home

tex.tlvmedia.com

TLV Media

Domain Information

The domain tex.tlvmedia.com registered by TLV Media was initially registered in June of 2008 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Washington, District of Columbia within the United States which resides on the SoftLayer Technologies Inc. network.
Registrar:
GODADDY.COM, LLC

Server location:
District of Columbia, United States (US)

Create date:
Thursday, June 19, 2008

Expires date:
Thursday, April 12, 2018

Updated date:
Saturday, April 18, 2015

ASN:
AS36351 SOFTLAYER - SoftLayer Technologies Inc.,US

Root domain:
tlvmedia.com

Whois:
2 tlvmedia.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

McAfee
PUP-FBM!C9EA9DCD7BCD, PUP-FBM!EF262E820A91, Artemis!890642133436
100.00%

Malwarebytes
PUP.Optional.Amonetize
100.00%

AhnLab V3 Security
PUP/Win32.Amonetiz
100.00%

Baidu Antivirus
Adware.Win32.Amonetize
100.00%

Reason Heuristics
Threat.Win.Reputation.IMP, PUP.Installer.KOMPANIYAR.c, PUP.Installer.KOMPANIYAR.BB
100.00%

Trend Micro House Call
TROJ_GEN.R0C1H06FD14, Suspicious_GEN.F47V0705
75.00%

avast!
Win32:Amonetize-BX [PUP], Win32:Amonetize-CJ [PUP]
75.00%

Sophos
Amonetize, Generic PUA NA
75.00%

Avira AntiVirus
ADWARE/Adware.Gen2, Adware/Graftor.146078.97
75.00%

ESET NOD32
Win32/Amonetize.AW (variant), Win32/Amonetize.BF.gen (variant)
75.00%

AVG
BundleApp_r.R, Generic
75.00%

MicroWorld eScan
Application.Bundler.Amonetize.L, Gen:Variant.Adware.Graftor.146078, Gen:Variant.Application.Bundler.Amonetize.8
75.00%

NANO AntiVirus
Riskware.Win32.Downware.daymkg, Riskware.Win32.Amonetize.dbyopz
75.00%

Bitdefender
Application.Bundler.Amonetize.L, Gen:Variant.Adware.Graftor.146078, Gen:Variant.Application.Bundler.Amonetize.8
75.00%

Agnitum Outpost
PUA.Amonetize
75.00%

The domain tex.tlvmedia.com has been seen to resolve to the following IP address.

50.97.60.43
50.97.60.43-static.reverse.softlayer.com
July 7, 2014

File downloads found at URLs served by tex.tlvmedia.com.

27 / 68    (PUP)
http://tex.tlvmedia.com/texred?subid=23ddc1corXF6b18Ag7v4oKrgBiNzJkNjE5M2Q4NzE0ZGY3YTc1OTk0MzA0MmQwZTQEVg4_DUS_AAEAAAAAAEiXOW8AIgABAAAAAgABAAAADwABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGYHB_ZW4zMgEA&cost=0&ru=http://bidder.tlvmedia.com/.../click.php?subid=23ddc1corXF6b18Ag7v4oKrgBiNzJkNjE5M2Q4NzE0ZGY3YTc1OTk0MzA0MmQwZTQEVg4_DUS_AAEAAAAAAEiXOW8AIgABAAAAAgABAAAADwABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGYHB_ZW4zMgEA&redir=aHR0cDovL3d3dy5uZXctaGRwbHVnaW4uY29tL2RpcmVjdC1kb3dubG9hZC5odG1sP3ZlcnNpb249MS4xLjUuODkmY2k9NzgyNCZjYXBwPUZsYXNoUGxheWVyJnRpMT0kUEFSQU0k&subid2=cf5caHR0cDovL3d3dy54bnh4LmNvbS92aWRlbzMzODE3MTgvc2V4eV9tYXR1cmVfbGFkeV9wbGF5c193aXRoX2hlcl93ZXRfcHVzc3k~&subid2=cf5caHR0cDovL3d3dy54bnh4LmNvbS92aWRlbzMzODE3MTgvc2V4eV9tYXR1cmVfbGFkeV9wbGF5c193aXRoX2hlcl93ZXRfcHVzc3k~  (flashplayer__4072_i844262802_il70.exe)

22 / 68    (Adware)
http://tex.tlvmedia.com/texred?subid=2398ddcorXF6b18Ag7v4oKrgBiNzJkNjE5M2Q4NzE0ZGY3YTc1OTk0MzA0MmQwZTRUqZk_D0S_AAEAAAAAAAgTC28AIgABAAAAAgABAAAADwABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGYHB_ZW4zMgEA&cost=0&ru=http://bidder.tlvmedia.com/.../click.php?subid=2398ddcorXF6b18Ag7v4oKrgBiNzJkNjE5M2Q4NzE0ZGY3YTc1OTk0MzA0MmQwZTRUqZk_D0S_AAEAAAAAAAgTC28AIgABAAAAAgABAAAADwABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGYHB_ZW4zMgEA&redir=aHR0cDovL3d3dy5uZXctaGRwbHVnaW4uY29tL2RpcmVjdC1kb3dubG9hZC5odG1sP3ZlcnNpb249MS4xLjUuODkmY2k9NzgyNCZjYXBwPUZsYXNoUGxheWVyJnRpMT0kUEFSQU0k&subid2=356baHR0cDovL2xhbmthc3RhcnNuZXdzLmJsb2dzcG90LmpwLzIwMTQvMDcvdGhlLW1vdmllLWtvc3RhcGFsLXB1bnlhc29tYS5odG1s&subid2=356baHR0cDovL2xhbmthc3RhcnNuZXdzLmJsb2dzcG90LmpwLzIwMTQvMDcvdGhlLW1vdmllLWtvc3RhcGFsLXB1bnlhc29tYS5odG1s  (tvapp__8821_i1002990161_il9.exe)

13 / 68    (Adware)
http://tex.tlvmedia.com/texred?subid=2335e8zYfXF6b18Ag7v4oKrgBkNzgxZjBjZWEzNTc0NTczODc4ODIxM2Q4NGUyMDQ62JtA0Qq_AAEAAAAAABBwJuMAIgABAAAAAgABAAAADwABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4S6iNZW5RNQEA&cost=0&ru=http://bidder.tlvmedia.com/.../click.php?subid=2335e8zYfXF6b18Ag7v4oKrgBkNzgxZjBjZWEzNTc0NTczODc4ODIxM2Q4NGUyMDQ62JtA0Qq_AAEAAAAAABBwJuMAIgABAAAAAgABAAAADwABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4S6iNZW5RNQEA&redir=aHR0cDovL3d3dy5uZXctaGRwbHVnaW4uY29tL2RpcmVjdC1kb3dubG9hZC5odG1sP3ZlcnNpb249MS4xLjUuODkmY2k9NzgyNCZjYXBwPUZsYXNoUGxheWVyJnRpMT0kUEFSQU0k&subid2=828aaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2Rvd25sb2FkL2xyMTZvdjAwbmM1eWNuYS8lJTI1NUIxLjYuNCUlMjU1RCslJTI1NUJGb3JnZSUlMjU1RCtXYWxsK0p1bXArMS4yK2J5K051a2VEdWNrLnppcA~~&subid2=828aaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2Rvd25sb2FkL2xyMTZvdjAwbmM1eWNuYS8lJTI1NUIxLjYuNCUlMjU1RCslJTI1NUJGb3JnZSUlMjU1RCtXYWxsK0p1bXArMS4yK2J5K051a2VEdWNrLnppcA~~  (flashplayer__4120_i1000047008_il84.exe)

10 / 68    (PUP)
http://tex.tlvmedia.com/texred?subid=236e84zYfXF6b18Ag7v4oKrgBmODMwNWM0NzQ3YzE4ZTE2YWFjNmM3YmVmYmIyYmGl-OpA0Qq_AAEAAAAAABDJ9OMAIgABAAAAAgABAAAADwABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD92Po3ZW5LMwEA&cost=0&ru=http://bidder.tlvmedia.com/.../click.php?subid=236e84zYfXF6b18Ag7v4oKrgBmODMwNWM0NzQ3YzE4ZTE2YWFjNmM3YmVmYmIyYmGl-OpA0Qq_AAEAAAAAABDJ9OMAIgABAAAAAgABAAAADwABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD92Po3ZW5LMwEA&redir=aHR0cDovL3d3dy5uZXctaGRwbHVnaW4uY29tL2RpcmVjdC1kb3dubG9hZC5odG1sP3ZlcnNpb249MS4xLjUuODkmY2k9NzgyNCZjYXBwPUZsYXNoUGxheWVyJnRpMT0kUEFSQU0k&subid2=c8bcaHR0cHM6Ly93d3cuZ29vZ2xlLmNvLnVrLyNxPWZ1bGwrZnJlZSthbnRpdmlydXMrZG93bmxvYWQ~&subid2=c8bcaHR0cHM6Ly93d3cuZ29vZ2xlLmNvLnVrLyNxPWZ1bGwrZnJlZSthbnRpdmlydXMrZG93bmxvYWQ~  (flashplayersetup__7824_i848101522_il6.exe)

The following 11 files have been seen to comunicate with tex.tlvmedia.com in live environments.

TCP » 50.97.60.43:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 50.97.60.43:443
browser.exe (Browser)

TCP » 50.97.60.43:80
browser.exe (Browser)

TCP » 50.97.60.43:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 50.97.60.43:443
apptrailers.exe

TCP » 50.97.60.43:443
browser.exe (Speed Browser by Smart Applications)

TCP » 50.97.60.43:80
client.exe

TCP » 50.97.60.43:80
browser.exe (speed browser by Fast Applications)

TCP » 50.97.60.43:443
online-guardian-v2.0.9.exe

TCP » 50.97.60.43:443
online-guardian-v2.0.9.exe

TCP » 50.97.60.43:80
tmpa921.exe

TCP » 50.97.60.43:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

URL:
http://tex.tlvmedia.com/

Title:
“Test Page for the Nginx HTTP Server on EPEL”

SSL certificate subject:
CN=*.tlvmedia.com, OU=Domain Control Validated

SSL certificate issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc."

Web server:
nginx

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.