» www.grabapplicationapps.com
Overview
Analysis
IPs Addresses (6)
Downloads (9)
Network (6)

www.grabapplicationapps.com

Domain Information

Server location:

Oregon, United States (US)

ASN:

AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:

grabapplicationapps.com

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.InstallCore.AVSoftwa.Installer (M), PUP.InstallCore.EST (M)

100.00%

avast!

Win32:Trojan-gen

11.11%

ESET NOD32

Win32/InstallCore.ACY.gen potentially unwanted application

11.11%

The domain www.grabapplicationapps.com has been seen to resolve to the following 6 IP addresses.

ec2-52-25-41-73.us-west-2.compute.amazonaws.com

May 16, 2016

ec2-52-24-26-116.us-west-2.compute.amazonaws.com

May 16, 2016

ec2-54-148-57-212.us-west-2.compute.amazonaws.com

May 16, 2016

ec2-54-69-198-37.us-west-2.compute.amazonaws.com

May 16, 2016

ec2-54-69-11-66.us-west-2.compute.amazonaws.com

May 16, 2016

ec2-52-88-159-85.us-west-2.compute.amazonaws.com

May 16, 2016

File downloads found at URLs served by www.grabapplicationapps.com.

1 / 68 (PUP)

http://www.grabapplicationapps.com/c?x=gmnBk B95oROiOdD 7ZrxjA1DtM Yy2zYsAgY6 h9Sw=&c=/THZmVfICdBUSwdoVy3qeyhTeFV3fPYRYS8Vx9/r8nMpxN0WUDu59Bd67i8mK5Fz5UzZnTjIcj23Ig2GvrV9IBD09kYEz JHiasS2tApy0wnnikgtqb8IdOs8vPwyPIm&downloadAs=ZRAT10.exe&fallback_url=http://.../get.php?file=f4d9a8f0&m3 (bdd8080a2657961568edfe141d9a4da3)

1 / 68 (PUP)

http://www.grabapplicationapps.com/c?x=RZnJC6a5EAVTz2IpfaCxVvn mSWiJ9XCI6w6lvjGSXU=&c=rGzXUkW48NFBWfOugxK4GMRqdYLkUIuBxxwbQmXtL xbEpfLQeVABZnDOxCXpe9VEWrhWdtDoQ8/e0zRv/7iR12gUvCj1BCrc9X1b3Wyg FQPQsarJd7Nn2XUyvY/oK3&downloadAs=Urban_FreeStyle_Socc.exe&fallback_url=http://.../get.php?file=727d6655&m3 (a0864cd994e5053ba3edbc79bd3a0296)

3 / 68 (PUP)

http://www.grabapplicationapps.com/c?x=B/CzbjS82H3S7iztztgbokuuh/8HvUrDbnK6EHaz26U=&c=jgmmEuoa 9oIDhup0qLMTBtCEYrcoM8svExedpAYsahqs/58fHF29GU2CGKMSAhf ja6gwHD3kimwpM5QnUYPwHOUuwkfJc4vjl2AAjhWsqlEZCX3MlNEwQ1xV4iSAhT&downloadAs=VirtualHottie2__-_ww.exe&fallback_url=http://.../get.php?file=32d89de5&m3 (ab98491a158d5202e0320ebf551fe76e)

1 / 68 (PUP)

http://www.grabapplicationapps.com/c?x=Trs3jhsIlcW9DXXu9nl8KKZVrNb3EzdrhjjBk/Ut8Zc=&c=GZVzDB3rh uSVFv3q/Gx89fb nLeGJu boXQ3X1ltLK/1rrzekbXio8FxxwsrVZUF9T52HFT9qy9XJr01cG42peKcfhO6NOpxw/Eec99DuxyywT9SXjUN0HJdNHAk0 N&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe (1eb4dd599253b897a3d4ee4fc1e218f7)

1 / 68 (PUP)

http://www.grabapplicationapps.com/c?x=VCwgPh2axHBFEQG1aeHgcvTpf9cWac56ru7TxzOf0RQ=&c=Kg33eg5FsDKbL4z5jQxjphSlEZhYw3 LIApgCwGpm2JCipZ0KOZkQ3ChgGU Z4AU39X TwsOC/Q/c0Co4jH/T879uFw0mpRNaM1gL0MJvuXkCfLcN0VRUmy6Cr708Bop&downloadAs=Crack_UZ1.exe&fallback_url=http://.../get.php?file=bd0a65cb&m3 (7e5f42e968f7ccd0250295af9762dfb5)

1 / 68 (PUP)

http://www.grabapplicationapps.com/c?x= 3DzZ6B9LnR8o2ofze Lnccb/Awv8M5vjsM8h CXFus=&c=88FlZ ExONKqBHO0sfYzbJGS8p64h6oCTrJibCK8MWgihbqYMvoD2F6NMNgbvFFvAMRNlomt2INeJ7 yzZkxqqAkeFZzWt9CF5qsS09Xpx/nNg4qzSsPr1pyoyrprKgo&downloadAs=JIFFY_WAYT_-_SWISH_U.exe&fallback_url=http://.../get.php?file=94e718a6&m3 (29999f74090869cc36f64f2bec2ea2e0)

1 / 68 (PUP)

http://www.grabapplicationapps.com/c?x=irQeckztxAeykPMpT3fb5s/G8l1EcYLMarXM8U/pSg4=&c=AHdrXOpSFh7qhf8KvEMPcsfQUdfLclgFblYX3eL3y7S59KXB4349yl0lW/9Q02SNRtg5yK8xiTzjfl78T7UOaxSoXWwpaKWQ8lQmCG28gLR PvXSN1N7vjkLHlppPcBx&downloadAs=131313.exe&fallback_url=http://.../get.php?file=a62a645c&m3 (63bb6a9b79055ef60d6bbcb468a270c4)

1 / 68 (PUP)

http://www.grabapplicationapps.com/c?x=JRHMK80WTfuSeUb5LQ59DfdaO/xjcfbkD2jt8eRfbCs=&c=uq0OfCO7C9Nmg7XHDAfJdz7kcAzDGC/QdSgAMePABEewdLuynxJ89W7Z4FvAQKZsm FAl9k1sO1M91ALUcS0E/25GW/AyFjyp7T/ZyMBKV1Kw6ntcq3e BrCKI15VbBp&downloadAs=DokDo_Windows81_Pro_.exe&fallback_url=http://.../get.php?file=2981a11e&m3 (f8b23574fccf10e0c9b8625de56bbe4c)

1 / 68 (PUP)

http://www.grabapplicationapps.com/c?x=Qn6TRNRm32Zr6ItQzjc rOMJ9Eij66/lkQtrX54qvnQ=&c=rbTP oKunGiSztLny8Jg77BUy8iH8wyTGLzkR6THG4j1LLwmr4Aqh67jUM3QJkVd1raZbZ786OY5vuLyrjnJa0BSXT6pTnbOIIe6w7OEh/vOXsDwjy9pYvu5PB9wyfwK&downloadAs=UltraISOPremiumEditi.exe&fallback_url=http://.../get.php?file=82d5e1e9&m3 (61a59c083afcb99ef7c78e06ee67db02)

The following 6 files have been seen to comunicate with www.grabapplicationapps.com in live environments.

TCP » 52.24.26.116:443

online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443

online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443

036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.24.26.116:443

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443

Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.