home

dk.brutreta.com

Domain Information

Server location:
Massachusetts, United States (US)

ASN:
AS20940 AKAMAI-ASN1 Akamai International B.V.

Root domain:
brutreta.com

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

ESET NOD32
Win32/TrojanDropper.Addrop.C trojan
50.00%

Avira AntiVirus
ADWARE/Adware.Gen
50.00%

Reason Heuristics
Adware.Bundler.Meta (M)
50.00%

The domain dk.brutreta.com has been seen to resolve to the following 4 IP addresses.

184.25.157.67
a184-25-157-67.deploy.static.akamaitechnologies.com
March 30, 2015

184.25.157.97
a184-25-157-97.deploy.static.akamaitechnologies.com
March 30, 2015

23.0.160.16
a23-0-160-16.deploy.static.akamaitechnologies.com
March 30, 2015

23.0.160.82
a23-0-160-82.deploy.static.akamaitechnologies.com
March 30, 2015

File downloads found at URLs served by dk.brutreta.com.

1 / 68      (PUP)
http://dk.brutreta.com/installers/axtan_installers/get.php?ik=out&ua=chrome&ut=31580b90bf3bac8518dc25149ae4f5a0&loop=1&p=RUFaRUxGUg==&redir=1&x=L2hvbWUvZG93bl9jcm9ucy9wdWJsaWNfaHRtbC9pbnN0YWxsZXJzL291dC9heC8xL2VhemVsZnIvZnJlbmNoL3Nlby9jaHJvbWUvd2hhdHNhcHBfZm9yX3BjXzJfMTFfNTA2L2QvNzgyMTk4MDI3ZmM1MDk0YzQ3OWQzZWY5YTQzYjIyYjUvb3V0LzY3Nzc5Mi9uYS8xL2luc3RhbGxlcl93aGF0c2FwcF9mb3JfcGNfMl8xMV81MDZfRnJlbmNoLmV4ZQ==&r=2240137&u=L2Rvd25sb2FkLmVhemVsLmNvbS9pbnN0YWxsZXJzL291dC8wMDMwODAwMzA5MDAzMTAvcGlpZC01NGZlMzA1ZDA2YmMzOC41MDQ2ODU0OS9heC8xL2VhemVsZnIvZnJlbmNoL3Nlby9jaHJvbWUvd2hhdHNhcHBfZm9yX3BjXzJfMTFfNTA2L2QvNzgyMTk4MDI3ZmM1MDk0YzQ3OWQzZWY5YTQzYjIyYjUvb3V0LzY3Nzc5Mi9uYS8xL2luc3RhbGxlcl93aGF0c2FwcF9mb3JfcGNfMl8xMV81MDZfRnJlbmNoLmV4ZQ==&aa=ax/1/eazelfr//&NN=5&CI=11&ML=24&FF=63&EA=79&JL=0&DK=39&AG=23&IJ=39&JG=23&s=  (installer_whatsapp_for_pc_2_11_506_french.exe)

1 / 68      (PUP)
http://dk.brutreta.com/installers/axtan_installers/get.php?ik=out&ua=chrome&ut=50771e8b64243dcf6ca74cb0bc835e71&r=9287073&p=TVAz&x=L2hvbWUvZG93bl9jcm9ucy9wdWJsaWNfaHRtbC9pbnN0YWxsZXJzL291dC9heC8xL21wMy9zcGFuaXNoL3Nlby9jaHJvbWUvY2Fub25fcGl4bWFfbXAyNTBfMV8wMC9kLzc4MjE5ODAyN2ZjNTA5NGM0NzlkM2VmOWE0M2IyMmI1L291dC82NDQ5NjMvbmEvMS9pbnN0YWxsZXJfY2Fub25fcGl4bWFfbXAyNTBfMV8wMF9TcGFuaXNoLmV4ZQ==&u=L2Rvd25sb2FkLm1wMy5lcy9pbnN0YWxsZXJzL291dC8wMDMwOTAwMzEwMDAzMTEvcGlpZC01NGZlNDRiZmFmYTM2Mi4yNTMxMzEyNS9heC8xL21wMy9zcGFuaXNoL3Nlby9jaHJvbWUvY2Fub25fcGl4bWFfbXAyNTBfMV8wMC9kLzc4MjE5ODAyN2ZjNTA5NGM0NzlkM2VmOWE0M2IyMmI1L291dC82NDQ5NjMvbmEvMS9pbnN0YWxsZXJfY2Fub25fcGl4bWFfbXAyNTBfMV8wMF9TcGFuaXNoLmV4ZQ==&loop=1&redir=1&aa=ax/1/mp3//&AA=92&IB=86&LD=3&BE=23&MK=32&HK=88&FJ=17&DC=42&IF=92&s=  (installer_canon_pixma_mp250_1_00_spanish.exe)

2 / 68      (PUP)
http://dk.brutreta.com/installers/axtan_installers/get.php?ik=out&ua=chrome&ut=1efda7a2265ee7e44975d91bec0b76bb&p=RE9XTkxPQURQTEVY&r=8194835&redir=1&loop=1&u=L2Rvd25sb2FkLmRvd25sb2FkcGxleC5jb20vaW5zdGFsbGVycy9vdXQvMDAzMDgwMDMwOTAwMzEwL3BpaWQtMDEyMzQ1Njc4OTk4NzQ1NjMyMTAwMTIzNDU2Nzg5MTIvYXgvMS9kb3dubG9hZHBsZXgvZW5nbGlzaC9zZW8vY2hyb21lL2RlbHVnZV9mb3Jfd2luZG93cy9kL2VmYzJjNGE0MGRmYzYyMWM0ZDM5ZWQ0YjAwMDRhZWQ4L291dC9uYS9uYS8wL2luc3RhbGxlcl9kZWx1Z2VfZm9yX3dpbmRvd3NfRW5nbGlzaC5leGU=&x=L2hvbWUvZG93bl9jcm9ucy9wdWJsaWNfaHRtbC9pbnN0YWxsZXJzL291dC9heC8xL2Rvd25sb2FkcGxleC9lbmdsaXNoL3Nlby9jaHJvbWUvZGVsdWdlX2Zvcl93aW5kb3dzL2QvZWZjMmM0YTQwZGZjNjIxYzRkMzllZDRiMDAwNGFlZDgvb3V0L25hL25hLzAvaW5zdGFsbGVyX2RlbHVnZV9mb3Jfd2luZG93c19FbmdsaXNoLmV4ZQ==&aa=ax/1/downloadplex//&KF=19&EI=80&KM=96&DD=68&BA=13&IM=2&GE=100&KJ=4&FN=4&s=  (installer_deluge_for_windows_english.exe)

2 / 68      (PUP)
http://dk.brutreta.com/installers/axtan_installers/get.php?ik=out&ua=chrome&ut=1efda7a2265ee7e44975d91bec0b76bb&r=9237535&redir=1&x=L2hvbWUvZG93bl9jcm9ucy9wdWJsaWNfaHRtbC9pbnN0YWxsZXJzL291dC9heC8xL2Rvd25sb2FkcGxleC9lbmdsaXNoL3Nlby9jaHJvbWUvZGVsdWdlX2Zvcl93aW5kb3dzL2QvZWZjMmM0YTQwZGZjNjIxYzRkMzllZDRiMDAwNGFlZDgvb3V0L25hL25hLzAvaW5zdGFsbGVyX2RlbHVnZV9mb3Jfd2luZG93c19FbmdsaXNoLmV4ZQ==&loop=1&p=RE9XTkxPQURQTEVY&u=L2Rvd25sb2FkLmRvd25sb2FkcGxleC5jb20vaW5zdGFsbGVycy9vdXQvMDAzMDgwMDMwOTAwMzEwL3BpaWQtMDEyMzQ1Njc4OTk4NzQ1NjMyMTAwMTIzNDU2Nzg5MTIvYXgvMS9kb3dubG9hZHBsZXgvZW5nbGlzaC9zZW8vY2hyb21lL2RlbHVnZV9mb3Jfd2luZG93cy9kL2VmYzJjNGE0MGRmYzYyMWM0ZDM5ZWQ0YjAwMDRhZWQ4L291dC9uYS9uYS8wL2luc3RhbGxlcl9kZWx1Z2VfZm9yX3dpbmRvd3NfRW5nbGlzaC5leGU=&aa=ax/1/downloadplex//&MM=44&BL=27&LC=31&EA=66&DL=96&ME=29&JC=44&JB=64&BJ=34&NL=5&s=  (installer_deluge_for_windows_english.exe)

The following 55 files have been seen to comunicate with dk.brutreta.com in live environments.

TCP » 184.25.157.97:80
ContentSinder.exe (ContentSinder by ContentSinder Company)

TCP » 23.0.160.16:80
TWCApp.exe (The Weather Channel App by The Weather Channel)

TCP » 23.0.160.16:80
PSANHost.exe (Cloud Antivirus Platform by Panda Security, S.L)

TCP » 23.0.160.16:80
iafdglafjnbhhfnbdlmageiffbhapked.crx

TCP » 23.0.160.16:80
kifafadhaonpfpdepdjmdmcgmnjieenj.crx

TCP » 23.0.160.16:80
pmkdchokpegklckhiggdmjfjfdlkgmmg.crx

TCP » 23.0.160.16:80
ckkfipncfiigadelehgcbcbemeopmcdg.crx

TCP » 23.0.160.16:80
hfcmajnmfggpkknianiidjfhapbkmdgp.crx

TCP » 23.0.160.16:80
ceiapeodjfjcbfkfkfbdpgbhbgiidjdb.crx

TCP » 23.0.160.16:80
mclkedoeeehnmdcbjejgkhobkbibkkdk.crx

TCP » 23.0.160.16:80
gmlikmikiobdfcmdfgacgjikmpcfgdkc.crx

TCP » 23.0.160.16:80
lpmmogapccokpnokcdhjfiildnodjgam.crx

TCP » 23.0.160.16:80
ceiapeodjfjcbfkfkfbdpgbhbgiidjdb.crx

TCP » 23.0.160.16:80
ofbadnfgflalgnlglgchfonmpoiiclig.crx

TCP » 23.0.160.16:80
gmlikmikiobdfcmdfgacgjikmpcfgdkc.crx

TCP » 23.0.160.16:80
oiboaofjhidpibfidnjmnfefaiidodim.crx

TCP » 23.0.160.16:80
gflpcjeoeocanhomdojchhdmmidhgake.crx

TCP » 23.0.160.82:80
becofaobcinoilkmebdbeojebncfepbl.crx

TCP » 23.0.160.82:80
nlekdnjpgajfkijgkfdffdndpmgjnicm.crx

TCP » 23.0.160.82:80
bbpkbhdjebeojlacgfoopaeajbfeboji.crx

 
Latest 20 of 55 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.