ttb.lpcloudsvr302.com

GoNameSales.com

Domain Information

The domain ttb.lpcloudsvr302.com registered by GoNameSales.com was initially registered in March of 2015 through SOLUCIONES CORPORATIVAS IP,SLU. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Vitoria-Gasteiz, Pais Vasco within Spain which resides on the RIPE Network Coordination Centre network.
Remove Malware from ttb.lpcloudsvr302.com - Powered by Reason Core Security
Registrar:
GONAME-FL.COM, INC.

Server location:
Pais Vasco, Spain (ES)

Create date:
Thursday, March 05, 2015

Expires date:
Saturday, March 05, 2016

Updated date:
Thursday, March 05, 2015

ASN:
AS57910 SCIP-AS Soluciones Corporativas IP, SL,ES

Root domain:

Google Safe Browsing:
malware

Scanner detections:
Detections  (96% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Optional.Installer.R, PUP.Installer.TuguuIsrael.F, PUP.Installer.SoftpulseSLU.F, PUP.Installer.Binaritpersonalcomputerperipheralequipment.F, PUP.Installer.Binaritpersonalcomputerperipheralequipment.M, PUP.Installer.TuguuIsrael.M, Threat.Win.Reputation.IMP, PUP.Installer.TUGUUSL.F, PUP.Air Software.Bundler, PUP.Tuguu.TuguuIsrael.Bundler (M), PUP.Binaritpersonalcomputerperipheralequipment.Installer (M), PUP.Outbrowse.Bundler (M), PUP.InstallCore.Installer.Installer (M), PUP.Adknowledge.FUSIONINSTALL.Installer (M), PUP.Binaritpersonalcomputerperipheralequipment (M), PUP.Air Software.AirSoftware.Bundler (M), PUP.Tuguu.TuguuSL.Bundler (M), PUP.Softpulse.DigitalPluginSl.Bundler (M)
100.00%

K7 AntiVirus
Unwanted-Program , Trojan , Adware
47.83%

K7 Gateway Antivirus
Unwanted-Program , Trojan
47.83%

Sophos
DomainIQ pay-per install, SoftPulse, Generic PUA DB, PUA 'DomainIQ pay-per install', PUA 'Download Assistant' (of type Adware)
45.65%

NANO AntiVirus
Riskware.Win32.DomaIQ.csmcgi, Riskware.Win32.DomaIQ.cspmgz, Riskware.Win32.PayInt.cslfta, Riskware.Win32.PayInt.cskovl, Trojan.Win32.DomaIQ.cssxal
43.48%

Malwarebytes
PUP.Optional.BundleInstaller.A, PUP.Optional.DomaIQ, PUP.Optional.HDPlayer, Trojan.Agent, PUP.Optional.OptimumInstaller.A
41.30%

Agnitum Outpost
PUA.DomaIQ, Riskware.Agent, PUA.Agent, PUA.AirAdInstaller
41.30%

McAfee
Adware-DomaIQ, RDN/Generic.bfr!gc, CryptDomaIQ, Program.CryptDomaIQ, RDN/Generic.bfr!gd, Artemis!5032EA165D47
39.13%

Dr.Web
Trojan.PayInt.27, Adware.Downware.2011, Trojan.PayInt.14, Program.Unwanted.74, Trojan.DownLoad3.31551, Trojan.Vittalia.30
36.96%

avast!
PUP-gen [PUP], DomaIQ-BS [PUP], Win32:DomaIQ-CM [PUP], DomaIQ-BD [PUP], DomaIQ-CO [PUP], Win32:DomaIQ-BF [PUP], Win32:DomaIQ-BD [PUP]
36.96%

AVG
Adware Skodna.Generic_r.IA, Adware Skodna.Bundle_r.T, Softpulse, Adware Skodna.Bundle_r.S, Downloader, MalSign.Generic, Adware Generic5
36.96%

Kaspersky
not-a-virus:AdWare.Win32.DomaIQ, not-a-virus:AdWare.MSIL.DomaIQ, HEUR:Trojan.Win32.Generic, not-a-virus:AdWare.Win32.AirAdInstaller
36.96%

Quick Heal
Adware.Domal.A5, Adware.DomaIQ.BT5, Adware.iBryte.DK4
36.96%

VIPRE Antivirus
Threat.4783235, Threat.4783262, Threat.4150696, Trojan.Win32.Generic, Optimum Installer
34.78%

Vba32 AntiVirus
BScope.Downware.DomaIQ, suspected of Trojan.Downloader.gen.h, Downloader.DownloadHelper, SScope.Malware-Cryptor.iBryte, AdWare.AirAdInstaller
34.78%

The domain ttb.lpcloudsvr302.com has been seen to resolve to the following 9 IP addresses.

custip-2072.sedoparking.com
May 3, 2015

www.renewyourexpireddomain.com
January 11, 2015

ec2-54-201-201-245.us-west-2.compute.amazonaws.com
June 21, 2014

ec2-50-112-177-75.us-west-2.compute.amazonaws.com
May 21, 2014

ec2-54-213-33-153.us-west-2.compute.amazonaws.com
April 11, 2014

ec2-54-244-32-152.us-west-2.compute.amazonaws.com
February 8, 2014

ec2-54-201-202-189.us-west-2.compute.amazonaws.com
February 1, 2014

ec2-54-213-26-135.us-west-2.compute.amazonaws.com
January 17, 2014

ec2-54-218-45-67.us-west-2.compute.amazonaws.com
January 10, 2014

File downloads found at URLs served by ttb.lpcloudsvr302.com.

 
Latest 30 of 66 download URLs

The following file have been seen to comunicate with ttb.lpcloudsvr302.com in live environments.

URL:
http://ttb.lpcloudsvr302.com/

Title:
“lpcloudsvr302.com - This website is for sale! - lpcloudsvr302 Resources and Information.”

Description:
“This website is for sale! lpcloudsvr302.com is your first and best source for information about lpcloudsvr302 . Here you will also find topics relating to issues of general interest. We hope you find what you are looking for!”

Web server:
nginx (PHP/5.3.3-7+squeeze28)

Remove Malware from ttb.lpcloudsvr302.com - Powered by Reason Core Security