home

secured-download.com

Advertiso GmbH

Domain Information

The domain secured-download.com registered by Advertiso GmbH was initially registered in April of 2013 through REGISTRYGATE GMBH. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Berlin, Berlin within Germany which resides on the RIPE Network Coordination Centre network.
Registrar:
REGISTRYGATE GMBH

Server location:
Berlin, Germany (DE)

Create date:
Friday, April 5, 2013

Expires date:
Tuesday, April 5, 2016

Updated date:
Thursday, June 18, 2015

ASN:
AS24940 HETZNER-AS Hetzner Online GmbH,DE

Whois:
2 secured-download.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Malwarebytes
PUP.Optional.InstallCore.A, PUP.Optional.Freemium.A
85.71%

Dr.Web
Adware.InstallCore.124, Trojan.Packed.24524
85.71%

VIPRE Antivirus
InstallCore, InstallCore.b
85.71%

ESET NOD32
Win32/InstallCore.CF (variant), Win32/InstallCore.CH (variant), Win32/InstallCore.D potentially unwanted (variant), Win32/InstallCore.CX (variant)
85.71%

Avira AntiVirus
ADWARE/InstallCore.Gen7, Adware/InstallCo.HJ, PUA/InstallCore.Gen7, APPL/InstallCore.QL.153, APPL/InstallCore.PY
85.71%

Reason Heuristics
PUP.Installer.ISfreemium.a, PUP.InstallCore.Bundler (M), PUP.InstallCore.ENG (M), PUP.installCore (M)
71.43%

K7 AntiVirus
Unwanted-Program, Unwanted-Program
57.14%

F-Prot
W32/InstallCore.R4.gen, W32/InstallCore.R.gen, W32/InstallCore.R3.gen, W32/InstallCore.R2.gen
57.14%

Sophos
Install Core Click run software, PUA 'Install Core Click run software', Install Core Click run software (PUA)
57.14%

McAfee
Artemis!D52531DDBEB7, Artemis!E30156E3AC2B, Artemis!08E30F31F86B
42.86%

Trend Micro House Call
TROJ_GEN.F47V0819
28.57%

Microsoft Security Essentials
SoftwareBundler:Win32/DealPly
28.57%

SUPERAntiSpyware
PUP.InstallCore/Variant
28.57%

G Data
Win32.Application.InstallCore
28.57%

Vba32 AntiVirus
Downware.InstallCore
28.57%

The domain secured-download.com has been seen to resolve to the following 2 IP addresses.

136.243.43.26
static.26.43.243.136.clients.your-server.de
January 6, 2016

144.76.61.176
static.176.61.76.144.clients.your-server.de
November 16, 2013

File downloads found at URLs served by secured-download.com.

1 / 68      (Adware)
http://secured-download.com/.../11?locale=de  (adobeflashplayer-setup.exe)

10 / 68    (PUP)
http://secured-download.com/system/core/.../vlc_Setup.exe  (f1b30302010aefe8f6faa8adbdf1a22f)

9 / 68      (PUP)
http://secured-download.com/.../12?locale=de  (avira_free3499_antivirus_de-setup.exe)

7 / 68      (PUP)
http://secured-download.com/.../5?locale=en  (googlechrome-setup.exe)

17 / 68    (PUP)
http://secured-download.com/system/core/.../Adobe-Flash-Player_Setup.exe  (08e30f31f86b9f99f138d53eae0379e4)

15 / 68    (PUP)
http://secured-download.com/system/cores/channel/.../the-sims-2-setup.exe  (0cb4d234bec88935ffb49ed46bb6f818)

14 / 68    (Adware)
http://secured-download.com/system/core/.../Internet_Explorer_Download_Setup.exe  (d52531ddbeb79be72e7516d6b8aacaf5)

The following 13 files have been seen to comunicate with secured-download.com in live environments.

TCP » 136.243.43.26:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 136.243.43.26:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 136.243.43.26:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 136.243.43.26:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 136.243.43.26:80
client.exe (ClientWrapper)

TCP » 136.243.43.26:80
bluestacks.exe (Soft by Web Program)

TCP » 144.76.61.176:80
icreinstall_google-earth_setup.exe (Web Program software by Installer Internet Application)

TCP » 144.76.61.176:80
powerpoint-viewer-2007_setup.exe

TCP » 144.76.61.176:80
chrome_setup.exe (Generic Software by Software)

TCP » 144.76.61.176:80
replay-video-capture_setup.exe (Internet)

TCP » 144.76.61.176:80
spotify_setup.exe

TCP » 144.76.61.176:80
spybot-search-destroy_setup.exe (Program installer by Web)

TCP » 144.76.61.176:80
google-chrome_setup.exe (Generic Application by Software Internet)

URL:
http://secured-download.com/

Title:
“secured-download.com”

Web server:
Apache/2.4.7 (Ubuntu) (Phusion Passenger 5.0.10)

ddxserver.com

ddxserverneu.com

download-1.com

download-i.com

downloadam.com

downloadem.com

downloadian.com

downloadpsx.com

downloadpt.com

downloads-central.com

musterbewerbung.net

downloadserver16.com

downloadserver40.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.