The domain ttb.lpdownclsva001.com is registered by proxy through SOLUCIONES CORPORATIVAS IP,SLU and was originally registered in January of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Portland, Oregon within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Oregon) region datacenter.
Registrant:
Only contact by email, all postal mail will be rejected
Registrar:
SOLUCIONES CORPORATIVAS IP,SLU
Server location:
Oregon, United States (US)
Create date:
Wednesday, January 1, 2014
Expires date:
Thursday, January 1, 2015
Updated date:
Wednesday, January 1, 2014
Scanner detections:
Detections (90% detected)
Scan engine
Details
Detections
Reason Heuristics
PUP.tuguusl.N, PUP.Installer.Tuguu, PUP.Tuguu.tuguusl.Bundler (M), PUP.Outbrowse.Bundler (M), PUP.Amonitize.Installer (M), PUP.Air Software.AirSoftware.Bundler (M)
100.00%
Malwarebytes
PUP.Optional.BundleInstaller.A, PUP.Optional.AirAdInstaller
22.22%
NANO AntiVirus
Riskware.Win32.DomaIQ.csmcgi, Trojan.Win32.PayInt.csffwn, Riskware.Win32.AirAdInstaller.cwbkcs
22.22%
avast!
Win32:PUP-gen [PUP], Win32:DomaIQ-CM [PUP], Win32:Installer-L [PUP]
22.22%
Dr.Web
Trojan.PayInt.27, Trojan.PayInt.14, Adware.Downware.2035
22.22%
VIPRE Antivirus
Win32.Malware!Drop, Threat.4783262, Threat.4783235, Iminent
22.22%
McAfee
RDN/Generic.bfr!fq, Program.Adware-DomaIQ, CryptDomaIQ
16.67%
F-Prot
W32/Backdoor2.HTIW, W32/DomaIQ.B.gen
16.67%
Kaspersky
not-a-virus:AdWare.Win32.DomaIQ, not-a-virus:AdWare.Win32.AirAdInstaller
16.67%
Comodo Security
Application.Win32.DomaIQ.D, Application.Win32.DomaIQ.STX, Application.Win32.AirAdInstaller.A
16.67%
Avira AntiVirus
APPL/DomaIQ.AV, PUA/DomaIQ.Gen, ADWARE/Adware.Gen
16.67%
Sophos
DomainIQ pay-per install, PUA 'DomainIQ pay-per install', AirInstaller
16.67%
Vba32 AntiVirus
BScope.Downware.DomaIQ, AdWare.AirAdInstaller.ajov
16.67%
AVG
Skodna.Generic_r, Adware Skodna.Generic_r.IA
16.67%
K7 AntiVirus
Riskware , Unwanted-Program
16.67%
The domain ttb.lpdownclsva001.com has been seen to resolve to the following 2 IP addresses.
ec2-54-213-33-153.us-west-2.compute.amazonaws.com
May 1, 2014
ec2-54-218-45-67.us-west-2.compute.amazonaws.com
January 12, 2014
File downloads found at URLs served by ttb.lpdownclsva001.com.