lp.vaudix.com

Cyber Soft Group Ltd.

Domain Information

The domain lp.vaudix.com registered by Cyber Soft Group Ltd. was initially registered in May of 2012 through NETEARTH ONE INC. D/B/A NETEARTH. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Portland, Oregon within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Oregon) region datacenter.
Remove Malware from lp.vaudix.com - Powered by Reason Core Security
Registrar:
NETEARTH ONE INC. D/B/A NETEARTH

Server location:
Oregon, United States (US)

Create date:
Friday, May 04, 2012

Expires date:
Wednesday, May 04, 2016

Updated date:
Tuesday, April 22, 2014

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:

Scanner detections:
Detections  (96% detected)

Scan engine
Details
Detections

Avira AntiVirus
W32/Sality.AT, Adware/InstallRex.bza, Adware/InstalleRex.MOL, Adware/InstallRex.Q, Adware/InstallRex.X, TR/Rogue.9595794
91.30%

Dr.Web
Win32.Sector.21, Adware.Downware.1719, Adware.Downware.1541, Trojan.WebPick.4, Adware.Downware.1442, Trojan.WebPick.29, Trojan.Crossrider.36840
91.30%

Reason Heuristics
Adware.WebPick.Installer.I, PUP.Optional.Installer.I, PUP.Installer.SergeyPetrov.I, Threat.Win.Reputation.IMP, Adware.WebPick.Installer (M)
91.30%

avast!
Win32:InstalleRex-AR [PUP], Win32:InstalleRex-AI [PUP], Win32:InstalleRex-Z [PUP], Win32:InstalleRex-BI [PUP], Win32:InstalleRex-BM [PUP], Win32:MultiPlug-ZD [PUP]
91.30%

Vba32 AntiVirus
Downware.TSU, Downloader.AdLoad, Heur.Malware-Cryptor.Multiplug, suspected of Heur.Malware-Cryptor.Multiplug
91.30%

Malwarebytes
PUP.Optional.InstalleRex, PUP.Optional.Tarma, PUP.Optional.Installrex, PUP.Optional.AppReady, PUP.Optional.Bundler
86.96%

Kaspersky
not-a-virus:Downloader.Win32.AdLoad, Trojan.Win32.AntiFW, not-a-virus:HEUR:Downloader.Win32.AdLoad, not-a-virus:AdWare.Win32.MultiPlug
86.96%

NANO AntiVirus
Riskware.Win32.Downware.cscobj, Riskware.Win32.Downware.ctkpgq, Riskware.Win32.Downware.csjrze, Riskware.Win32.Downware.ctkpgl
86.96%

Comodo Security
Application.Win32.InstalleRex.KG, Application.Win32.InstalleRex.LL, Application.Win32.AdWare.MultiPlug.VA
86.96%

G Data
Trojan.Generic.10213271, Trojan.Generic.10451592, Win32.Application.InstalleRex, Trojan.Generic.10396428, Win32.Application.EZDownloader
86.96%

Rising Antivirus
PE:PUF.InstallRex!1.9E4C, PE:Malware.Adload!6.126C, PE:Trojan.AntiFW!6.19C9, PE:Malware.InstallRex!6.3DD, PE:Malware.InstallRex!6.10EC
86.96%

AVG
MalSign.Generic, MalSign.Skodna, InstallRex.2ef, Adware Skodna.Generic.ANR, Adware Generic6.IKT
86.96%

K7 AntiVirus
Trojan , Unwanted-Program
86.96%

McAfee
PUP-FFQ!304C1765A86C, PUP-FHQ!685E6BA63DE7, PUP-FHQ!1F4116E31906, PUP-FDX!B50872A2FFF2, PUP-FHQ!8151E1D4CEB2, PUP-FHQ!2DAFEC145420
82.61%

K7 Gateway Antivirus
Unwanted-Program
82.61%

The domain lp.vaudix.com has been seen to resolve to the following 10 IP addresses.

ec2-52-26-71-172.us-west-2.compute.amazonaws.com
August 11, 2015

ec2-52-27-166-51.us-west-2.compute.amazonaws.com
August 11, 2015

ec2-52-27-146-26.us-west-2.compute.amazonaws.com
August 11, 2015

ec2-54-69-104-255.us-west-2.compute.amazonaws.com
May 6, 2015

September 11, 2014

September 11, 2014

(CloudFlare)
June 21, 2014

(CloudFlare)
June 21, 2014

ec2-54-200-139-91.us-west-2.compute.amazonaws.com
February 17, 2014

ec2-54-200-227-23.us-west-2.compute.amazonaws.com
January 10, 2014

File downloads found at URLs served by lp.vaudix.com.

43 / 68    (Adware)
http://lp.vaudix.com/.../Download.exe  (ce6ddab42b00a462d22480f0bf489922)

43 / 68    (Adware)
http://lp.vaudix.com/.../Download.exe  (e77864037a803412cc303b6d8191bc98)

5 / 68      (PUP)
http://lp.vaudix.com/.../Download.exe  (41e127359a26a4fac53b908ab548317f)

41 / 68    (Adware)
http://lp.vaudix.com/.../Download.exe  (7db96b52a41daa93d9ad2314182679c2)

28 / 68    (PUP)
http://lp.vaudix.com/.../Download.exe  (d66d5848125c798ae38825c88a8e4a8e)

33 / 68    (Adware)
http://lp.vaudix.com/.../Download.exe  (b325f41b4b6ef34aa3275b79410a450c)

39 / 68    (Adware)
http://lp.vaudix.com/.../Download.exe  (1eb70e1e41856cbc93f6b8fb762da944)

37 / 68    (Adware)
http://lp.vaudix.com/.../Download.exe  (e637588fbe1a3b838d9db0060700beab)

40 / 68    (Adware)
http://lp.vaudix.com/.../Download.exe  (6caf44f136bdc204ece8f593342d0a62)

36 / 68    (Adware)
http://lp.vaudix.com/.../Download.exe  (88d8419da766185818620ed3a1c6e864)

38 / 68    (Adware)
http://lp.vaudix.com/.../Download.exe  (8c039a7f194ddf1ac629b499c0c1dd96)

24 / 68    (Adware)
http://lp.vaudix.com/.../Download.exe  (8151e1d4ceb2d4d1ffb8b49e2c46f2d5)

39 / 68    (Adware)
http://lp.vaudix.com/.../Download.exe  (fdf3f48a9e4b939bd7038ad269427a4a)

17 / 68    (Adware)
http://lp.vaudix.com/.../Download.exe  (7fad0172f4f568a5140819f37bf954db)

39 / 68    (Adware)
http://lp.vaudix.com/.../Download.exe  (9347f5fd37a620cdfed3987865f20fce)

1 / 68      (Adware)
http://lp.vaudix.com/.../Download.exe  (92b4c69f5915dce4f7decc3efc8555f8)

33 / 68    (Adware)
http://lp.vaudix.com/.../Download.exe  (624742685e1a835f328ff54f6f5b3cdc)

38 / 68    (Adware)
http://lp.vaudix.com/.../Download.exe  (bd50695009ceb2cf6efbc643584ee7b0)

32 / 68    (Adware)
http://lp.vaudix.com/.../Download.exe  (8544afb99cbc4e90c0ce6c0570f10b61)

5 / 68      (false positives)

39 / 68    (Adware)
http://lp.vaudix.com/.../Download.exe  (11f2a67d49653fed03223d922acbd552)

40 / 68    (Adware)
http://lp.vaudix.com/.../Download.exe  (debf6f6637127185b3499088bcd528fa)

39 / 68    (Adware)
http://lp.vaudix.com/.../Download.exe  (ecea259c07906056a343580bbcf1c919)

The following 3 files have been seen to comunicate with lp.vaudix.com in live environments.

URL:
http://lp.vaudix.com/

Network:
Amazon Web Services (AWS), running an EC2 instance

SSL certificate subject:
CN=sni67844.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
ngx_openresty (PHP/5.4.37)

Facebook:
Shares:  1
Comments:  2

Statistics are for the previous month.

Remove Malware from lp.vaudix.com - Powered by Reason Core Security