d.brtsekure10.com

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain d.brtsekure10.com is registered by proxy through ENOM, INC. and was originally registered in September of 2015. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Sherman Oaks, California within the United States which resides on the Unitas Global LLC network.
Registrar:
ENOM, INC.

Server location:
California, United States (US)

Create date:
Saturday, September 26, 2015

Expires date:
Monday, September 26, 2016

Updated date:
Saturday, September 26, 2015

ASN:
AS17025 ABOVENET-CUSTOMER - Abovenet Communications, Inc,US

Root domain:

Scanner detections:
Detections  (96% detected)

Scan engine
Details
Detections

avast!
Win32:Adware-gen [Adw], Win32:PUP-gen [PUP], Win32:Dropper-gen [Drp]
60.00%

ESET NOD32
Win32/Adware.CouponMarvel.Q.gen application, Generik.JARAIRX potentially unwanted application, multiple threats, Win32/DealPly.CA potentially unwanted application
56.00%

Emsisoft Anti-Malware
Gen:Variant.Mikey.27460, Gen:Variant.Adware.Mikey.27460, Application.Generic.1572538, Gen:Variant.Zusy.182582, Gen:Variant.Adware.CouponMarvel
38.00%

IKARUS anti.virus
PUA.CouponMarvel
24.00%

Qihoo 360 Security
HEUR/QVM42.1.Malware.Gen, HEUR/QVM42.0.Malware.Gen, HEUR/QVM42.0.0000.Malware.Gen
22.00%

Malwarebytes
PUP.Optional.CouponMarvel
22.00%

Norman
Gen:Variant.Adware.Mikey.27460, Application.Generic.1572538, Gen:Variant.Zusy.182582, Gen:Variant.Mikey.33205, Gen:Variant.Adware.CouponMarvel.5
22.00%

AegisLab AV Signature
Troj.Dropper.W32.StartPage
20.00%

Dr.Web
Trojan.DownLoader16.54615, infected with Trojan.DownLoader17.54903, Detection.Undefined, Adware.Shopper.1495
18.00%

Reason Heuristics
(M), PUP.Somoto.Installer (M), PUP.BundledOffer.Installer.Installer.Meta (M), PUP.NewMedia.ICDP (M)
18.00%

F-Secure
Application:W32/Generic.70053c248f!Online, Variant.Adware.Mikey, Riskware.Application.Generic.1572538, Variant.Zusy.182582
16.00%

ESET NOD32
Win32/Adware.CouponMarvel.Q.gen (variant)
16.00%

Clam AntiVirus
Win.Adware.Agent-60025, Win.Adware.Agent-1362069
16.00%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4150696, Threat.5217618
16.00%

AVG
Pakes2_c, Adware Generic7.OWY, Adware Generic7.DLD, Adware Generic7.OMT
14.00%

The domain d.brtsekure10.com has been seen to resolve to the following IP address.

3-125-232-198.static.unitasglobal.net
January 2, 2016

File downloads found at URLs served by d.brtsekure10.com.

11 / 68    (PUP)
http://d.brtsekure10.com/SecurityUtility/.../Setup.exe  (e94bf690fc90afb2b9d81a22f2eac39a)

5 / 68      (PUP)
http://d.brtsekure10.com/TomorrowGames/.../Setup.exe  (dc160eea6b3683e7fca5fc1c568f5648)

12 / 68    (PUP)
http://d.brtsekure10.com/FutureGames/.../Setup.exe  (88a6b2af4394718bc7f865cdca78063b)

8 / 68      (PUP)
http://d.brtsekure10.com/Kikblaster/.../Setup.exe  (2d59f8bc0f819696c7e7263af862aa4b)

6 / 68      (PUP)
http://d.brtsekure10.com/FlashBeat/.../Setup.exe  (132c3184ec36ecfb802a5d229c2de0e2)

20 / 68    (PUP)

3 / 68      (PUP)
http://d.brtsekure10.com/LolliScan/.../Setup.exe  (578a82204f09247a1226c46dbca228c5)

2 / 68      (PUP)
http://d.brtsekure10.com/LolyKey/.../Setup.exe  (7ffd6fd5120c07ec33861a8d882222a5)

1 / 68      (Malware)

The following 14 files have been seen to comunicate with d.brtsekure10.com in live environments.

URL:
http://d.brtsekure10.com/

Web server:
NetDNA-cache/2.2