home

ttb.dllultimatesoft.com

GoNameSales.com

Domain Information

The domain ttb.dllultimatesoft.com registered by GoNameSales.com was initially registered in March of 2015 through SOLUCIONES CORPORATIVAS IP,SLU. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Portland, Oregon within the United States which resides on the Amazon.com, Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Oregon) region datacenter.
Registrar:
GONAME-TN.COM, INC.

Server location:
Oregon, United States (US)

Create date:
Thursday, March 5, 2015

Expires date:
Saturday, March 5, 2016

Updated date:
Tuesday, October 13, 2015

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
dllultimatesoft.com

Whois:
2 dllultimatesoft.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.PaymentsInteractiveSL.F, PUP.Installer.OUTBROWSE.K, PUP.Installer.DigitalPluginSl.F, PUP.Installer.TUGUUSL.K, PUP.Installer.TuguuSL.K, PUP.Tuguu.TuguuIsrael.Bundler (M)
91.67%

AVG
Adware DomaIQ.CW, Generic, Adware Skodna.Bundle_r.Y
75.00%

Malwarebytes
PUP.Optional.DomaIQ, PUP.Optional.OutBrowse, PUP.Optional.Domalq, PUP.Optional.BundleInstaller.A
75.00%

VIPRE Antivirus
DomaIQ, Threat.4150696, Threat.4784459, Threat.4783262
75.00%

Dr.Web
Adware.Downware.3587, Adware.Downware.2081, Trojan.DownLoader11.29457, Trojan.DownLoader9.21779, Trojan.DownLoader11.4884
75.00%

Avira AntiVirus
APPL/DomaIQ.Gen, APPL/Downloader.Gen, APPL/Downloader.Gen8
75.00%

G Data
Gen:Variant.Application.Bundler.DomaIQ, MemScan:Application.Bundler.Outbrowse, Win32.Application.Outbrowse, Gen:Variant.Application.Strictor.62662
75.00%

MicroWorld eScan
Gen:Variant.Application.Bundler.DomaIQ.7, MemScan:Application.Bundler.Outbrowse.E, Gen:Variant.Application.Strictor.62662
66.67%

McAfee
PUP-FJV!B7C73AFE167C, Adware-OutBrowse, SoftPulse, PUP-FJP!07139B3E6500, CryptDomaIQ, PUP-FJP!592AF1822EE8
66.67%

K7 AntiVirus
Unwanted-Program
66.67%

Kaspersky
not-a-virus:AdWare.Win32.Lollipop, not-a-virus:AdWare.Win32.OutBrowse, not-a-virus:AdWare.Win32.Agent, not-a-virus:AdWare.MSIL.DomaIQ
66.67%

Bitdefender
Gen:Variant.Application.Bundler.DomaIQ.7, MemScan:Application.Bundler.Outbrowse.E, Gen:Variant.Application.Strictor.62662
66.67%

Lavasoft Ad-Aware
Gen:Variant.Kazy.380151, MemScan:Application.Bundler.Outbrowse.E, Gen:Variant.Application.Strictor.62662, Gen:Variant.Strictor.55983
66.67%

F-Secure
Gen:Variant.Application.Bundler, MemScan:Application.Bundler.Outbrowse, Gen:Variant.Application.Strictor, Gen:Variant.Strictor.55983
66.67%

Sophos
Generic PUA FN, OutBrowse Revenyou, Generic PUA JB, DomainIQ pay-per install, Generic PUA FA
66.67%

The domain ttb.dllultimatesoft.com has been seen to resolve to the following 3 IP addresses.

141.8.226.22
December 1, 2015

54.201.201.245
ec2-54-201-201-245.us-west-2.compute.amazonaws.com
September 3, 2014

50.112.177.75
ec2-50-112-177-75.us-west-2.compute.amazonaws.com
May 31, 2014

File downloads found at URLs served by ttb.dllultimatesoft.com.

1 / 68      (Adware)
http://ttb.dllultimatesoft.com/download/request/.../M7gVsA0f?tgu_src_lp_domain=www.dllultimatesoft.com&ClickID=02a43fc024d51d998a31247d38704d99&PubID=CD4298  (player setup.exe)

1 / 68      (Adware)
http://ttb.dllultimatesoft.com/download/request/.../M7gVsA0f?tgu_src_lp_domain=www.dllultimatesoft.com&ClickID=02a43fc024d51d998a31247d38704d99&PubID=CD4298  (player setup.exe)

33 / 68    (Adware)
http://ttb.dllultimatesoft.com/download/request/.../umDKC1uh?ClickID=97f817111a0899772b29affa1cfb4964&PubID=CD24131  (setup.exe)

33 / 68    (Adware)
http://ttb.dllultimatesoft.com/download/request/.../umDKC1uh?ClickID=b4392ca48c0601729ebe8da8f9d9b921&PubID=CD11961  (setup.exe)

34 / 68    (Adware)
http://ttb.dllultimatesoft.com/download/request/.../umDKC1uh?ClickID=b4392ca48c0601729ebe8da8f9d9b921&PubID=CD11961  (setup.exe)

33 / 68    (Adware)
http://ttb.dllultimatesoft.com/download/request/.../umDKC1uh?ClickID=e2c203ea02fe808bca079a0f3ab82073&PubID=CD24131  (setup.exe)

21 / 68    (Adware)
http://ttb.dllultimatesoft.com/download/request/.../umDKC1uh?ClickID=e2c203ea02fe808bca079a0f3ab82073&PubID=CD24131  (setup.exe)

23 / 68    (Adware)
http://ttb.dllultimatesoft.com/download/request/.../umDKC1uh?ClickID=d03a6cca0f575bbec93a912c5a859fe8&PubID=CD11961  (setup.exe)

14 / 68    (PUP)
http://ttb.dllultimatesoft.com/download/request/.../umDKC1uh?ClickID=e7c0e9778edc1d729efa984c9c7a73fa&PubID=CD11961  (setup.exe)

1 / 68      (Adware)
http://ttb.dllultimatesoft.com/download/request/.../umDKC1uh?ClickID=51f7168fa77a2f52e10a35baa572fcdc&PubID=CD11961  (setup.exe)

15 / 68    (Adware)
http://ttb.dllultimatesoft.com/download/request/.../umDKC1uh?ClickID=c37c9fc73c53ce80123e14fe0581537e&PubID=CD24131  (setup.exe)

22 / 68    (Adware)
http://ttb.dllultimatesoft.com/download/request/.../umDKC1uh?ClickID=fd226e058a485f548303a665e4d5925a&PubID=CD24131  (setup.exe)

URL:
http://ttb.dllultimatesoft.com/

Title:
“dllultimatesoft.com”

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
Apache

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.