home

chepaling.pp.ua

Domain Information

Server location:
Luxembourg, Luxembourg (LU)

ASN:
AS57062 SERVERCLUB-AS , US

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.ICLoader.SoftTras (M), PUP.ICLoader.TEHNOARH.Installer (M), PUP.ICLoader.TEPLOONL (M), PUP.InstallCube (M), PUP.ICLoader (M)
100.00%

Microsoft Security Essentials
Threat.Undefined
20.00%

ESET NOD32
Win32/Kryptik.EWQO trojan
20.00%

Kaspersky
not-a-virus:AdWare.Win32.ICLoader
20.00%

The domain chepaling.pp.ua has been seen to resolve to the following 8 IP addresses.

52.57.70.210
ec2-52-57-70-210.eu-central-1.compute.amazonaws.com
September 15, 2016

188.42.244.204
August 16, 2016

188.42.251.66
July 31, 2016

188.42.251.192
July 12, 2016

188.42.242.113
r1-1-24.mta2-gene.com
July 6, 2016

188.42.242.162
June 23, 2016

188.42.251.65
June 18, 2016

188.42.242.67
evidence.croymbacer.com
May 27, 2016

File downloads found at URLs served by chepaling.pp.ua.

1 / 68      (PUP)
http://chepaling.pp.ua/api/web/getInstaller?transaction_id=234170548&token=58f64f64cc0e655717a98a5f1dae75a7&return_url=https://.../InstallPack.exe&source=&format=json  (igrat_v_freddi_1_v_garesmode_ustanavit_kartu.exe)

1 / 68      (PUP)
http://chepaling.pp.ua/api/web/getInstaller?transaction_id=235999696&token=83f06c452e40109943ef53cc8d006984&return_url=http://minecraft-inside.ru/.../37084&source=&format=json  (karti_dlya_maynkraft_1_5.exe)

1 / 68      (PUP)
http://chepaling.pp.ua/api/web/getInstaller?transaction_id=235411396&token=8880453bd91aa40d3b502a78f1356e38&return_url=https://.../InstallPack.exe&source=&format=json  (karta_fnaf_1_dlya_garris_moda_14.exe)

1 / 68      (PUP)
http://chepaling.pp.ua/api/web/getInstaller?transaction_id=232913960&token=6f146a25d950bf79bb803c9511247b13&return_url=https://.../InstallPack.exe&source=&format=json  (flash_player_hd_install.exe)

4 / 68      (PUP)
http://chepaling.pp.ua/api/web/getInstaller?transaction_id=232590604&token=26602f8ed86381c243e63fd973750d68&return_url=http://minecraft-inside.ru/.../37084&source=&format=json  (skachat_launcher_maynkraft_s_modami_na_oruzhie.exe)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.