1.getsecureinstall.com

Whois Privacy Corp.

Domain Information

The domain 1.getsecureinstall.com registered by Whois Privacy Corp. was initially registered in March of 2014 through INTERNET.BS CORP.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Remove Malware from 1.getsecureinstall.com - Powered by Reason Core Security
Registrar:
INTERNET DOMAIN SERVICE BS CORP

Server location:
Virginia, United States (US)

Create date:
Monday, March 31, 2014

Expires date:
Thursday, March 31, 2016

Updated date:
Saturday, December 12, 2015

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US

Scanner detections:
Detections  (98% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.IgnitionInstaller.F, PUP.Installer.WARPINSTALL.F, PUP.Installer.WARPINSTALL.N, PUP.Installer.INSTALLTHIS.N, PUP.SystemApplet.N, PUP.Installer.FileMonarch.N, PUP.Installer.WARPINSTALLER.N, Threat.Adknowledge.Bundler, PUP.Adknowledge.WARPINSTALL.Installer (M), Threat.Win.Reputation.IMP
96.00%

avast!
Win32:Somoto-N [PUP], Win32:PUP-gen [PUP], Win32:Adware-gen [Adw], Win32:IBryte-DJ [PUP], Win32:IBryte-CJ [PUP], Win32:IBryte-EJ [PUP]
96.00%

Sophos
iBryte Optimum Installer, Mal/Inject-CEE, PUA 'iBryte Optimum Installer'
94.00%

Kingsoft AntiVirus
Win32.Troj.Generic.(kcloud), Win32.Troj.DownAgent.bk.(kcloud), Win32.Troj.Undef.(kcloud), Win32.Troj.Badur.hr.(kcloud), Win32.Troj.iBryte.j.(kcloud)
92.00%

Dr.Web
Adware.Downware.2039, Adware.Downware.2319, Trojan.DownLoader9ENT.53807, Trojan.DownLoader9.59424, Adware.Downware.2508
90.00%

Avira AntiVirus
Adware/iBryte.A.6609, Adware/iBryte.bxjq, Adware/iBryte.Z, Adware/iBryte.A.6256, ADWARE/Adware.Gen7, Adware/iBryte.A.7733
90.00%

VIPRE Antivirus
Ignition Installer, Optimum Installer, Trojan.Win32.Generic, Threat.4150696, Threat.4778314
88.00%

Agnitum Outpost
PUA.Downloader, PUA.Agent, PUA.iBryte
88.00%

AVG
AdPlugin, Adware AdPlugin.DA, Adware AdPlugin.DF, Adware AdPlugin.CI, Adware AdPlugin.DE, Adware AdPlugin.FA, Adware AdPlugin.CO
88.00%

NANO AntiVirus
Trojan.Win32.Downware.culecy, Trojan.Win32.IBryte.cwbnyw, Trojan.Win32.IBryte.cxaaqu, Trojan.Win32.Agent.cxjjsz, Trojan.Win32.IBryte.cvsxum
88.00%

Malwarebytes
PUP.Optional.OptimumInstaller.A, PUP.Optional.Ibryte
86.00%

K7 Gateway Antivirus
Unwanted-Program
86.00%

Kaspersky
not-a-virus:Downloader.Win32.Agent, not-a-virus:AdWare.Win32.iBryte, HEUR:Trojan.Win32.Generic
86.00%

Comodo Security
ApplicUnwnt, Application.Win32.IBryte.U, Application.Win32.IBryte.WI, Application.Win32.iBryte.WRP, TrojWare.Win32.IBryte.S
86.00%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h, AdWare.iBryte, Signed-Adware.iBryte, Downloader.Agent
86.00%

The domain 1.getsecureinstall.com has been seen to resolve to the following 4 IP addresses.

ec2-54-243-244-249.compute-1.amazonaws.com
July 10, 2014

ec2-23-21-189-120.compute-1.amazonaws.com
July 10, 2014

ec2-23-21-100-173.compute-1.amazonaws.com
April 30, 2014

ec2-50-17-234-52.compute-1.amazonaws.com
April 4, 2014

File downloads found at URLs served by 1.getsecureinstall.com.

33 / 68    (Adware)
http://1.getsecureinstall.com/o/.../Player-Chrome.exe  (92cf52afe6ab907509e8f7962056b8dc)

46 / 68    (Adware)
http://1.getsecureinstall.com/o/.../Setup.exe  (05880c551eccb31820bf8d8adf1e57c7)

Remove Malware from 1.getsecureinstall.com - Powered by Reason Core Security