The domain downprov1.amber1graph.com registered by Whois Privacy Corp. was initially registered in January of 2015 through TLD REGISTRAR SOLUTIONS LTD. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Singapore, Singapore within Singapore which resides on the CloudFlare, Inc. network. The domain uses the CloudFlare CDN, a distributed domain name server service which utilizes a number of reverse proxy IP Addresses (see below).
Registrant:
Whois Privacy Corp.
Registrar:
TLD REGISTRAR SOLUTIONS LTD
Server location:
Singapore, Singapore (SG)
Create date:
Saturday, January 10, 2015
Expires date:
Sunday, January 10, 2016
Updated date:
Friday, January 30, 2015
ASN:
AS13335 CLOUDFLARENET - CloudFlare, Inc.,US
Scanner detections:
Detections (67% detected)
Scan engine
Details
Detections
VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra, Threat.4657539
95.24%
Comodo Security
Application.Win32.LoadMoney.IARS
76.19%
AhnLab V3 Security
PUP/Win32.Amonetize
57.14%
avast!
Win32:Rootkit-gen [Rtk], Adware-gen [Adw], Malware-gen, Win32:Malware-gen
47.62%
Trend Micro House Call
Suspicious_GEN.F47V0131, Suspicious_GEN.F47V0201, Suspicious_GEN.F47V0129, Suspicious_GEN.F47V0202, TROJ_GEN.R021C0ECL15
42.86%
Baidu Antivirus
PUA.Win32.Amonetize, Adware.Win32.Amonetize
38.10%
ESET NOD32
Win32/Amonetize.DJ potentially unwanted, Win32/Amonetize.DK potentially unwanted
33.33%
Kaspersky
UDS:DangerousObject.Multi.Generic, not-a-virus:HEUR:AdWare.Win32.Amonetize, not-a-virus:AdWare.Win32.Amonetize
28.57%
Panda Antivirus
Generic Suspicious, Trj/CI.A
23.81%
ESET NOD32
Win32/Amonetize.DK potentially unwanted application
23.81%
Qihoo 360 Security
HEUR/QVM16.0.Malware.Gen, HEUR/QVM42.0.Malware.Gen, Win32/Virus.Adware.7ba, Win32/Virus.Adware.8db
19.05%
Avira AntiVirus
Adware/Amonetize.304109, Adware/Amonetize.kpa, Adware/Amonetize.304042, Adware/Amonetize.304395
19.05%
McAfee
Artemis!C7FFA2AA4F4C, Artemis!343FC18A3C61, Artemis!C5321B68A28B, RDN/Generic PUP.x!c2m
19.05%
Reason Heuristics
Adware.Bundler, PUP.Amonetize, Adware.Amonetize.ET (M)
14.29%
K7 AntiVirus
Unwanted-Program , Trojan
14.29%
The domain downprov1.amber1graph.com has been seen to resolve to the following 4 IP addresses.
File downloads found at URLs served by downprov1.amber1graph.com.
URL:
http://downprov1.amber1graph.com/
SSL certificate subject:
CN=sni21141.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated
SSL certificate issuer:
CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
Web server:
cloudflare-nginx