www.lpmxp24.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain www.lpmxp24.com is registered by proxy through GODADDY.COM, LLC and was originally registered in July of 2015. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Scottsdale, Arizona within the United States which resides on the GoDaddy.com, LLC network.
Registrar:
GODADDY.COM, LLC

Server location:
Arizona, United States (US)

Create date:
Monday, July 20, 2015

Expires date:
Wednesday, July 20, 2016

Updated date:
Thursday, January 7, 2016

ASN:
AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC,US

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.DIGITALPLUGINSL.M, PUP.Installer.DigitalPluginSL.F, Adware.Generic.AT (M), PUP.Softpulse.DIGITALPLUGINSL.Bundler (M), PUP.Outbrowse.BeStinsTallTLL.Installer (M), PUP.Softpulse.DigitalPlugin.Bundler (M), PUP.Softpulse.Sambamed.Bundler (M), PUP.Softpulse.DigitalP.Bundler (M), PUP.Softpulse.PluginUp.Bundler (M), PUP.Outbrowse.OTOPIASo.Bundler (M), PUP.Installa.Installer (M), PUP.Softpulse.DIGITALP.Bundler (M)
100.00%

avast!
Win32:Adware-BRD [PUP], Win32:SoftPulse-P [PUP], Win32:Adware-BRE [PUP]
19.05%

Dr.Web
Trojan.Packed.26956, Adware.Downware.6060
14.29%

VIPRE Antivirus
Threat.4150696, Threat.4783235
14.29%

MicroWorld eScan
Application.Generic.645927, Gen:Variant.Application.Bundler.5, Application.Generic.648150
14.29%

McAfee
CryptDomaIQ, PUP-FIG!E579F1BB585D
14.29%

K7 AntiVirus
Unwanted-Program , Trojan
14.29%

Agnitum Outpost
PUA.Downloader, Riskware.Agent
14.29%

Clam AntiVirus
Win.Trojan.Application-487, Win.Trojan.Application-495
14.29%

Bitdefender
Application.Generic.645927, Gen:Variant.Application.Bundler.5, Application.Generic.648150
14.29%

NANO AntiVirus
Trojan.Win32.MLW.dbbdly, Trojan.Win32.Agent.dbmimq
14.29%

Lavasoft Ad-Aware
Application.Generic.645927, Gen:Variant.Application.Bundler.5, Application.Generic.648150
14.29%

Sophos
SoftPulse
14.29%

Comodo Security
Application.Win32.Softpulse.A
14.29%

F-Secure
Application.Generic.645927, Gen:Variant.Application.Bundler, Application.Generic.648150
14.29%

The domain www.lpmxp24.com has been seen to resolve to the following 9 IP addresses.

ip-50-63-202-73.ip.secureserver.net
July 31, 2016

April 16, 2016

April 8, 2016

February 13, 2016

ec2-54-244-33-78.us-west-2.compute.amazonaws.com
August 12, 2014

ec2-54-187-235-203.us-west-2.compute.amazonaws.com
August 12, 2014

ec2-54-213-97-204.us-west-2.compute.amazonaws.com
August 7, 2014

ec2-54-186-140-71.us-west-2.compute.amazonaws.com
August 7, 2014

ec2-54-201-233-137.us-west-2.compute.amazonaws.com
July 7, 2014

File downloads found at URLs served by www.lpmxp24.com.

1 / 68      (Adware)
http://www.lpmxp24.com/.../New player.exe  (41ea081f6ee1dacda47e8af914c6e3cf)

1 / 68      (Adware)
http://www.lpmxp24.com/.../Setup.exe  (11edd38ec4eef9fc67c42ee2b66a3653)

1 / 68      (Adware)
http://www.lpmxp24.com/.../Setup.exe  (f7adb716266dc7fbc949bdf5443e5858)

1 / 68      (Adware)
http://www.lpmxp24.com/.../Setup.exe  (97ac30bdfd7fa5f9be0b590af00e9127)

1 / 68      (Adware)
http://www.lpmxp24.com/.../Player_Setup.exe  (903f008903df1f02952dc8df83366bdc)

1 / 68      (Adware)
http://www.lpmxp24.com/.../Player.exe  (5d6682b841012fd0a9c38b508537f4e8)

1 / 68      (Adware)
http://www.lpmxp24.com/.../Setup.exe  (aaf28a4821313444b1d815273d2e6055)

1 / 68      (Adware)
http://www.lpmxp24.com/.../Setup.exe  (4dbad1f2632d0e49b87b15291a9c2e94)

1 / 68      (Adware)
http://www.lpmxp24.com/.../Setup.exe  (8a9abf7d244cdde3bbd69d8183ac62f6)

1 / 68      (Adware)
http://www.lpmxp24.com/.../Setup.exe  (8526d5c2c79027094ce49ba409a41944)

1 / 68      (Adware)
http://www.lpmxp24.com/.../Setup.exe  (ea626fb5f1a85bd35c02239b20f680b5)

1 / 68      (Adware)
http://www.lpmxp24.com/.../Player.exe  (2f1dcbae1eba62752d43e5d440b06463)

1 / 68      (Adware)
http://www.lpmxp24.com/.../Setup.exe  (078b2029bc81cf9913f8bc85dbd10364)

1 / 68      (Adware)
http://www.lpmxp24.com/.../Player_Setup.exe  (2b30ef530e905a9a5eb58692e1b95b72)

1 / 68      (Adware)
http://www.lpmxp24.com/.../Setup.exe  (ee1d595a6ec6b5f5103c9d9e06731c13)

1 / 68      (Adware)
http://www.lpmxp24.com/.../Setup.exe  (89a303c17c25fba2c5665e6734e82b6c)

1 / 68      (Adware)
http://www.lpmxp24.com/.../Player.exe  (ea83ccbfe7663a24b7d3ae46bffb1b04)

3 / 68      (PUP)
http://www.lpmxp24.com/.../Setup.exe  (5a7d5ede28d50f6d9677544ec9ea0da1)

26 / 68    (Adware)
http://www.lpmxp24.com/.../Setup.exe  (222db21af13f3876841dbf86b57aa0cf)

26 / 68    (Adware)
http://www.lpmxp24.com/.../Setup.exe  (fc7851599722bdce757ef009b5f3b868)

22 / 68    (Adware)
http://www.lpmxp24.com/.../Player_Setup.exe  (1825e4b16551f1c9f138fa0df5b30efb)

The following 4 files have been seen to comunicate with www.lpmxp24.com in live environments.

URL:
http://www.lpmxp24.com/

Title:
“The checkered past of Groupon’s chairman - Fortune”

Description:
“Groupon's largest shareholder and chairman, Eric Lefkofsky, has a back story investors might want to know.”

Web server:
nginx