home

regcure.pldownload.net

ParetoLogic Inc.

Domain Information

The domain regcure.pldownload.net registered by ParetoLogic Inc. was initially registered in February of 2010 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Scottsdale, Arizona within the United States which resides on the GoDaddy.com, LLC network.
Registrar:
GODADDY.COM, LLC

Server location:
Arizona, United States (US)

Create date:
Wednesday, February 10, 2010

Expires date:
Friday, February 10, 2017

Updated date:
Tuesday, February 16, 2016

ASN:
AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC,US

Root domain:
pldownload.net

Whois:
4 pldownload.net records

Scanner detections:
Detections  (60% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.ParetoLogic.Optional.Installer.Meta (L)
100.00%

The domain regcure.pldownload.net has been seen to resolve to the following 4 IP addresses.

158.69.145.48
May 20, 2016

50.63.202.89
ip-50-63-202-89.ip.secureserver.net
February 23, 2016

72.21.81.253
December 2, 2014

208.67.237.237
bitcast-a.bitgravity.com
January 10, 2014

File downloads found at URLs served by regcure.pldownload.net.

0 / 68
http://regcure.pldownload.net/webair/dl3/downloads/.../RegCureSetup_RW.exe  (2b9f3b129332de7a76d6afbba269d380)

1 / 68      (PUP)
http://regcure.pldownload.net/webair/dl3/downloads/.../RegCureProSetup_RW.exe  (d1d97cbad5d891e303a7019b1d48f6c3)

0 / 68
http://regcure.pldownload.net/webair/dl3/downloads/.../RegCureProSetup_RW.exe  (30a6018782933738ac3e292b7182e456)

0 / 68
http://regcure.pldownload.net/webair/dl3/downloads/.../RegCureProSetup_RW.exe  (3b50a47017fbace98a136b67d6730403)

1 / 68      (PUP)
http://regcure.pldownload.net/webair/dl3/downloads/.../RegCureProSetup_RW.exe  (Repair-tool.exe)

1 / 68      (PUP)
http://regcure.pldownload.net/webair/dl3/downloads/.../RegCureProSetup_RW.exe  (1fd97656d21df27c62fe413368269bf7)

1 / 68      (PUP)
http://regcure.pldownload.net/webair/dl3/downloads/.../RegCureProSetup_RW.exe  (b2ad72d41a72dd2c894ce60565bd74b2)

1 / 68      (PUP)
http://regcure.pldownload.net/webair/dl3/downloads/.../RegCureProSetup_RW.exe  (21ca0081669a37861f6275bd051d9484)

1 / 68      (PUP)
http://regcure.pldownload.net/webair/dl3/downloads/.../RegCureProSetup_RW.exe  (463ee12a65fee04735159638352546d5)

0 / 68
http://regcure.pldownload.net/webair/dl3/downloads/.../RegCureSetup_CB.exe  (62f8bc450f81d192fb31b42b6dc576ec)

The following 2 files have been seen to comunicate with regcure.pldownload.net in live environments.

TCP » 50.63.202.89:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 208.67.237.237:80
CyberGhost.exe (CyberGhost VPN 5 by CyberGhost S.R.L)

URL:
http://regcure.pldownload.net/

Web server:
Microsoft-IIS/7.5 (ASP.NET) (Version: 4.0.30319)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.