The domain www.lpcloudsvr401.com registered by Domain Registries Foundation was initially registered in November of 2015 through SOLUCIONES CORPORATIVAS IP,SLU. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Portland, Oregon within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Oregon) region datacenter.
Registrant:
Domain Registries Foundation
Registrar:
GODADDY.COM, LLC
Server location:
Oregon, United States (US)
Create date:
Wednesday, November 11, 2015
Expires date:
Friday, November 11, 2016
Updated date:
Wednesday, November 11, 2015
ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.
Scanner detections:
Detections (82% detected)
Scan engine
Details
Detections
Reason Heuristics
PUP.Installer.tuguusl.F, PUP.Bundler.Tuguu, PUP.NewMedia.Installer.Installer (M), PUP.Softpulse.DIGITALPLUGINU.Installer (M), PUP.Tuguu.tuguusl.Bundler (M)
80.00%
McAfee
Artemis!D4B5325B4C72, CryptDomaIQ, Program.CryptDomaIQ, Artemis!C59C262EF094, Artemis!05F6E2A07415
50.00%
IKARUS anti.virus
AdWare.DomaIQ, PUA.DomaIQ, Trojan-Downloader.Agent, PUA.InstallCore
50.00%
Microsoft Security Essentials
Worm:Win32/NeksMiner.A, Threat.Undefined, TrojanDownloader:Win32/Unlacehi.A
40.00%
Malwarebytes
PUP.Optional.BundleInstaller.A, PUP.Optional.Domalq, PUP.Optional.InstallCore
40.00%
Sophos
DomainIQ pay-per install, PUA 'DomainIQ pay-per install', Install Core Click run software (PUA)
40.00%
Dr.Web
Trojan.DownLoader9.24409, Trojan.MulDrop5.9989, Trojan.DownLoader9.21779, Trojan.Installcore.633
40.00%
VIPRE Antivirus
DomaIQ, Trojan.Win32.Generic, Threat.4783262, InstallCore
40.00%
Avira AntiVirus
APPL/DomaIQ.Gen, Adware/MSIL.DomaIQ.amvu.1, PUA/DomaIQ.Gen, TR/Dldr.Agent.33754
40.00%
AVG
Skodna.Bundle_r.Z, Adware DomaIQ.V, Adware Skodna.Bundle_r.Y, Generic
40.00%
K7 AntiVirus
Unwanted-Program , Riskware , Adware
40.00%
Agnitum Outpost
PUA.DomaIQ
30.00%
avast!
Win32:DomaIQ-BE [PUP], DomaIQ-CC [PUP], PUP-gen [PUP]
30.00%
Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
30.00%
NANO AntiVirus
Riskware.Win32.DomaIQ.cthefp, Trojan.Win32.DomaIQ.cwydit, Trojan.Win32.DomaIQ.ctadmg
30.00%
The domain www.lpcloudsvr401.com has been seen to resolve to the following 8 IP addresses.
ec2-54-213-71-128.us-west-2.compute.amazonaws.com
November 10, 2014
ec2-54-186-187-58.us-west-2.compute.amazonaws.com
November 10, 2014
ec2-54-218-30-251.us-west-2.compute.amazonaws.com
April 4, 2014
ec2-54-201-9-67.us-west-2.compute.amazonaws.com
April 4, 2014
ec2-54-201-189-9.us-west-2.compute.amazonaws.com
April 4, 2014
ec2-54-200-4-93.us-west-2.compute.amazonaws.com
April 4, 2014
ec2-54-201-153-98.us-west-2.compute.amazonaws.com
April 4, 2014
File downloads found at URLs served by www.lpcloudsvr401.com.
The following 4 files have been seen to comunicate with www.lpcloudsvr401.com in live environments.
URL:
http://www.lpcloudsvr401.com/
Title:
“lpcloudsvr401.com”
Network:
Amazon Web Services (AWS), running an EC2 instance
Statistics are for the previous month.