home

post.securestudies.com

TMRG, Inc

Domain Information

The domain post.securestudies.com registered by TMRG, Inc was initially registered in August of 2005 through MARKMONITOR INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Sterling, Virginia within the United States which resides on the Savvis network.
Registrar:
MARKMONITOR INC.

Server location:
Virginia, United States (US)

Create date:
Wednesday, August 17, 2005

Expires date:
Wednesday, August 17, 2016

Updated date:
Friday, July 17, 2015

Root domain:
securestudies.com

Whois:
1 securestudies.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Kaspersky
not-a-virus:AdWare.Win32.Agent, not-a-virus:WebToolbar.Win32.RK, Virus.Win32.Sality, Virus.Win32.Slugin
80.00%

Dr.Web
BackDoor.Mailbot.227, Adware.Relevant.101, Win32.Sector.30, Adware.Relevant.101, Win32.Wplugin.2
80.00%

avast!
Win32:Relevant-AB [PUP], Win32:Relevant-X [PUP], Win32:Sality, Win32:Patched-JI
80.00%

Reason Heuristics
PUP.VoiceFive.I, Threat.Win.Reputation.IMP, PUP.TMRG.Installer (M), PUP.TMRG.VoiceFiv.Installer (M)
80.00%

F-Prot
W32/Adware.AKSC, W32/Sality.E.gen, W32/Slugin.B
60.00%

VIPRE Antivirus
Marketscore.RelevantKnowledge, Threat.4721115, Threat.4314870
60.00%

McAfee
Artemis!F7C2F8F288A1, Virus.W32/Sality.gen.z, Virus.W32/Wplugin
60.00%

Emsisoft Anti-Malware
Application.Generic.964608, Win32.Sality, Adware.RelevantKnowledge
60.00%

Malwarebytes
Adware.PremierOpinion
40.00%

K7 AntiVirus
Adware , Unwanted-Program
40.00%

Trend Micro House Call
TROJ_GEN.R0CBH07IO13, TROJ_GEN.F47V0225
40.00%

Comodo Security
UnclassifiedMalware, ApplicUnwnt
40.00%

ESET NOD32
Win32/Adware.MarketScore (variant), Win32/Adware.RK.AG (variant)
40.00%

AVG
RelevantKnowledge, Win32/Slugin.A
40.00%

Norman
Application.Generic.964608, Adware.RelevantKnowledge.I
40.00%

The domain post.securestudies.com has been seen to resolve to the following IP address.

165.193.78.234
post.securestudies.com
January 4, 2016

File downloads found at URLs served by post.securestudies.com.

1 / 68      (Adware)
http://post.securestudies.com/packages/.../rk_setup.exe  (84f5de656adaad2e2b2dea4d50e97b63)

12 / 68    (Adware)
http://post.securestudies.com/packages/.../PackageI2.exe  (05bbf2f5359c8893ed2a70fd6560cbf1)

9 / 68      (Malware)
http://post.securestudies.com/packages/.../PackageV.exe  (f78a0b71fb7ac5138028b927d6ba1eb7)

20 / 68    (Adware)
http://post.securestudies.com/packages/.../PackageV.exe  (poverify.exe)

15 / 68    (Adware)
http://post.securestudies.com/packages/.../PackageI2.exe  (d0cbba072f17fab672345bf7c7abd0fa)

The following 110 files have been seen to comunicate with post.securestudies.com in live environments.

TCP » 165.193.78.234:443
RKInstaller.exe (by TMRG, INC)

TCP » 165.193.78.234:80
RKInstaller.exe (by TMRG, INC)

TCP » 165.193.78.234:80
pi1vgjqw.exe

TCP » 165.193.78.234:80
wgpro.tmp

TCP » 165.193.78.234:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 165.193.78.234:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 165.193.78.234:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 165.193.78.234:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 165.193.78.234:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 165.193.78.234:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 165.193.78.234:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 165.193.78.234:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 165.193.78.234:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 165.193.78.234:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 165.193.78.234:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 165.193.78.234:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 165.193.78.234:443
RKInstaller.exe (by TMRG, INC)

TCP » 165.193.78.234:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 165.193.78.234:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 165.193.78.234:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

 
Latest 20 of 150 files

URL:
http://post.securestudies.com/

SSL certificate subject:
CN=*.securestudies.com, OU=COMODO SSL Wildcard, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
Microsoft-IIS/8.5 (ASP.NET)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.