home

squid.cluster6.ambergraph.com

Whois Privacy Corp.

Domain Information

The domain squid.cluster6.ambergraph.com registered by Whois Privacy Corp. was initially registered in December of 2014 through TLD REGISTRAR SOLUTIONS LTD. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Singapore, Singapore within Singapore which resides on the CloudFlare, Inc. network. The domain uses the CloudFlare CDN, a distributed domain name server service which utilizes a number of reverse proxy IP Addresses (see below).
Registrar:
TLD REGISTRAR SOLUTIONS LTD

Server location:
Singapore, Singapore (SG)

Create date:
Wednesday, December 10, 2014

Expires date:
Thursday, December 10, 2015

Updated date:
Wednesday, December 10, 2014

ASN:
AS13335 CLOUDFLARENET - CloudFlare, Inc.,US

Root domain:
ambergraph.com

Whois:
1 ambergraph.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

avast!
Win32:Malware-gen
100.00%

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
100.00%

AVG
Generic
100.00%

Reason Heuristics
PUP.Installer.AMGRUP.
100.00%

Bkav FE
HW32.Packed
100.00%

MicroWorld eScan
Trojan.GenericKD.2067331
100.00%

nProtect
Trojan.GenericKD.2067331
100.00%

K7 AntiVirus
Trojan
100.00%

NANO AntiVirus
Trojan.Win32.Adfltnet.dlsvsx
100.00%

Trend Micro House Call
Suspicious_GEN.F47V0107
100.00%

Bitdefender
Trojan.GenericKD.2067331
100.00%

Lavasoft Ad-Aware
Trojan.GenericKD.2067331
100.00%

Emsisoft Anti-Malware
Trojan.GenericKD.2067331
100.00%

F-Secure
Trojan.GenericKD.2067331
100.00%

Dr.Web
Trojan.Adfltnet.70
100.00%

The domain squid.cluster6.ambergraph.com has been seen to resolve to the following 2 IP addresses.

104.28.4.58
May 4, 2015

104.28.5.58
May 4, 2015

File downloads found at URLs served by squid.cluster6.ambergraph.com.

25 / 68    (Adware)
http://squid.cluster6.ambergraph.com/download.php?version=1.1.8.22&campid=10924&instid[appname]=Dual Core Fix.7z_Downloader&instid[appsetupurl]=http://go.bragdownload.com/getfast/download.cgi?9&ti1=2485000&ti2=1&ti3=2015-01-10T09:33:25.322669 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.bragdownload.com/d1/logo150x150.png&prefix=Dual Core Fix.7z&instid[thankyoupage]=http://download.bragdownload.com/.../thank_you.php?ti1=2485000&ti2=1&ti3=2015-01-10T09:33:25.322669 00:00&parameter=Dual Core Fix.7z&instid[interrupted]=http://download.bragdownload.com/.../interrupted.php?ti1=2485000&ti2=1&ti3=2015-01-10T09:33:25.322669 00:00&parameter=Dual Core Fix.7z&ti1=2485000&ti2=1&ti3=2015-01-10T09:33:25.322669 00:00  (standard ide ata atapi controllers__10924_i1440765571_il523012.exe)

URL:
http://squid.cluster6.ambergraph.com/

Web server:
cloudflare-nginx (PHP/5.3.3)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.