downprov1.amber1graph.com

Whois Privacy Corp.

Domain Information

The domain downprov1.amber1graph.com registered by Whois Privacy Corp. was initially registered in January of 2015 through TLD REGISTRAR SOLUTIONS LTD. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Singapore, Singapore within Singapore which resides on the CloudFlare, Inc. network. The domain uses the CloudFlare CDN, a distributed domain name server service which utilizes a number of reverse proxy IP Addresses (see below).
Registrar:
TLD REGISTRAR SOLUTIONS LTD

Server location:
Singapore, Singapore (SG)

Create date:
Saturday, January 10, 2015

Expires date:
Sunday, January 10, 2016

Updated date:
Friday, January 30, 2015

ASN:
AS13335 CLOUDFLARENET - CloudFlare, Inc.,US

Root domain:

Scanner detections:
Detections  (67% detected)

Scan engine
Details
Detections

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra, Threat.4657539
95.24%

Comodo Security
Application.Win32.LoadMoney.IARS
76.19%

AhnLab V3 Security
PUP/Win32.Amonetize
57.14%

avast!
Win32:Rootkit-gen [Rtk], Adware-gen [Adw], Malware-gen, Win32:Malware-gen
47.62%

Trend Micro House Call
Suspicious_GEN.F47V0131, Suspicious_GEN.F47V0201, Suspicious_GEN.F47V0129, Suspicious_GEN.F47V0202, TROJ_GEN.R021C0ECL15
42.86%

Baidu Antivirus
PUA.Win32.Amonetize, Adware.Win32.Amonetize
38.10%

ESET NOD32
Win32/Amonetize.DJ potentially unwanted, Win32/Amonetize.DK potentially unwanted
33.33%

Kaspersky
UDS:DangerousObject.Multi.Generic, not-a-virus:HEUR:AdWare.Win32.Amonetize, not-a-virus:AdWare.Win32.Amonetize
28.57%

Panda Antivirus
Generic Suspicious, Trj/CI.A
23.81%

ESET NOD32
Win32/Amonetize.DK potentially unwanted application
23.81%

Qihoo 360 Security
HEUR/QVM16.0.Malware.Gen, HEUR/QVM42.0.Malware.Gen, Win32/Virus.Adware.7ba, Win32/Virus.Adware.8db
19.05%

Avira AntiVirus
Adware/Amonetize.304109, Adware/Amonetize.kpa, Adware/Amonetize.304042, Adware/Amonetize.304395
19.05%

McAfee
Artemis!C7FFA2AA4F4C, Artemis!343FC18A3C61, Artemis!C5321B68A28B, RDN/Generic PUP.x!c2m
19.05%

Reason Heuristics
Adware.Bundler, PUP.Amonetize, Adware.Amonetize.ET (M)
14.29%

K7 AntiVirus
Unwanted-Program , Trojan
14.29%

The domain downprov1.amber1graph.com has been seen to resolve to the following 4 IP addresses.

November 13, 2015

November 13, 2015

May 4, 2015

May 4, 2015

File downloads found at URLs served by downprov1.amber1graph.com.

17 / 68    (PUP)
http://downprov1.amber1graph.com/p/.../wii backup launcher 4.2u_10924_i25911992_il345.exe  (microsoft office 2010 gratis en español completo para windows 7 crack_10924_i25910286_il345.exe)

8 / 68      (PUP)
http://downprov1.amber1graph.com/p/.../autodata 3.38 pl crack chomikuj_10924_i26460987_il345.exe  (broken sword 5 episode 2 crack fix_10924_i26460126_il345.exe)

8 / 68      (PUP)

3 / 68      (PUP)
http://downprov1.amber1graph.com/p/.../wooden bbq_10924_i24821932_il345.exe  (winamp pro v5.70.3392 incl.rar_10924_i24817152_il345.exe)

4 / 68      (inconclusive)

4 / 68      (PUP)

6 / 68      (PUP)
http://downprov1.amber1graph.com/p/.../beautiful maria of my soul_10924_i27553993_il345.exe  (driver hp laserjet p2035 win7 64bit_10924_i27549680_il345.exe)

3 / 68      (PUP)

3 / 68      (PUP)

6 / 68      (PUP)

6 / 68      (PUP)

3 / 68      (inconclusive)

3 / 68      (inconclusive)
http://downprov1.amber1graph.com/p/.../frank ocean channel orange datpiff_10924_i27317523_il345.exe  (frank ocean channel orange datpiff_10924_i27317700_il345.exe)

2 / 68      (inconclusive)

2 / 68      (inconclusive)

3 / 68      (inconclusive)

3 / 68      (inconclusive)
http://downprov1.amber1graph.com/p/.../halo 3 blender models_10924_i26858071_il345.exe  (portrait professional studio 9 keygen_10924_i26858492_il345.exe)

11 / 68    (PUP)

14 / 68    (Adware)

7 / 68      (PUP)

6 / 68      (PUP)

6 / 68      (PUP)

1 / 68      (inconclusive)

URL:
http://downprov1.amber1graph.com/

SSL certificate subject:
CN=sni21141.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
cloudflare-nginx