ttb.lpdownclsva001.com

Only contact by email, all postal mail will be rejected  (Proxy Registrant)

Domain Information

The domain ttb.lpdownclsva001.com is registered by proxy through SOLUCIONES CORPORATIVAS IP,SLU and was originally registered in January of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Portland, Oregon within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Oregon) region datacenter.
Registrar:
SOLUCIONES CORPORATIVAS IP,SLU

Server location:
Oregon, United States (US)

Create date:
Wednesday, January 01, 2014

Expires date:
Thursday, January 01, 2015

Updated date:
Wednesday, January 01, 2014

Root domain:

Scanner detections:
Detections  (90% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.tuguusl.N, PUP.Installer.Tuguu, PUP.Tuguu.tuguusl.Bundler (M), PUP.Outbrowse.Bundler (M), PUP.Amonitize.Installer (M), PUP.Air Software.AirSoftware.Bundler (M)
100.00%

Malwarebytes
PUP.Optional.BundleInstaller.A, PUP.Optional.AirAdInstaller
22.22%

NANO AntiVirus
Riskware.Win32.DomaIQ.csmcgi, Trojan.Win32.PayInt.csffwn, Riskware.Win32.AirAdInstaller.cwbkcs
22.22%

avast!
Win32:PUP-gen [PUP], Win32:DomaIQ-CM [PUP], Win32:Installer-L [PUP]
22.22%

Dr.Web
Trojan.PayInt.27, Trojan.PayInt.14, Adware.Downware.2035
22.22%

VIPRE Antivirus
Win32.Malware!Drop, Threat.4783262, Threat.4783235, Iminent
22.22%

McAfee
RDN/Generic.bfr!fq, Program.Adware-DomaIQ, CryptDomaIQ
16.67%

F-Prot
W32/Backdoor2.HTIW, W32/DomaIQ.B.gen
16.67%

Kaspersky
not-a-virus:AdWare.Win32.DomaIQ, not-a-virus:AdWare.Win32.AirAdInstaller
16.67%

Comodo Security
Application.Win32.DomaIQ.D, Application.Win32.DomaIQ.STX, Application.Win32.AirAdInstaller.A
16.67%

Avira AntiVirus
APPL/DomaIQ.AV, PUA/DomaIQ.Gen, ADWARE/Adware.Gen
16.67%

Sophos
DomainIQ pay-per install, PUA 'DomainIQ pay-per install', AirInstaller
16.67%

Antiy Labs AVL
AdWare/MSIL.DomaIQ, GrayWare[AdWare:not-a-virus]/MSIL.DomaIQ, Trojan[:HEUR]/Win32.AGeneric
16.67%

Vba32 AntiVirus
BScope.Downware.DomaIQ, AdWare.AirAdInstaller.ajov
16.67%

AVG
Skodna.Generic_r, Adware Skodna.Generic_r.IA
16.67%

The domain ttb.lpdownclsva001.com has been seen to resolve to the following 2 IP addresses.

ec2-54-213-33-153.us-west-2.compute.amazonaws.com
May 1, 2014

ec2-54-218-45-67.us-west-2.compute.amazonaws.com
January 12, 2014

File downloads found at URLs served by ttb.lpdownclsva001.com.