home

secure.dwnld04.com

Domain Information

Server location:
Virginia, United States (US)

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US

Root domain:
dwnld04.com

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

avast!
GenMaliciousA-DJE [PUP]
100.00%

VIPRE Antivirus
Threat.4798837
100.00%

Dr.Web
Trojan.DownLoader12.31270
100.00%

Emsisoft Anti-Malware
Gen:Variant.Strictor.78910
100.00%

F-Secure
Gen:Variant.Strictor.78910
100.00%

ESET NOD32
Win32/Adware.iBryte.CC application
100.00%

Lavasoft Ad-Aware
Gen:Variant.Strictor.78910
100.00%

Norman
Gen:Trojan.Heur.TP.is1@bqgqZ6ai
100.00%

AVG
Adware AdPlugin.COH
100.00%

Kaspersky
Hoax.Win32.ArchSMS
100.00%

MicroWorld eScan
Gen:Variant.Strictor.78910
100.00%

Zillya! Antivirus
Adware.iBryte.Win32.7694
100.00%

K7 AntiVirus
Unwanted-Program
100.00%

NANO AntiVirus
Riskware.Win32.ArchSMS.dokvzx
100.00%

F-Prot
W32/S-73e9045d
100.00%

The domain secure.dwnld04.com has been seen to resolve to the following 2 IP addresses.

54.243.183.125
ec2-54-243-183-125.compute-1.amazonaws.com
May 5, 2015

54.243.186.169
ec2-54-243-186-169.compute-1.amazonaws.com
May 5, 2015

File downloads found at URLs served by secure.dwnld04.com.

25 / 68    (PUP)
http://secure.dwnld04.com/o/.../setup.exe  (723d24757c77821c20be52bacb426631)

The following 5 files have been seen to comunicate with secure.dwnld04.com in live environments.

TCP » 54.243.183.125:80
bmanager.exe

TCP » 54.243.183.125:80
havij.exe (Swift Installer)

TCP » 54.243.183.125:80
havij.exe (Swift Installer)

TCP » 54.243.183.125:80
889cfdf53ed361b978a97984afb04aa93fb721bd (Software Installer)

TCP » 54.243.186.169:80
setup.exe (Software Installer)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.