home

c.kindscanmeta.net

Adam Sorin

Domain Information

The domain c.kindscanmeta.net registered by Adam Sorin was initially registered in March of 2015 through TLD REGISTRAR SOLUTIONS LTD. Currently this domain has been known to host various forms of malware. The hosted servers are located in Portland, Oregon within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Oregon) region datacenter.
Registrar:
TLD REGISTRAR SOLUTIONS LTD

Server location:
Oregon, United States (US)

Create date:
Monday, March 23, 2015

Expires date:
Wednesday, March 23, 2016

Updated date:
Thursday, March 26, 2015

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
kindscanmeta.net

Whois:
1 kindscanmeta.net record

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Win.Reputation.IMP, PUP.Optional.PCUtilities (M)
100.00%

avast!
Win32:MultiPlug-ZC [PUP]
16.67%

Emsisoft Anti-Malware
Gen:Trojan.Heur.JP.!DW@aGT1sDji
16.67%

Lavasoft Ad-Aware
Gen:Trojan.Heur.JP.!DW@aGT1sDji
16.67%

F-Secure
Gen:Trojan.Heur.JP.!DW@aGT1sDji
16.67%

MicroWorld eScan
Gen:Trojan.Heur.JP.!DW@aGT1sDji
16.67%

K7 AntiVirus
Trojan
16.67%

Bitdefender
Gen:Trojan.Heur.JP.!DW@aGT1sDji
16.67%

Avira AntiVirus
TR/Crypt.XPACK.Gen
16.67%

G Data
Gen:Trojan.Heur.JP.!DW@aGT1sDji
16.67%

AhnLab V3 Security
PUP/Win32.MultiPlug
16.67%

Vba32 AntiVirus
suspected of Heur.Malware-Cryptor.Multiplug
16.67%

ESET NOD32
Win32/Adware.MultiPlug.KU (variant)
16.67%

IKARUS anti.virus
PUA.Multiplug
16.67%

AVG
Adware Generic6.ATAU
16.67%

The domain c.kindscanmeta.net has been seen to resolve to the following IP address.

54.69.104.255
ec2-54-69-104-255.us-west-2.compute.amazonaws.com
July 1, 2015

File downloads found at URLs served by c.kindscanmeta.net.

1 / 68      (PUP)
http://c.kindscanmeta.net/de/?q=uJYGAExrsK q5Gr3FHNpTdKBNcG KdVp 8LOaQkMmm6Ecz0psv3f46nzgV/1rmlwuaLH6PvoLb4TzhPOnulnKmHrtCsTnNwCaksMCxzvZ2cw6PKou7H2rRsTtNWbXfLYhR23DOLLK9RolSv5nduHXcn3CSkuWWmcOuspjJOdYLf7bhb 9UowLZm6rh HLVIo4tGB erffbcFnwGNF0uplYoJeKLTjTMz2SHB1OYfKHzohZAVYJwFfIGRpyFjzVercv4qyO5MTnKltq9/CzsDDzrH01Cdj4OKz/G8BjFqA /FRPQSauPS16LQX6HmFrJx8by6/.../eP1HA1HkYOYdzKfVJR9LmAUcMDIJbIMh10SPgIb04k0JMrhKXtLqZLY4EfvkgNbiQ12  (ns414indo-360p-samehadaku.net.exe)

1 / 68      (Malware)
http://c.kindscanmeta.net/v21098?self_redirect=0&product_name= Dark Rift (E) [!]&file_size=&product_title= Dark Rift (E) [!]&installer_file_name= Dark Rift (E) [!]&product_file_name= Dark Rift (E) [!].zip&product_download_url=http://www.loveroms.com/r/Nintendo 64/.../Dark Rift (E) [!].zip  (dark rift (e) [!].exe)

1 / 68      (Malware)
http://c.kindscanmeta.net/de/?q=igNsrbhecVlPhhMhaboUJtnX/d6/YPoQSBtjopSLG3DPnziMibu78RsYf1A8rQ8nUiQ0pbBqgme2Zq6X4V2/RaSqbSJUUXvKcNU18yznO4wyI/DuxBf2pTic2S5Jy5JXPuDuDwLE25UgTn G99rBAd8HfMR2Cxn/9O288dEDqktUicdyedhM6ESd276f/kMVGJ49CCGgWPk6pdoSo zK0I7NJCFA6cN7w3JNrwN/01b2OH4Mmv3n2nDd7wQD7vFxqze/r0oxn7kbTyQ0YzZe4AsqbUL i/T5u1U43z77 b5fpPFx9gbAUczcyiMX/.../hPzHFviYVrAOjleOodno7utaZhr7r8z9W2dIjL5hqumQcHchqJBkadLV72TOuuK8LRVtzbB2cu2facCDfuYMRIZ5w  (acelogix system tuneup v4.8.0.470 serial key by www.pyaephyo.com.exe)

1 / 68      (Malware)
http://c.kindscanmeta.net/v21098?self_redirect=0&product_name= Dragonball Z - the Legacy of Goku 2 &file_size=&product_title= Dragonball Z - the Legacy of Goku 2 &installer_file_name= Dragonball Z - the Legacy of Goku 2 &product_file_name= Dragonball Z - the Legacy of Goku 2 .zip&product_download_url=http://www.loveroms.com/r/Gameboy Advance/.../Dragonball Z - the Legacy of Goku 2 GBA.zip?EsetProtoscanCtx=c383210  (-dragonball z - the legacy of goku 2.exe)

1 / 68      (Malware)
http://c.kindscanmeta.net/v21098?self_redirect=0&product_name= Pokemon - Silver Version (UE) [C][!]&file_size=&product_title= Pokemon - Silver Version (UE) [C][!]&installer_file_name= Pokemon - Silver Version (UE) [C][!]&product_file_name= Pokemon - Silver Version (UE) [C][!].zip&product_download_url=http://www.loveroms.com/r/Gameboy Color/.../Pokemon - Silver Version (UE) [C][!].zip  (-pokemon - silver version (ue) [c][!].exe)

16 / 68    (PUP)
http://c.kindscanmeta.net/v21098?self_redirect=0&product_name= Pokemon Stadium (E) (V1.1) [!]&file_size=&product_title= Pokemon Stadium (E) (V1.1) [!]&installer_file_name= Pokemon Stadium (E) (V1.1) [!]&product_file_name= Pokemon Stadium (E) (V1.1) [!].zip&product_download_url=http://www.loveroms.com/r/Nintendo 64/.../Pokemon Stadium (E) (V1.1) [!].zip  (-pokemon stadium (e) (v1.1) [!].exe)

The following 3 files have been seen to comunicate with c.kindscanmeta.net in live environments.

TCP » 54.69.104.255:80
tmp781a.tmp

TCP » 54.69.104.255:80
tmp5600.tmp

TCP » 54.69.104.255:80
tmp61f7.tmp

URL:
http://c.kindscanmeta.net/

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
ngx_openresty (PHP/5.4.37)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.