musicdoldin.net

Whois Privacy Protection Service, Inc.  (Proxy Registrant)

Domain Information

The domain musicdoldin.net is registered by proxy through NAME.COM, INC. and was originally registered in March of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Portland, Oregon within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Oregon) region datacenter.
Registrar:
NAME.COM, INC.

Server location:
Oregon, United States (US)

Create date:
Thursday, March 27, 2014

Expires date:
Friday, March 27, 2015

Updated date:
Saturday, May 10, 2014

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Adware.WebPick.Installer.I, Adware.WebPick.Installer.i, Adware.WebPick.Installer.DD, Adware.WebPick.Installer.?, Adware.WebPick.Installer.r, Adware.WebPick.Installer (M), Adware (M)
100.00%

McAfee
PUP-FHQ!B11EF13D23BE, PUP-FHQ!EB5AD95C80B9, PUP-FHQ!392DC566084C, PUP-FHQ!1676FE22ED17, Program.PUP-FHQ
50.00%

Malwarebytes
PUP.Optional.InstalleRex
50.00%

Kaspersky
Trojan.Win32.AntiFW
50.00%

Comodo Security
Application.Win32.InstalleRex.KG
50.00%

VIPRE Antivirus
Trojan.Win32.Generic, Installerex/WebPick, Threat.4150696
50.00%

McAfee Web Gateway
PUP-FHQ!B11EF13D23BE, PUP-FHQ!EB5AD95C80B9, Heuristic.LooksLike.Win32.Suspicious.B, PUP-FHQ!1676FE22ED17, BehavesLike.Win32.Downloader.fc
50.00%

Kingsoft AntiVirus
Win32.Troj.AntiFW.b.(kcloud)
50.00%

G Data
Win32.Application.InstalleRex, Gen:Variant.Application.Strictor.58380
50.00%

AhnLab V3 Security
PUP/Win32.TSULoader
50.00%

Vba32 AntiVirus
Downloader.AdLoad, AdWare.Agent
50.00%

Rising Antivirus
PE:PUF.InstallRex!1.9E4C, PE:Trojan.DL.Win32.AntiFW.a!1075355932
50.00%

Quick Heal
Trojan.AntiFW.A5
41.67%

NANO AntiVirus
Riskware.Win32.InfoLeak.cvgqot
41.67%

Norman
Genome.GR, Gen:Variant.Application.Strictor.58380
41.67%

The domain musicdoldin.net has been seen to resolve to the following 3 IP addresses.

ec2-54-186-53-99.us-west-2.compute.amazonaws.com
September 15, 2014

May 14, 2014

May 14, 2014

File downloads found at URLs served by musicdoldin.net.

The following file have been seen to comunicate with musicdoldin.net in live environments.

URL:
http://musicdoldin.net/

Title:
“Welcome to nginx!”

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
cloudflare-nginx