home

ttb.lpcloudbox300.com

Milen Radumilo

Domain Information

The domain ttb.lpcloudbox300.com registered by Milen Radumilo was initially registered in May of 2016 through TUCOWS DOMAINS INC.. Currently this domain has been known to host various forms of malware. The hosted servers are located in Beaumaris, Victoria within Australia which resides on the Asia Pacific Network Information Centre network.
Registrar:
TUCOWS DOMAINS INC.

Server location:
Victoria, Australia (AU)

Create date:
Tuesday, May 31, 2016

Expires date:
Wednesday, May 31, 2017

Updated date:
Wednesday, September 14, 2016

ASN:
AS133618 TRELLIAN-AS-AP Trellian Pty. Limited,AU

Root domain:
lpcloudbox300.com

Whois:
1 lpcloudbox300.com record

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Win16.Generic
100.00%

The domain ttb.lpcloudbox300.com has been seen to resolve to the following IP address.

103.224.182.241
lb-182-241.above.com
September 15, 2016

File downloads found at URLs served by ttb.lpcloudbox300.com.

1 / 68      (Malware)
http://ttb.lpcloudbox300.com/download/request/.../v5n2NYZC?__tc=1394474084.376&lpsl=d779533ce35a90676a11ade988b6793f&expire=1394492080&tgu_src_lp_domain=www.ultimateplayersetup.com&CID=272541&ClickID=03_116506213_149d1cf8-9dc6-4d5b-8254-c38238604950&AffliateReferenceID=ams1CJv5htT5t9bYVhACGOSb8pnonIL9MiIMODQuMTI0LjI0NS44KAEw1fj3mAU.&fileName=Player_Setup  (player setup.exe)

The following 12 files have been seen to comunicate with ttb.lpcloudbox300.com in live environments.

TCP » 103.224.182.241:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 103.224.182.241:80
uplus.exe (LoadMoneyWebSite)

TCP » 103.224.182.241:80
7tkkmsa v1.5.1.exe (KMS Activator by 7pm Tech)

TCP » 103.224.182.241:80
y03fd24.tmp

TCP » 103.224.182.241:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 103.224.182.241:80
torrent-search.exe (torrent-search)

TCP » 103.224.182.241:3000
dopipjen.exe

TCP » 103.224.182.241:80
online-guardian-v2.0.9.exe

TCP » 103.224.182.241:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 103.224.182.241:80
skype_addon.crx

TCP » 103.224.182.241:3000
fzegwzshmv.exe (Mmradpzyxy nasxbzmaqh epdrtoxayhvufidy xwldikaaz fvfm by Yyqlkf gweeginvoxdfd dcaliect mmvqzaspb ryitflkjseyc zsiydrsyv)

TCP » 103.224.182.241:3000
fuheabyq.exe

URL:
http://ttb.lpcloudbox300.com/

Title:
“lpcloudbox300.com”

Web server:
nginx

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.