home

downgradepc.upgrade-24.com

Corp New Ventures Services

Domain Information

The domain downgradepc.upgrade-24.com registered by Corp New Ventures Services was initially registered in January of 2016 through REGISTRAR OF DOMAIN NAMES REG.RU LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Zurich, Zurich within Switzerland which resides on the RIPE Network Coordination Centre network.
Registrar:
INLANDDOMAINS, LLC

Server location:
Zurich, Switzerland (CH)

Create date:
Wednesday, January 27, 2016

Expires date:
Friday, January 27, 2017

Updated date:
Wednesday, February 3, 2016

ASN:
AS40034 CONFLUENCE-NETWORK-INC - Confluence Networks Inc,VG

Root domain:
upgrade-24.com

Whois:
2 upgrade-24.com records

Google Safe Browsing:
phishing

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.installCore.Installer, Threat.Installer.OOOAdvert, PUP.installCore.OOOServisM.Installer (M), PUP.installCore.OOOAdvert.Installer (M), PUP.installCore.OOOServi.Installer (M), PUP.installCore.OOOAdver.Installer (M), PUP.installCore (M)
100.00%

avast!
Malware-gen
22.58%

K7 AntiVirus
Adware
22.58%

Dr.Web
Trojan.InstallCore.314, Trojan.InstallCore.255
22.58%

ESET NOD32
Win32/InstallCore.YK potentially unwanted application, Win32/InstallCore.YL potentially unwanted application, Win32/InstallCore.YM potentially unwanted application
22.58%

VIPRE Antivirus
Threat.4150696
19.35%

Bkav FE
W32.HfsAdware
19.35%

Comodo Security
Application.Win32.InstallCore.DWT, Application.Win32.InstallCore.DQY, Application.Win32.InstallCore.DBX
16.13%

AVG
InstallCore, Generic
16.13%

Avira AntiVirus
PUA/InstallCore.Gen, PUA/InstallCore.A.2387
12.90%

NANO AntiVirus
Riskware.Win32.InstallCore.dqvwti, Riskware.Win32.InstallCore.dqvwob
12.90%

herdProtect (fuzzy)
a variant of 833c3093cd02ed340fafd9c2354f07f48dda91aa, a variant of 64d30119197dcba37247a27bd9aae89b4d5dbc83, a variant of 5869b72ab510c09b7e2a5482d56cb20bb6e5c486
9.68%

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
9.68%

Baidu Antivirus
Adware.Win32.InstallCore
6.45%

Qihoo 360 Security
HEUR/QVM06.1.Malware.Gen
6.45%

The domain downgradepc.upgrade-24.com has been seen to resolve to the following 4 IP addresses.

93.191.169.210
May 16, 2016

141.8.226.14
April 11, 2016

204.11.56.48
February 13, 2016

207.244.83.26
April 11, 2015

File downloads found at URLs served by downgradepc.upgrade-24.com.

1 / 68      (Adware)
http://downgradepc.upgrade-24.com/.../zFIf5tCdf6SN6FLPL4EvUOw6Ve6dkbRp9szDA=&dist_id=375&channel=ac_jnv&cid=13716119831426958932&pubid=306451  (java_runtime_enviroment_setup.exe)

1 / 68      (Adware)
http://downgradepc.upgrade-24.com/.../DlSrD9mKprKAxVJdZ7W4nuq88=&dist_id=718&channel=ac_rr444&cid=14308695911427036965&pubid=274505  (adobe_flash_setup.exe)

1 / 68      (Adware)
http://downgradepc.upgrade-24.com/dl.php?conversion_id=14270557409237&app_id=4&lp_id=954&v=ico&stub_id=148&v_id=eDJum5UHf1yQ0tEUMMr fCgNAOYdnIJJJJBseGNrHSY=&dist_id=718&channel=ac_rr444&cid=u594f518254d0a0d51a85b0c1c5&pubid=83087  (adobe_flash_setup.exe)

1 / 68      (Adware)
http://downgradepc.upgrade-24.com/.../ A2aIn6pXZX9VIIo=&dist_id=564&channel=ac_j25&cid=16639072331426941267&pubid=322028  (java_runtime_enviroment_setup.exe)

1 / 68      (Adware)
http://downgradepc.upgrade-24.com/dl.php?conversion_id=14270585908894&app_id=63&lp_id=335&v=ico&stub_id=149&v_id=xpw8Pds0aUcEocbVy9L55JXHoBiGB8D4CXhOyNa3yfg=&dist_id=582&channel=ac_fnl3&cid=7724314481427058589&pubid=189034  (java_runtime_enviroment_setup.exe)

1 / 68      (Adware)
http://downgradepc.upgrade-24.com/.../reD1IjZLbmzvb1mx0wtgyeCcKoU142uXGlSUJQ=&dist_id=549&channel=ac_j10&cid=ub5a3c253550f6fc16306cb456f&pubid=234715  (java_runtime_enviroment_setup.exe)

1 / 68      (Adware)
http://downgradepc.upgrade-24.com/dl.php?conversion_id=14270015436988&app_id=63&lp_id=648&v=ico&stub_id=149&v_id=h0Q8RfwS3tQVhVv6WzwTGPSOFX5VLdQGgbywt4LVvVA=&dist_id=574&channel=ac_nj1&cid=17441603061427001534&pubid=376975  (java_runtime_enviroment_setup.exe)

1 / 68      (Adware)
http://downgradepc.upgrade-24.com/dl.php?conversion_id=14270585946607&app_id=63&lp_id=335&v=ico&stub_id=149&v_id=lX5Y rVcExPXphv7oqyXTQ3qFs0ZqUhFQRSkmLTqmtU=&dist_id=404&channel=ac_f12&cid=13958352181427058593&pubid=242417  (java_runtime_enviroment_setup.exe)

1 / 68      (Adware)
http://downgradepc.upgrade-24.com/.../xvCaTr8cu1i8drZLjoZOldbdXiQ12u3FGDaOfLs=&dist_id=718&channel=ac_rr444&cid=uca1d534c54427382681b5aa352&pubid=366464  (adobe_flash_setup.exe)

1 / 68      (Adware)
http://downgradepc.upgrade-24.com/.../s3CG995VmaC3MTs4=&dist_id=540&channel=ac_j1&cid=6964312321426938461&pubid=232744  (java_runtime_enviroment_setup.exe)

1 / 68      (Adware)
http://downgradepc.upgrade-24.com/.../TAOpKjhRpR7Q4=&dist_id=398&channel=ac_f7&cid=ubf06a50354d3540e6f88e382d4&pubid=162609  (adobe_flash_setup.exe)

1 / 68      (Adware)
http://downgradepc.upgrade-24.com/dl.php?conversion_id=14270564624036&app_id=23&lp_id=419&v=ico&stub_id=148&v_id=D95Q9Fjnnq m1zHh1M17sRmIVl07hUse8TpKwFjwluU=&dist_id=268&channel=ac_ccl&cid=18085634351427056461&pubid=360533  (ccleaner_setup.exe)

1 / 68      (Adware)
http://downgradepc.upgrade-24.com/dl.php?conversion_id=14269568431012&app_id=4&lp_id=465&v=ico&stub_id=141&v_id=2qmEXET8NsHe9Ehxq1QpErK2SzCEJwh0k77lZsLQluA=&dist_id=582&channel=ac_fnl3&cid=18920456351426956835&pubid=366464  (adobe_flash_setup.exe)

1 / 68      (Adware)
http://downgradepc.upgrade-24.com/.../hePO42klHcSfz5cp0MXFJQS1o402LuXQ7tKO3UA=&dist_id=586&channel=ac_fnl7&cid=8370678711426913650&pubid=310873  (adobe_flash_setup.exe)

1 / 68      (Adware)
http://downgradepc.upgrade-24.com/dl.php?conversion_id=14269045485245&app_id=23&lp_id=419&v=ico&stub_id=148&v_id=zs4hZfMoqu6ztTk22kwcCJVrl1PL7C4bwUrI3C7lBbw=&dist_id=268&channel=ac_ccl&cid=8253277451426904547&pubid=307190  (ccleaner_setup.exe)

1 / 68      (Adware)
http://downgradepc.upgrade-24.com/dl.php?conversion_id=14270532833428&app_id=4&lp_id=554&v=ico&stub_id=148&v_id=vwdDkWZzCWNtJQ7uxcZNqD1ENAcQpOPFy3iXSXOLXTo=&dist_id=718&channel=ac_rr444&cid=12454527031427053281&pubid=360533  (adobe_flash_setup.exe)

1 / 68      (Adware)
http://downgradepc.upgrade-24.com/dl.php?conversion_id=14270528944535&app_id=4&lp_id=963&v=ico&stub_id=149&v_id=3GsfauEvfz6CwNFjLGcEUHATmYcHiHT525j0NY KTjs=&dist_id=393&channel=ac_f2&cid=12454527031427052893&pubid=360533  (adobe_flash_setup.exe)

1 / 68      (Adware)
http://downgradepc.upgrade-24.com/.../lHJNTC4T7qztjvynFNLZ4wppAQ5M=&dist_id=570&channel=ac_nf6&cid=11764836011426951738&pubid=398361  (adobe_flash_setup.exe)

1 / 68      (Adware)
http://downgradepc.upgrade-24.com/dl.php?conversion_id=14270587286477&app_id=4&lp_id=954&v=ico&stub_id=149&v_id=AnJGXKUi3lw8vZmmVu2R2HMvcvEHKAFOUs7oCfwIVfs=&dist_id=718&channel=ac_rr444&cid=35573856891427058727&pubid=295155  (adobe_flash_setup.exe)

1 / 68      (Adware)
http://downgradepc.upgrade-24.com/.../5 xjhs05xBQiEn5Xscqw=&dist_id=579&channel=ac_nj6&cid=31989436391427046910&pubid=331335  (java_runtime_enviroment_setup.exe)

1 / 68      (Adware)
http://downgradepc.upgrade-24.com/dl.php?conversion_id=14270099532592&app_id=4&lp_id=554&v=ico&stub_id=141&v_id=3qKdog9s17rVH9yCglQ4gBIA39q3ExHyWIyu6D0JTKY=&dist_id=718&channel=ac_rr444&cid=7031512701427009952&pubid=366464  (adobe_flash_setup.exe)

1 / 68      (Adware)
http://downgradepc.upgrade-24.com/dl.php?conversion_id=14270402118698&app_id=4&lp_id=119&v=ico&stub_id=148&v_id=oNdi04NPgoBYgYtd1nn0aZWmmxzH8H0zhRpJrqxr6hk=&dist_id=569&channel=ac_nf5&cid=6906930861427040208&pubid=376975  (adobe_flash_setup.exe)

11 / 68    (Adware)
http://downgradepc.upgrade-24.com/dl.php?conversion_id=14269683542635&app_id=4&lp_id=324&v=ico&stub_id=141&v_id=1yiRIkyEoqHYqvHquXSmkPdeGteAB5FpSTdkPVk4xfc=&dist_id=840&channel=uu_tpoie&cid=aUpoVMRMQcEhjiJVB7KkgdOWZRt4gpgZxZYWDZedbDLPBZbV70yWHGWunN05z9kBgFDs0ksLH09f8p-RyZKOS9jbNg2-jRmprmcL8bdFns53kp3TVtK4dmudbLPTnuj8HAuJ_ilqujEdCxHL9pA8cA-lIVMnEK_wWWdiXGMLJPbWRuE_znDigKLYzfpB9drFDGuQj6UMTjKJsX7Ztqa5uFOrjS7WZ1AjCggVESy3i3YqBqsJBjZjPNnGTFfs  (adobe_flash_setup.exe)

13 / 68    (Adware)
http://downgradepc.upgrade-24.com/dl.php?conversion_id=14270502200589&app_id=4&lp_id=733&v=ico&stub_id=149&v_id=VMDTxC1qICg0HvJ31j9Y9oBWAiIRfqlY7EseD0OOFiU=&dist_id=571&channel=ac_nf7&cid=6908672431427050211&pubid=232744  (adobe_flash_setup.exe)

1 / 68      (Adware)
http://downgradepc.upgrade-24.com/dl.php?conversion_id=14269493585801&app_id=4&lp_id=954&v=ico&stub_id=148&v_id=5e7r7cauClxZ966qHXp182qiehIKsQlBv8auycLozUk=&dist_id=718&channel=ac_rr444&cid=u865303535368008697f98dfd31&pubid=325983  (adobe_flash_setup.exe)

12 / 68    (Adware)
http://downgradepc.upgrade-24.com/dl.php?conversion_id=14270559738040&app_id=4&lp_id=954&v=ico&stub_id=148&v_id=P4ngtwr7xTks1NtAzaWQUkJ3W9RHFI aRBTqs1bruU0=&dist_id=718&channel=ac_rr444&cid=12983326581427055969&pubid=404619  (adobe_flash_setup.exe)

1 / 68      (Adware)
http://downgradepc.upgrade-24.com/dl.php?conversion_id=14269011419982&app_id=4&lp_id=554&v=ico&stub_id=146&v_id=HGK6lcrxPKbde8LpDEdi4NBnB5WnLlWZrjYu3RqZpTg=&dist_id=718&channel=ac_rr444&cid=10792428501426901140&pubid=360533  (adobe_flash_setup.exe)

12 / 68    (Adware)
http://downgradepc.upgrade-24.com/.../DmqSQIOYF3cEDLonKx5shvDHx3tm47neA=&dist_id=718&channel=ac_rr444&cid=u5f91e3cc550c3a99653474c3c0&pubid=274978  (adobe_flash_setup.exe)

12 / 68    (Adware)
http://downgradepc.upgrade-24.com/dl.php?conversion_id=14269850327105&app_id=4&lp_id=963&v=ico&stub_id=141&v_id=73zhuMP5S9OTHiqMJ3zgV9s0jrY2P5jqyj5PUdnbAXw=&dist_id=393&channel=ac_f2&cid=u87174afb550e103f80bcb1ee52&pubid=205635  (adobe_flash_setup.exe)

9 / 68      (Adware)
http://downgradepc.upgrade-24.com/dl.php?conversion_id=14270577021246&app_id=4&lp_id=954&v=ico&stub_id=149&v_id=UQO2usuvLqY WZJow8OXwh83dvJ9xj24qa34y3t9IxM=&dist_id=718&channel=ac_rr444&cid=6906865311427057701&pubid=83087  (adobe_flash_setup.exe)

 
Latest 30 of 34 download URLs

The following 3 files have been seen to comunicate with downgradepc.upgrade-24.com in live environments.

TCP » 141.8.226.14:80
google-bookmarks.crx

TCP » 204.11.56.48:80
chrome.crx

TCP » 204.11.56.48:80
chrome.crx

URL:
http://downgradepc.upgrade-24.com/

Web server:
Apache

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.