home

winu.secureddl.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain winu.secureddl.com is registered by proxy through GODADDY.COM, LLC and was originally registered in March of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Montreal, Quebec within Canada which resides on the OVH Hosting, Inc. network.
Registrar:
GODADDY.COM, LLC

Server location:
Quebec, Canada (CA)

Create date:
Tuesday, March 18, 2014

Expires date:
Saturday, March 18, 2017

Updated date:
Friday, February 12, 2016

ASN:
AS16276 OVH OVH SAS,FR

Root domain:
secureddl.com

Whois:
2 secureddl.com records

Google Safe Browsing:
unwanted

Scanner detections:
Detections  (83% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Win.Reputation.IMP
100.00%

Qihoo 360 Security
HEUR/Malware.QVM11.Gen, Win32/Trojan.Downloader.4d5, Win32/Trojan.Dropper.0c3, HEUR/QVM11.1.Malware.Gen
100.00%

Trend Micro House Call
TROJ_DROPPER.JFK, TROJ_GEN.R047H07G914, TROJ_GEN.R00UH07C914, Suspicious_GEN.F47V0716
80.00%

McAfee
RDN/Generic.dx!ddt, Artemis!D2BF714FB10D, Artemis!37BD65F12E99
60.00%

VIPRE Antivirus
Trojan.Win32.Generic
60.00%

Norman
Suspicious_Gen2.VXKTW, Troj_Generic.UWSVP, Suspicious_Gen4.FXLPV
60.00%

avast!
Win32:Malware-gen, Win32:Adware-BLN [Adw]
60.00%

Sophos
Mal/Generic-S, Generic PUA NP
60.00%

G Data
Trojan.Generic.11488294, Win32.Trojan.Agent.JK6Y50, Trojan.GenericKD.1602076
60.00%

Baidu Antivirus
Trojan.Win32.Secuinw, Adware.Win32.Besttoolbars, Adware.Win32.Illyx
60.00%

MicroWorld eScan
Trojan.Generic.11488294, Trojan.GenericKD.1602076
40.00%

nProtect
Trojan.Generic.11488294, Trojan.GenericKD.1602076
40.00%

Malwarebytes
Trojan.Downloader, Trojan.Inject.RRE
40.00%

Bitdefender
Trojan.Generic.11488294, Trojan.GenericKD.1602076
40.00%

Lavasoft Ad-Aware
Trojan.Generic.11488294, Trojan.GenericKD.1602076
40.00%

The domain winu.secureddl.com has been seen to resolve to the following IP address.

192.99.47.139
ns517839.ip-192-99-47.net
February 6, 2016

File downloads found at URLs served by winu.secureddl.com.

15 / 68    (PUP)
http://winu.secureddl.com/canal/.../betadeeal.exe  (162a498cd219869b58cc3aa076f515a0)

25 / 68    (PUP)
http://winu.secureddl.com/canal/.../service.exe  (~aqfxqvn.exe)

3 / 68      (Malware)
http://winu.secureddl.com/canal/.../service.exe  (~pinifli.exe)

26 / 68    (PUP)
http://winu.secureddl.com/canal/.../launcher.exe  (ac7b721f1246e5dd11def4fceb594b4c)

3 / 68      (Malware)
http://winu.secureddl.com/canal/.../service.exe  (~okguhgf.exe)

0 / 68
http://winu.secureddl.com/.../maj.exe  (ec32b848b382935d91cf69eefbd978f2)

URL:
http://winu.secureddl.com/

Web server:
Apache/2.4.10 (Debian)

illyx.com

secureclientdownload.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.