home

lp.vaudix.com

Cyber Soft Group Ltd.

Domain Information

The domain lp.vaudix.com registered by Cyber Soft Group Ltd. was initially registered in May of 2012 through NETEARTH ONE INC. D/B/A NETEARTH. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Beaumaris, Victoria within Australia which resides on the Asia Pacific Network Information Centre network.
Registrar:
NETEARTH ONE INC. D/B/A NETEARTH

Server location:
Victoria, Australia (AU)

Create date:
Friday, May 4, 2012

Expires date:
Wednesday, May 4, 2016

Updated date:
Tuesday, April 22, 2014

ASN:
AS133618 TRELLIAN-AS-AP Trellian Pty. Limited,AU

Root domain:
vaudix.com

Whois:
3 vaudix.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Adware.WebPick.Installer (M), Adware.Amonetize.Meta (M), Adware (M), Threat.Win.Reputation.IMP
96.00%

Microsoft Security Essentials
Threat.Undefined
4.00%

avast!
Win32:Agent-AYLT [PUP]
4.00%

F-Secure
Variant.Razy.44563
4.00%

Emsisoft Anti-Malware
Gen:Variant.Razy.44563, Gen:Variant.Adware.Mplug.21
4.00%

Norman
Gen:Variant.Razy.44563
4.00%

ESET NOD32
Win32/Adware.MultiPlug.DZ application
4.00%

Dr.Web
Trojan.Crossrider.36840
4.00%

Kaspersky
not-a-virus:HEUR:AdWare.Win32.MultiPlug
2.00%

The domain lp.vaudix.com has been seen to resolve to the following 16 IP addresses.

103.224.182.241
lb-182-241.above.com
September 17, 2016

185.53.179.8
September 15, 2016

185.53.179.12
July 13, 2016

185.53.179.23
July 11, 2016

141.8.225.63
July 10, 2016

80.251.18.8
May 17, 2016

52.26.71.172
ec2-52-26-71-172.us-west-2.compute.amazonaws.com
August 11, 2015

52.27.166.51
ec2-52-27-166-51.us-west-2.compute.amazonaws.com
August 11, 2015

52.27.146.26
ec2-52-27-146-26.us-west-2.compute.amazonaws.com
August 11, 2015

54.69.104.255
ec2-54-69-104-255.us-west-2.compute.amazonaws.com
May 6, 2015

104.28.6.18
September 11, 2014

104.28.7.18
September 11, 2014

108.162.198.182
(CloudFlare)
June 21, 2014

108.162.199.182
(CloudFlare)
June 21, 2014

54.200.139.91
ec2-54-200-139-91.us-west-2.compute.amazonaws.com
February 17, 2014

54.200.227.23
ec2-54-200-227-23.us-west-2.compute.amazonaws.com
January 10, 2014

File downloads found at URLs served by lp.vaudix.com.

1 / 68      (Malware)
http://lp.vaudix.com/.../Download.exe  (2d793d8cb541bac46b3f3adc719e7ac7)

1 / 68      (PUP)
http://lp.vaudix.com/.../  (download__15022_i1600876376_il26.exe.rar)

The following 16 files have been seen to comunicate with lp.vaudix.com in live environments.

TCP » 103.224.182.241:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 103.224.182.241:80
uplus.exe (LoadMoneyWebSite)

TCP » 103.224.182.241:80
7tkkmsa v1.5.1.exe (KMS Activator by 7pm Tech)

TCP » 103.224.182.241:80
y03fd24.tmp

TCP » 103.224.182.241:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 103.224.182.241:80
torrent-search.exe (torrent-search)

TCP » 103.224.182.241:3000
dopipjen.exe

TCP » 103.224.182.241:80
online-guardian-v2.0.9.exe

TCP » 103.224.182.241:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 103.224.182.241:80
skype_addon.crx

TCP » 103.224.182.241:3000
fzegwzshmv.exe (Mmradpzyxy nasxbzmaqh epdrtoxayhvufidy xwldikaaz fvfm by Yyqlkf gweeginvoxdfd dcaliect mmvqzaspb ryitflkjseyc zsiydrsyv)

TCP » 103.224.182.241:3000
fuheabyq.exe

TCP » 185.53.179.12:80
chrome.crx

TCP » 54.69.104.255:80
tmp781a.tmp

TCP » 54.69.104.255:80
tmp5600.tmp

TCP » 54.69.104.255:80
tmp61f7.tmp

URL:
http://lp.vaudix.com/

SSL certificate subject:
CN=sni67844.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
ngx_openresty (PHP/5.4.37)

Facebook:
Shares:  1
Comments:  2

Statistics are for the previous month.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.