home

download.trustcase.org

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain download.trustcase.org is registered by proxy through GoDaddy.com, LLC (R91-LROR). This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dublin, Dublin City within Ireland which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the EU (Ireland) region datacenter.
Registrar:
GoDaddy.com, LLC (R91-LROR)

Server location:
Dublin City, Ireland (IE)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
trustcase.org

Whois:
1 trustcase.org record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.FastDownloads.T, PUP.Installer.installCore, PUP.installCore.DownloadShip.Installer (M), PUP.installCore.DownloadSafely.Installer (M), PUP.installCore.DownloadSphere.Installer (M), PUP.installCore.SpeedyDo.Installer (M), PUP.installCore.Download.Installer (M)
100.00%

ESET NOD32
Win32/InstallCore.QB potentially unwanted application, Win32/InstallCore.WQ potentially unwanted application
37.50%

Dr.Web
Adware.Downware.8397, Trojan.InstallCore.61
37.50%

VIPRE Antivirus
Threat.4786018, Threat.4150696
37.50%

AVG
Generic
37.50%

herdProtect (fuzzy)
a variant of 09b2b4b3824660632b77dc4e694d8163b8a2bd90, a variant of 707eeefd22ae5a8e1a6dce4176b97bbc98fe687e
25.00%

Avira AntiVirus
TR/Dropper.Gen
25.00%

K7 AntiVirus
Trojan
25.00%

F-Secure
Gen:Variant.Kazy.311539
25.00%

F-Prot
W32/InstallCore.AC.gen
12.50%

Comodo Security
Application.Win32.InstallCore.KG
12.50%

Bkav FE
W32.HfsAdware
12.50%

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
12.50%

The domain download.trustcase.org has been seen to resolve to the following 4 IP addresses.

54.246.158.90
ec2-54-246-158-90.eu-west-1.compute.amazonaws.com
August 11, 2015

54.76.79.255
ec2-54-76-79-255.eu-west-1.compute.amazonaws.com
August 11, 2015

162.159.244.195
September 28, 2014

162.159.243.195
September 28, 2014

File downloads found at URLs served by download.trustcase.org.

1 / 68      (Adware)
http://download.trustcase.org/download/300/.../  (free_download_setup.exe)

1 / 68      (Adware)
http://download.trustcase.org/download/300/.../  (free_download_setup.exe)

1 / 68      (Adware)
http://download.trustcase.org/download/300/.../  (free_download_setup.exe)

11 / 68    (Adware)
http://download.trustcase.org/download/300/.../  (free_download_setup.exe)

1 / 68      (Adware)
http://download.trustcase.org/download/300/.../  (free_download_setup.exe)

2 / 68      (Adware)
http://download.trustcase.org/download/300/.../  (free_download_setup.exe)

8 / 68      (Adware)
http://download.trustcase.org/download/300/.../  (free_download_setup.exe)

7 / 68      (Adware)
http://download.trustcase.org/download/300/.../  (free_download_setup.exe)

URL:
http://download.trustcase.org/

Title:
“TrustCase |”

Network:
Amazon Web Services (AWS), running an EC2 instance

SSL certificate subject:
CN=ssl4531.cloudflare.com, O="CloudFlare, Inc.", L=San Francisco, S=CA, C=US

SSL certificate issuer:
CN=GlobalSign Organization Validation CA - G2, O=GlobalSign nv-sa, C=BE

Web server:
Apache/2.4.7 (Ubuntu) (PHP/5.5.9-1ubuntu4)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.