home

clickeu.gogorithm.com

Domain Information

Server location:
Texas, United States (US)

ASN:
AS36351 SOFTLAYER - SoftLayer Technologies Inc.,US

Root domain:
gogorithm.com

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Systweak.TUNEUPPR.Installer.Meta (L)
100.00%

The domain clickeu.gogorithm.com has been seen to resolve to the following 2 IP addresses.

37.58.93.181
37.58.93.181-static.reverse.softlayer.com
January 5, 2015

37.58.93.180
37.58.93.180-static.reverse.softlayer.com
January 5, 2015

File downloads found at URLs served by clickeu.gogorithm.com.

1 / 68      (PUP)
http://clickeu.gogorithm.com/st?cipid=896030&ttype=1&dast=Ym89MiZjaXBpZD04OTYwMzAmY2lzaWQ9NzVCRkNFNjhDODYxMzUxODE4Mzg2MzMmY2lyaWQ9NzVCRkNFNjhDODYxMzYzMDI2MjA1NTQmc2xpZD0wJnN1YmlkPTIwMDA2NjkwNTYxMTAwMDAwMCZjaXVpZD04MzUyNjQ1Mjc3NTMwNDc5OTc5JnNvPTImY3JpZD0yMDg1MTY4JmV4Y2lkPTIyJm1tdD0tMSZjbnRyeT04MCZjaWNtcD0yNjAxMzgmcHViaWQ9MzEyNTc=&position=${POS}&ciecp=${DTYPE}&cirp=${LAG}&compid=${COMPID}&cmcv=${CMCV}&cipp=${PRICE}&excid=22&cisid=75BFCE68C86136302620554&pixels=31290960&pix=31290960&tgt=http://4.track404od.com/d/.../Ym89MiZjaXBpZD04OTYwMzAmY2lzaWQ9NzVCRkNFNjhDODYxMzUxODE4Mzg2MzMmY2lyaWQ9NzVCRkNFNjhDODYxMzYzMDI2MjA1NTQmc2xpZD0wJnN1YmlkPTIwMDA2NjkwNTYxMTAwMDAwMCZjaXVpZD04MzUyNjQ1Mjc3NTMwNDc5OTc5JnNvPTImY3JpZD0yMDg1MTY4JmV4Y2lkPTIyJm1tdD0tMSZjbnRyeT04MCZjaWNtcD0yNjAxMzgmcHViaWQ9MzEyNTc=  (setup.exe)

The following 3 files have been seen to comunicate with clickeu.gogorithm.com in live environments.

TCP » 37.58.93.180:80
h2safer-surfgy175.exe

TCP » 37.58.93.181:80
viewpasswordfix158.exe

TCP » 37.58.93.181:80
q7dt179.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.