9TYlzR2ZYSf1WEthSrGmQ/3tq8Gwe/gKt37aMuTAj04GybXZY5EdqHQhvIS7qE4urcTdAwHIeZPT/.../7aetASDi2FDX1JEee8czt9gwYBVwMyw4Lh2TZsBwYOvgKQ5ysPrThcm4 (1sistembilanganreal.pdf.exe)

1 / 68 (Malware)

http://a.arthistory.work/hp/?q=x YGAZ05HHPR/XZTVNGrE/87aaAQEr3p0/KO8DYzLzDEF5cfJk /IPiKnYxUAKeagKAGMHZdVSQSTmGQ896Rp/.../NkSFGDlq8Xj BYGhHpqNJl76FayAF8QBxzFd70VHpv61f2A8 (2fungsidangrafik.pdf.exe)

1 / 68 (Malware)

http://a.arthistory.work/hp/?q=sfXF6DzufivEfABCDWPQ0QhIX/nU1ZNLogpl09PvAcAL5AMfOuD1QGcy41lPEiRQebmDSbVa18NT2ntc/PEnwbgV37wN2WvNlctPl5zUYaotV89mkFpiAkLug/0pc3e1a1rGKi/lPTq yLAqLKBX9K1lUCPevWjsbk4xMJO7hYDNrwwooMpgpDeQnAS7qy4q2vt9wie1ozpgnZxh Bv aFQ/.../8mtQ5mtDB9u0fwogme8 (5turunanfungsi.pdf.exe)

4 / 68 (PUP)

http://a.arthistory.work/hp/?q=dTGjhOOEFWGxOabcde/mYXBnzqhKubcBCXQG91513/jfgqhOdbTfYq6Kri ysPwc JymrDADOc9mBit0p0lP61lTKl87A4K7z5c0znEG3sXi/.../d1aBEe24yLQa3y3wgJUH97ENi8MKEahSxc0CDfofZq8W3F6HFYaMYNjBhe9FIFYahRRlwsZ9twHTXcQBAlnscS1 VU2H1hl8vVDpY9fmR 3N3kUK2tWEGoi0dZdW (7teoremarantai.pdf.exe)

4 / 68 (PUP)

http://a.arthistory.work/?q=wNtbKomcO/GPkHLnikQhHxYeZ5snq 3XVziDW8FU PecD Vfy5cKjBJJkhU77VZA7UvbJRQgGR0Y0/QJh9tUwOgq5R6RKXTl1XwivGXfeGdNEd7x4qlcOWiKQGhBjJSFlch/df0Qoi23vnxU3wfYw4sv7AGPb0B30Hnrv9I/qH qhg6rz6IBt6Ent0WW8Agqlz1RbPnVE7jTcmWmnc8PJUnbtCrzbeQrz0wJ0nmp 4rpjdecOWa3f/aHD6YaVGrfnM9D0i/.../yBiIEOPo84aEb52nECmUlqwLt122MU5EgisoGWPVGOC78WG3 hAeE3I1&uuid=QfsrJs4H8P1kdl95uhUBDQHDBnBJNkDxowPzaNihqSveW7uQDBgO2ZKCqD0vNCvyYck0CPp3jSoP0TmfGzUaKOnoBPlzBkWMUhzvu7PsJRi04Gn4tDbwOAIHfMNicLV85WYj96p4lsyVrkCuZjQv47EUA5nqoy2JFLta89nL5FlkJY57o8fjC05SL8igZv2cCDvmrrX4XOycPid2qYArtBPSfSEzAmooFiNjfDFdbNugchbNIINllr61BqCR5ecq8d1mXclFTwEpsrXws53dGqON9CNFcjG1pmzs9WNLGhkfOmjsi7pTgF0wT0T91jutfhnEbSDAHyXQb9Ao7wFHc7CMeI2XBN6rkUY1qwQ5K3oPZXP092nHdbsJosh0xJf92VrbojyNFI0vLP0kq3EWoEeqN56D4qrlT8mAJbFL2pqkQcGlz1yULjstTYUqQgiGwfdmZrUwLmcEViRvc2joj1e063G2MQKb3upoMJxztGHrkZ0X30PPjaw8ApN29KHM05SpKsZgtplB2MtXptrR7yT09A84DVOJ4Y6qBgakQcCm4U9rqnJjY8vGkdRfvkJNHhFvXgsv2RQ9Gw7igyM8bGcE6IF1waI4lWiSk7951nJWLSkS5DtA6orc (6turunanfungsitrigonometri.pdf.exe)

1 / 68 (Malware)

http://a.arthistory.work/hp/?q=Z7vcG3ibbmdVbqomjl4ubSb joXxouSlGWvO3IWgOsNtJu/kijyxwAPUjgLhEhjuq2IDj6WgWPp7Rb19IchEbivgMUH/Q DPLkzV59XoOlswehIiTdbDWyBD49Ttd9b69Un8yaYjBtfIcgjlZHJLbL5FFIuTMiWbexlXvlneI28OaEjcdvdsqvkrZUi s6lPp1cj5 Bn8WwCFmYz7FfL5LPnScbEFyB82I1ZludeERiKSDvfKPnnkcyAIhSj2ZsszQBgJUvS/k/.../15oZVWYTg viGdgy6W2YXJcCeLUX (captain claw game.exe)

1 / 68 (Malware)

http://a.arthistory.work/hp/?q=05Otqm26hl1Yw xztvgAyae /WRnVS15jITV9A1WeEtVEGBoHt4QreQBgIDcY0fEEH2EDitPnd0XXlR4WQdXvR1F8kT6shKOevXyCmnRxwWAlyJjWyRtCGP Kfsc5PKKwxfqBzpyTDuHcFSCkzlrrlUFH28vPi/V9fihaj6X/.../KVm8nJcRrTn17qMls (download.exe)

1 / 68 (Malware)

http://a.arthistory.work/hp/?q=usZH7MYVCr2d1JLFHwoBMiMURFShy8yZZT6ZrHSXFkVxJRvIBtkqiwHkLUAs88jydMnbvGACEYAAN3TaMBylSz rqoiRbDWgZ0yI srH0XKNyrp7gl5u0YXv0RdPDUnTJE2Gvz/ib1aTlM8 aTL8bWkrsbVGZJwWiwUfJ3vhTy7d98hMbFE o7qJX3vG vcT8uObJUrekBX07qfxbgQz22cB6ustuePAm GE5gqfClxTDGKJ5GEVCvgiQba4YGknfW2MDSeDq vlatQC6JBwYe4rcTrSzvlfFANE/wTvw p eNitgnwSFJyoyEAYcrrhPhjny6Yk QJ4wBC7zhSmxBH57VtJn/AtmNi/.../G3gQI8VRJ6ruRWbCKd13hVks6JP36u5aD5GlWcmRar (ddr professional recovery 4.0.1.6 torrent.rar.exe)

The following 3 files have been seen to comunicate with a.arthistory.work in live environments.

TCP » 50.63.202.92:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.27.128.56:80

TCP » 52.27.128.59:80

TCP » 52.27.128.62:80

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.