The domain ttb.lpmxp2136.com is registered by proxy through SOLUCIONES CORPORATIVAS IP,SLU and was originally registered in August of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Portland, Oregon within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Oregon) region datacenter.
Registrant:
Only contact by email, all postal mail will be rejected
Registrar:
SOLUCIONES CORPORATIVAS IP,SLU
Server location:
Oregon, United States (US)
Create date:
Wednesday, August 13, 2014
Expires date:
Thursday, August 13, 2015
Updated date:
Wednesday, August 13, 2014
ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US
Scanner detections:
Detections (100% detected)
Scan engine
Details
Detections
Reason Heuristics
PUP.Installer.DigitalPluginSl.F, PUP.Installer.VideoPluginsoftwareSL.F, PUP.Softpulse.Bundler, PUP.Softpulse.DigitalPluginSl.Bundler (M), PUP.Outbrowse.marImaRa.Bundler (M), Threat.Win.Reputation.IMP, PUP.Softpulse.DigitalPlugin.Bundler (M), PUP.Softpulse.DigitalP.Bundler (M), PUP.installCore.AVSoftwa.Installer (M), PUP.SoftPulse.YumonSys.Installer (M), PUP.Outbrowse.OTOPIASo.Bundler (M), Win32.Generic, PUP.Softpulse (M)
100.00%
Malwarebytes
PUP.Optional.MultiPlug, PUP.Optional.SmartSec, PUP.Optional.InstallCore
12.00%
Kaspersky
not-a-virus:AdWare.Win32.Agent, Trojan.Win32.Inject, not-a-virus:AdWare.Win32.SoftPulse, not-a-virus:Downloader.Win32.Agent
10.00%
Dr.Web
Trojan.DownLoader11.29457, Adware.SoftPules.3
10.00%
Emsisoft Anti-Malware
Gen:Variant.Application.Strictor.62662, Gen:Variant.Zusy.105611, Gen:Variant.Adware.Symmi.49537, Gen:Variant.Adware.Symmi.46906
10.00%
avast!
Win32:SoftPulse-AC [PUP], Win32:Adware-gen [Adw], Win32:SoftPulse-BE [PUP], Win32:SoftPulse-AH [PUP]
10.00%
ESET NOD32
Win32/SoftPulse.H potentially unwanted application, Win32/SoftPulse.S potentially unwanted application, Win32/SoftPulse.O potentially unwanted application
10.00%
VIPRE Antivirus
Threat.4783235, Trojan.Win32.Generic, Threat.4150696
10.00%
MicroWorld eScan
Gen:Variant.Application.Strictor.62662, Gen:Variant.Symmi.46906, Gen:Variant.Graftor.165890, Gen:Variant.Adware.Symmi.46906
10.00%
McAfee
SoftPulse, Program.SoftPulse
10.00%
Zillya! Antivirus
Adware.Agent.Win32.11838, Adware.SoftPulse.Win32.14
10.00%
K7 AntiVirus
Unwanted-Program
10.00%
NANO AntiVirus
Trojan.Win32.SoftPulse.deipgw, Trojan.Win32.DriverUpd.djmoky
10.00%
Bitdefender
Gen:Variant.Application.Strictor.62662, Gen:Variant.Symmi.46906, Gen:Variant.Graftor.165890, Gen:Variant.Adware.Symmi.46906
10.00%
Agnitum Outpost
PUA.Agent, Riskware.Agent
10.00%
The domain ttb.lpmxp2136.com has been seen to resolve to the following 9 IP addresses.
ec2-54-148-246-124.us-west-2.compute.amazonaws.com
December 1, 2014
ec2-54-68-93-108.us-west-2.compute.amazonaws.com
December 1, 2014
ec2-54-201-55-228.us-west-2.compute.amazonaws.com
November 29, 2014
ec2-54-69-13-93.us-west-2.compute.amazonaws.com
November 29, 2014
ec2-54-191-168-46.us-west-2.compute.amazonaws.com
November 3, 2014
ec2-54-187-20-120.us-west-2.compute.amazonaws.com
October 24, 2014
ec2-54-69-224-206.us-west-2.compute.amazonaws.com
October 20, 2014
ec2-50-112-131-232.us-west-2.compute.amazonaws.com
September 2, 2014
ec2-54-187-228-136.us-west-2.compute.amazonaws.com
August 28, 2014
File downloads found at URLs served by ttb.lpmxp2136.com.
Latest 30 of 57 download URLs
URL:
http://ttb.lpmxp2136.com/
Network:
Amazon Web Services (AWS), running an EC2 instance
Web server:
nginx (PHP/5.3.10-1ubuntu3.12)