home

files.the-pdf-reader.com

A HAPPY DREAMHOST CUSTOMER

Domain Information

The domain files.the-pdf-reader.com registered by A HAPPY DREAMHOST CUSTOMER was initially registered in July of 2012 through DREAMHOST, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dulles, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).
Registrar:
DREAMHOST, LLC

Server location:
Virginia, United States (US)

Create date:
Monday, July 30, 2012

Expires date:
Thursday, July 30, 2015

Updated date:
Thursday, July 31, 2014

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
the-pdf-reader.com

Whois:
1 the-pdf-reader.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Bkav FE
W32.Clodfaf.Trojan
100.00%

MicroWorld eScan
Adware.Generic.675947
100.00%

McAfee
Artemis!42CAECC1F811
100.00%

Malwarebytes
PUP.Optional.InstallIQ
100.00%

K7 AntiVirus
Unwanted-Program
100.00%

Bitdefender
Adware.Generic.675947
100.00%

Lavasoft Ad-Aware
Adware.Generic.675947
100.00%

Sophos
InstallQ
100.00%

Comodo Security
Application.Win32.InstallIQ.B
100.00%

F-Secure
Adware.Generic.675947
100.00%

Dr.Web
Adware.Downware.1426
100.00%

VIPRE Antivirus
InstallIQ Installer
100.00%

Emsisoft Anti-Malware
Adware.Generic.675947
100.00%

G Data
Adware.Generic.675947
100.00%

ESET NOD32
Win32/InstallIQ (variant)
100.00%

The domain files.the-pdf-reader.com has been seen to resolve to the following 8 IP addresses.

54.230.18.99
server-54-230-18-99.iad12.r.cloudfront.net
December 2, 2014

54.230.18.58
server-54-230-18-58.iad12.r.cloudfront.net
December 2, 2014

54.230.17.212
server-54-230-17-212.iad12.r.cloudfront.net
December 2, 2014

54.230.17.172
server-54-230-17-172.iad12.r.cloudfront.net
December 2, 2014

54.230.17.105
server-54-230-17-105.iad12.r.cloudfront.net
December 2, 2014

54.230.16.237
server-54-230-16-237.iad12.r.cloudfront.net
December 2, 2014

54.230.16.150
server-54-230-16-150.iad12.r.cloudfront.net
December 2, 2014

54.240.160.40
server-54-240-160-40.iad12.r.cloudfront.net
December 2, 2014

File downloads found at URLs served by files.the-pdf-reader.com.

20 / 68    (Adware)
http://files.the-pdf-reader.com/7zip14291_1.exe  (42caecc1f8113f2732947845801fa26a)

The following 2 files have been seen to comunicate with files.the-pdf-reader.com in live environments.

TCP » 54.230.17.105:80
PastaLeadsService.exe (PastaLeadsService)

TCP » 54.230.18.58:80
win99dc.exe

URL:
http://files.the-pdf-reader.com/

Network:
Amazon Cloudfront

Web server:
AmazonS3

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.