home

ttb.lpcloudsvr402.com

Domain Information

Server location:
Northern Ireland, United Kingdom (GB)

Root domain:
lpcloudsvr402.com

Scanner detections:
Detections  (92% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Tuguu.tuguusl.Bundler (M), PUP.NewMedia.NMH.Bundler (M), PUP.Tuguu (M)
100.00%

The domain ttb.lpcloudsvr402.com has been seen to resolve to the following IP address.

92.242.140.21
unallocated.barefruit.co.uk
May 4, 2015

File downloads found at URLs served by ttb.lpcloudsvr402.com.

1 / 68      (Adware)
http://ttb.lpcloudsvr402.com/download/request/.../UD79NFnL?__tc=1390695810.019&subid=3336979944&PubID=[VALUE]&tgu_src_lp_domain=www.getsoftdll.com  (setup.exe)

1 / 68      (Adware)
http://ttb.lpcloudsvr402.com/download/request/.../UD79NFnL?__tc=1390456214.151&subid=3277577620&PubID=[VALUE]&tgu_src_lp_domain=www.getsoftdll.com  (setup.exe)

1 / 68      (Adware)
http://ttb.lpcloudsvr402.com/download/request/.../preLs6om?__tc=1390486891.138&SiteID=272&tgu_src_lp_domain=www.filenaut.com  (setup.exe)

1 / 68      (Adware)
http://ttb.lpcloudsvr402.com/download/request/.../UD79NFnL?__tc=1390350289.015&subid=3255004386&PubID=[VALUE]&tgu_src_lp_domain=www.getsoftdll.com  (setup.exe)

1 / 68      (Adware)
http://ttb.lpcloudsvr402.com/download/request/.../UD79NFnL?__tc=1390344560.22&subid=3253870848&PubID=[VALUE]&tgu_src_lp_domain=www.getsoftdll.com  (setup.exe)

1 / 68      (Adware)
http://ttb.lpcloudsvr402.com/download/request/.../UD79NFnL?__tc=1390699840.701&subid=3337952944&PubID=[VALUE]&tgu_src_lp_domain=www.getsoftdll.com  (setup.exe)

1 / 68      (Adware)
http://ttb.lpcloudsvr402.com/download/request/.../VoPULcim?__tc=1390583074.056&utm_source=Advertisedotcom&utm_term=walmart&tgu_src_lp_domain=www.filesbunker.com&utm_medium=CPC&utm_campaign=VoPULcim&utm_content=63841-nosubid  (setup.exe)

1 / 68      (Adware)
http://ttb.lpcloudsvr402.com/download/request/.../VoPULcim?__tc=1390583081.082&utm_source=Advertisedotcom&utm_term=walmart&tgu_src_lp_domain=www.filesbunker.com&utm_medium=CPC&utm_campaign=VoPULcim&utm_content=63841-nosubid  (setup.exe)

1 / 68      (Adware)
http://ttb.lpcloudsvr402.com/download/request/.../UD79NFnL?__tc=1390328915.458&subid=3249613142&PubID=[VALUE]&tgu_src_lp_domain=www.getsoftdll.com  (setup.exe)

1 / 68      (Adware)
http://ttb.lpcloudsvr402.com/download/request/.../UD79NFnL?__tc=1390445882.116&subid=3275782786&PubID=[VALUE]&tgu_src_lp_domain=www.getsoftdll.com  (setup.exe)

1 / 68      (Adware)
http://ttb.lpcloudsvr402.com/download/request/.../VoPULcim?__tc=1390322422&utm_source=Advertisedotcom&utm_term=youtube&tgu_src_lp_domain=www.filesbunker.com&utm_medium=CPC&utm_campaign=VoPULcim&utm_content=63640-4300_1008_us  (setup.exe)

1 / 68      (Adware)
http://ttb.lpcloudsvr402.com/download/request/.../VoPULcim?__tc=1390322447.426&utm_source=Advertisedotcom&utm_term=youtube&tgu_src_lp_domain=www.filesbunker.com&utm_medium=CPC&utm_campaign=VoPULcim&utm_content=63640-4300_1008_us  (setup.exe)

0 / 68
http://ttb.lpcloudsvr402.com/download/request/.../VoPULcim?__tc=1390355099.221&utm_source=Advertisedotcom&utm_term=please update browser&tgu_src_lp_domain=www.filesbunker.com&utm_medium=CPC&utm_campaign=VoPULcim&utm_content=63640-1700_1024_us  (setup.exe)

The following 230 files have been seen to comunicate with ttb.lpcloudsvr402.com in live environments.

TCP » 92.242.140.21:80
smelled.exe (Smelled)

TCP » 92.242.140.21:443
dca-monitoring.exe (Compete DCA Monitoring Tool by Compete)

TCP » 92.242.140.21:80
marini.exe (Marini)

TCP » 92.242.140.21:443
client.exe (ClientWrapper)

TCP » 92.242.140.21:80
thebrowser.exe (TheBrowser by Goobzo)

TCP » 92.242.140.21:443
dca-monitoring.exe (Compete DCA Monitoring Tool by Compete)

TCP » 92.242.140.21:443
WindowService.exe (WindowService)

TCP » 92.242.140.21:443
ciuninstall.exe

TCP » 92.242.140.21:1866
jutched.exe

TCP » 92.242.140.21:443
dca-monitoring.exe (Compete DCA Monitoring Tool by Compete)

TCP » 92.242.140.21:80
masterupdater.exe

TCP » 92.242.140.21:80
pricemeterexpress.crx

TCP » 92.242.140.21:80
chrome.crx

TCP » 92.242.140.21:80
app-center.crx

TCP » 92.242.140.21:80
ntp.crx

TCP » 92.242.140.21:80
3dayinvite.crx

TCP » 92.242.140.21:80
twitter.crx

TCP » 92.242.140.21:80
viewlater.crx

TCP » 92.242.140.21:80
rss.crx

TCP » 92.242.140.21:80
datapump.crx

 
Latest 20 of 230 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.