home

lp002.blupak.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain lp002.blupak.com is registered by proxy through GODADDY.COM, LLC and was originally registered in March of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Zurich, Zurich within Switzerland which resides on the RIPE Network Coordination Centre network.
Registrar:
GODADDY.COM, LLC

Server location:
Zurich, Switzerland (CH)

Create date:
Wednesday, March 27, 2013

Expires date:
Sunday, March 27, 2016

Updated date:
Monday, May 11, 2015

ASN:
AS19905 NEUSTAR-AS6 - NeuStar, Inc.,US

Root domain:
blupak.com

Whois:
1 blupak.com record

Scanner detections:
Detections  (94% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.BluPakSoftware.Installer (M), PUP.TapGamez.TAPGAMEZ2013.Installer (M), PUP.TapGamez.TapGamez2013.Installer (M), PUP.BluPakSo.Installer (M), PUP.TapGamez.Installe.Installer (M), PUP.TapGamez (M)
100.00%

ESET NOD32
Win32/Adware.TrueDownloader.A application
41.18%

avast!
Win32:Adware-gen [Adw], Win32:Malware-gen
41.18%

VIPRE Antivirus
Threat.5065747
41.18%

K7 AntiVirus
Adware
41.18%

Agnitum Outpost
PUA.TrueDownloader
41.18%

Avira AntiVirus
ADWARE/TrueDownloader.Gen, TR/Agent.386648, Adware/TrueDown.glo, TR/Kazy.kjh
41.18%

IKARUS anti.virus
PUA.TrueDownloader, Trojan.Kazy
41.18%

AVG
Generic, Generic6
41.18%

SUPERAntiSpyware
Trojan.Agent/Gen-Kazy
23.53%

McAfee
Program.PUP-FUS
17.65%

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.176518
17.65%

Dr.Web
Adware.Downware.9723, Adware.Downware.10581, Adware.Downware.10890
17.65%

F-Secure
Gen:Variant.Adware.Graftor
17.65%

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.176518
17.65%

The domain lp002.blupak.com has been seen to resolve to the following 2 IP addresses.

208.73.211.70
May 19, 2016

141.8.224.239
August 11, 2015

File downloads found at URLs served by lp002.blupak.com.

1 / 68      (PUP)
http://lp002.blupak.com/.../Setup.exe  (a233b3ef0b3411509c39c9500cd859bf)

1 / 68      (PUP)
http://lp002.blupak.com/.../Setup.exe  (07bf8e960a1f55e88c533dcfdd22f5b3)

0 / 68
http://lp002.blupak.com/.../setup.exe  (setupimgburn_2.4.4.0.exe)

1 / 68      (PUP)
http://lp002.blupak.com/.../Setup.exe  (28e60d20c0c28012c523d8023cd3a18c)

1 / 68      (PUP)
http://lp002.blupak.com/.../Setup.exe  (f08e92dfea6631844263ef345d44fb96)

1 / 68      (PUP)
http://lp002.blupak.com/.../Setup.exe  (f24f82956a6085a195e2e1c5e2e272a5)

1 / 68      (PUP)
http://lp002.blupak.com/.../Setup.exe  (00b9246e7276369b9091f173fdf23ab5)

1 / 68      (PUP)
http://lp002.blupak.com/.../Setup.exe  (e29a98bca06178c2537bf2968c516ffe)

1 / 68      (PUP)
http://lp002.blupak.com/.../Setup.exe  (24a7f0fba1dc376d965a8a25e54d6557)

1 / 68      (PUP)
http://lp002.blupak.com/.../Setup.exe  (3cc1b959c35e16b05ce5706a3e95f62a)

10 / 68    (PUP)
http://lp002.blupak.com/.../Setup.exe  (0b8fe4c9f1373db7f49eb345368f009a)

10 / 68    (PUP)
http://lp002.blupak.com/.../Setup.exe  (f99efc98d5286eae504edce8b9265d0c)

10 / 68    (PUP)
http://lp002.blupak.com/.../Setup.exe  (ed9652f028afa51c62726a4abe63392f)

29 / 68    (PUP)
http://lp002.blupak.com/.../Setup.exe  (78e0a13e5cc52cba9d5445e10dc7bcf0)

27 / 68    (PUP)
http://lp002.blupak.com/.../Setup.exe  (8f00ae433191ae250f002ce0d09c2127)

1 / 68      (PUP)
http://lp002.blupak.com/.../Setup.exe  (9f09a76ffc5a2e62f733bf88ffad3a8e)

10 / 68    (PUP)
http://lp002.blupak.com/.../Setup.exe  (84ad38182573818b4585398d724b0ad6)

25 / 68    (PUP)
http://lp002.blupak.com/.../Setup.exe  (1b70d4b2b4df5df3a4b2eb3cd5ae704c)

The following 5 files have been seen to comunicate with lp002.blupak.com in live environments.

TCP » 141.8.224.239:80
dislike.crx

TCP » 141.8.224.239:443
droppad.crx

TCP » 208.73.211.70:80
videostream-elfana.crx

TCP » 208.73.211.70:443
droppad.crx

TCP » 208.73.211.70:443
droppad.crx

URL:
http://lp002.blupak.com/

Title:
“blupak.com”

Web server:
Apache

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.