home

dl.kiklou.eu

Domain Information

Server location:
Nord-Pas-De-Calais, France (FR)

ASN:
AS16276 OVH OVH SAS,FR

Root domain:
kiklou.eu

Scanner detections:
Detections  (98% detected)

Scan engine
Details
Detections

Reason Heuristics
(M), PUP.Eorezo.Bundler (M), PUP.Tuto4PC.Offer.Installer.Meta (M), Adware.Downloader (M), Adware.Eorezo.Bundler, PUP.InstallCore.48 (M), PUP.OffToUp (M), PUP.InstallCore.RE48 (M), PUP.OffToUp.Installer (M)
82.00%

ESET NOD32
Win32/Adware.EoRezo.BD application
36.00%

NANO AntiVirus
Trojan.InnoSetup.Eorezo.dyqoal
26.00%

ESET NOD32
Win32/Adware.EoRezo.BD (variant)
22.00%

Kaspersky
not-a-virus:AdWare.Win32.Eorezo, UDS:DangerousObject.Multi.Generic
20.00%

IKARUS anti.virus
AdWare.Eorezo
18.00%

Malwarebytes
Adware.EoRezo, PUP.Optional.EoRezo
12.00%

K7 AntiVirus
Adware
10.00%

Avira AntiVirus
TR/Crypt.XPACK.Gen2, ADWARE/EoRezo.Gen, W32/Ramnit.C, W32/Virut.Gen
10.00%

Dr.Web
Threat.Undefined
10.00%

Sophos
Generic PUA IK (PUA), Generic PUA OH (PUA), Generic PUA GH (PUA)
6.00%

Fortinet FortiGate
Adware/Eorezo
6.00%

VIPRE Antivirus
Threat.4739248, Adware.Eorezo
6.00%

Rising Antivirus
PE:Adware.InstallCore!1.A30C [F]
4.00%

Microsoft Security Essentials
Threat.Undefined
4.00%

The domain dl.kiklou.eu has been seen to resolve to the following 7 IP addresses.

176.31.126.119
dl7.eorezo.com
January 5, 2016

5.196.80.98
dl2.eorezo.com
January 4, 2016

37.59.30.197
dl4.eorezo.com
January 4, 2016

37.59.30.196
dl5.eorezo.com
January 4, 2016

188.165.230.78
dl0.eorezo.com
January 4, 2016

188.165.237.181
dl1.eorezo.com
January 3, 2016

176.31.126.133
dl6.eorezo.com
January 2, 2016

File downloads found at URLs served by dl.kiklou.eu.

1 / 68      (PUP)
http://dl.kiklou.eu/download/trasgo/clickmein/.../setup_gmsd_us.exe  (b3ab3a668072d2193ef37829d74f2899)

2 / 68      (PUP)
http://dl.kiklou.eu/download/trasgo/clickmein/.../setup_gmsd_it.exe  (nsy59f.tmp)

3 / 68      (PUP)
http://dl.kiklou.eu/download/trasgo/clickmein/.../setup_gmsd_tr.exe  (nsc14e8.tmp)

11 / 68    (PUP)
http://dl.kiklou.eu/download/trasgo/clickmein/.../setup_gmsd_ar.exe  (nsc3179.tmp)

4 / 68      (PUP)
http://dl.kiklou.eu/download/trasgo/clickmein/.../setup_gmsd_de.exe  (nsp50b0.tmp)

5 / 68      (PUP)
http://dl.kiklou.eu/download/trasgo/clickmein/.../setup_gmsd_mx.exe  (2a10.tmp)

1 / 68      (PUP)
http://dl.kiklou.eu/download/trasgo/clickmein/.../setup_gmsd_jp.exe  (78e87d62e4f593a4d234035aa1486a10)

1 / 68      (PUP)
http://dl.kiklou.eu/download/trasgo/clickmein/.../setup_gmsd_in.exe  (nsu3a5f.tmp)

3 / 68      (PUP)
http://dl.kiklou.eu/download/trasgo/clickmein/.../setup_gmsd_fi.exe  (nsv5393.tmp)

4 / 68      (PUP)
http://dl.kiklou.eu/download/trasgo/clickmein/.../setup_gmsd_nl.exe  (nsh7b13.tmp)

6 / 68      (PUP)
http://dl.kiklou.eu/download/trasgo/clickmein/.../setup_gmsd_se.exe  (nst5a86.tmp)

3 / 68      (PUP)
http://dl.kiklou.eu/download/trasgo/clickmein/.../setup_gmsd_fr.exe  (nsp9c4.tmp)

5 / 68      (PUP)
http://dl.kiklou.eu/download/trasgo/clickmein/.../setup_gmsd_pl.exe  (c877.tmp)

1 / 68      (PUP)
http://dl.kiklou.eu/download/trasgo/clickmein/.../setup_gmsd_ca.exe  (21cbd3aa32a21fb4686cc5e872c88265)

3 / 68      (PUP)
http://dl.kiklou.eu/download/trasgo/clickmein/.../setup_gmsd_dk.exe  (4f5a.tmp)

11 / 68    (PUP)
http://dl.kiklou.eu/download/trasgo/clickmein/.../setup_gmsd_pt.exe  (nsgc428.tmp)

1 / 68      (PUP)
http://dl.kiklou.eu/download/dwn/prq4633/asia/.../setup_gmsd_ra.exe  (nsb2dde.tmp)

2 / 68      (PUP)
http://dl.kiklou.eu/download/trasgo/clickmein/.../setup_gmsd_no.exe  (nsda358.tmp)

1 / 68      (PUP)
http://dl.kiklou.eu/download/trasgo/clickmein/.../setup_gmsd_gb.exe  (nsccec6.tmp)

6 / 68      (PUP)
http://dl.kiklou.eu/download/trasgo/clickmein/.../setup_gmsd_es.exe  (nsq5884.tmp)

1 / 68      (PUP)
http://dl.kiklou.eu/download/trasgo/clickmein/.../setup_gmsd_br.exe  (nsy1e24.tmp)

The following 23 files have been seen to comunicate with dl.kiklou.eu in live environments.

TCP » 176.31.126.119:80
Client.exe

TCP » 176.31.126.119:80
Client.exe

TCP » 176.31.126.119:80
wgpro.tmp

TCP » 176.31.126.119:80
nss279.tmp

TCP » 176.31.126.133:80
wgpro.tmp

TCP » 176.31.126.133:80
nsh61b2.tmp

TCP » 176.31.126.133:80
nsr8816.tmp

TCP » 176.31.126.133:80
nss279.tmp

TCP » 176.31.126.133:80
updpcc_en_014020153.exe

TCP » 188.165.230.78:80
nsn236d.tmp

TCP » 188.165.230.78:80
nss86ec.tmp

TCP » 188.165.230.78:80
nsd5dcd.tmp

TCP » 188.165.237.181:80
wgpro.tmp

TCP » 188.165.237.181:80
nsm1f07.tmp

TCP » 188.165.237.181:80
nsta8d8.tmp

TCP » 188.165.237.181:80
nsr5a24.tmp

TCP » 188.165.237.181:80
nsr90fc.tmp

TCP » 188.165.237.181:80
upgmsd_us_005010157.exe

TCP » 37.59.30.196:80
upmbot_nl_85.exe

TCP » 37.59.30.196:80
nsrbfe9.tmp

 
Latest 20 of 26 files

buboascalaphus.com

custotorade.com

dasoftopc.com

dtxpc.com

dysodiopsis.com

egiossis.com

eorezo.com

eudyptulaminor.com

gruscanadensis.com

hcuoteno.com

kochialaetum.com

nectophrynoides.com

physetermacrocephalus.com

proteusanguinus.com

quiquou.eu

reclinataretama.com

saguinusoedipus.com

samplayeedmed.com

setadall.com

taxideataxus.com

testmieu.eu

tiressea.com

vramvram.eu

yadiothironen.com

bariatharg.com

myrmecobiusfasciatus.com

syncopmy.com

tuto4pc.com

csdi-media.com

haematocephala.com

30 of 31 related domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.