home

dles.eorezo.com

haurais jl

Domain Information

The domain dles.eorezo.com registered by haurais jl was initially registered in March of 2004 through GANDI SAS. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Roubaix, Nord-Pas-De-Calais within France which resides on the RIPE Network Coordination Centre network.
Registrar:
GANDI SAS

Server location:
Nord-Pas-De-Calais, France (FR)

Create date:
Friday, March 19, 2004

Expires date:
Sunday, March 19, 2017

Updated date:
Friday, February 13, 2015

ASN:
AS16276 OVH OVH SAS,FR

Root domain:
eorezo.com

Whois:
2 eorezo.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Tuto4PC.N, PUP.Installer.Tuto4PC.S, Threat.Win.Reputation, PUP.Eorezo.Bundler (M), PUP.Eorezo.EorezoTu.Installer (M), Adware.Eorezo (M)
75.00%

Emsisoft Anti-Malware
Trojan.Generic.8513548, Gen.AdWare.Adseo!IK, Adware.EoRezo.T
66.67%

Sophos
EoRezo Adware, Eorezo, PUA 'Eorezo' (of type Adware)
58.33%

Microsoft Security Essentials
Adware:Win32/EoRezo, Threat.Undefined
58.33%

avast!
Win32:Eorezo-AI [PUP], Win32:PUP-gen [PUP], Win32:Eorezo-BH [Adw]
50.00%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4150696
50.00%

MicroWorld eScan
Trojan.Generic.8513548, Adware.EoRezo.T
41.67%

nProtect
Adware.Eorezo.AL, Adware.EoRezo.T
41.67%

Trend Micro House Call
TROJ_GEN.R0CBH0AJO13, TROJ_GEN.F47V0723, HV_EOREZO_CI194F28.RDXN
41.67%

Bitdefender
Trojan.Generic.8513548, Adware.EoRezo.T
41.67%

F-Secure
Trojan.Generic.8513548, Adware.EoRezo.T, Trojan.Generic.KDV.830408
41.67%

Avira AntiVirus
Adware/EoRezo.G, Adware/EoRezo.E.9
41.67%

G Data
Trojan.Generic.8513548, Adware.EoRezo
41.67%

ESET NOD32
Win32/Adware.EoRezo.AC
41.67%

Norman
W32/Troj_Generic.BCCYP, Suspicious_Gen2.RLWOB, Adware.EoRezo.T
41.67%

The domain dles.eorezo.com has been seen to resolve to the following 5 IP addresses.

176.31.126.133
dl6.eorezo.com
April 16, 2016

37.59.30.196
dl5.eorezo.com
April 13, 2016

188.165.230.78
dl0.eorezo.com
February 19, 2016

188.165.237.181
dl1.eorezo.com
February 13, 2016

176.31.126.119
dl7.eorezo.com
November 16, 2013

File downloads found at URLs served by dles.eorezo.com.

22 / 68    (PUP)
http://dles.eorezo.com/clib/eorezo/es//.../webinstall_es.exe  (93e9344e09b573568aa201d3fd893056)

1 / 68      (PUP)
http://dles.eorezo.com/clib/eorezo/es//.../webinstall_es.exe  (c503beeac1a6debfcaa9dbf1b5489492)

4 / 68      (PUP)
http://dles.eorezo.com/clib/eorezo/es//.../webinstall_es.exe  (9c60f610df193c7b1ee22a9ad2788e80)

1 / 68      (Adware)
http://dles.eorezo.com/clib/eorezo/es//.../webinstall_es.exe  (1b931a760a5af4dbea613488e7c73b42)

17 / 68    (PUP)
http://dles.eorezo.com/clib/eorezo/es//.../webinstall_es.exe  (eeb1be37063aa458cf9ae976c2a441d0)

4 / 68      (PUP)
http://dles.eorezo.com/clib/eorezo/es//.../webinstall_es.exe  (74f21e9aec190e8492e74a485608c49d)

3 / 68      (PUP)
http://dles.eorezo.com/clib/eorezo/es//.../webinstall_es.exe  (4613f13559b0e94f7b0356264e1c4f50)

26 / 68    (PUP)
http://dles.eorezo.com/clib/eorezo/es//.../webinstall_es.exe  (40cd1eb92c07b71c49667043fb1bed3c)

9 / 68      (PUP)
http://dles.eorezo.com/clib/eorezo/es//.../webinstall_es.exe  (efe3fa9b228541be4351592159c36631)

2 / 68      (Adware)
http://dles.eorezo.com/clib/eorezo/es/.../setup_eoweather_eo.exe  (24bd45316fa8cd16de5a5f88cfa49d08)

22 / 68    (Adware)
http://dles.eorezo.com/clib/eorezo/es/.../webinstall_es.exe  (6c08365e8be48e21bae541163e49cb18)

22 / 68    (Adware)
http://dles.eorezo.com/clib/eorezo/es/.../webinstall_es.exe  (dfe6b80c176a3204ff8fc16e85df5b7e)

The following 19 files have been seen to comunicate with dles.eorezo.com in live environments.

TCP » 176.31.126.119:80
Client.exe

TCP » 176.31.126.119:80
Client.exe

TCP » 176.31.126.119:80
wgpro.tmp

TCP » 176.31.126.119:80
nss279.tmp

TCP » 176.31.126.133:80
wgpro.tmp

TCP » 176.31.126.133:80
nsh61b2.tmp

TCP » 176.31.126.133:80
nsr8816.tmp

TCP » 176.31.126.133:80
nss279.tmp

TCP » 176.31.126.133:80
updpcc_en_014020153.exe

TCP » 188.165.230.78:80
nsn236d.tmp

TCP » 188.165.230.78:80
nss86ec.tmp

TCP » 188.165.230.78:80
nsd5dcd.tmp

TCP » 188.165.237.181:80
wgpro.tmp

TCP » 188.165.237.181:80
nsm1f07.tmp

TCP » 188.165.237.181:80
nsta8d8.tmp

TCP » 188.165.237.181:80
nsr5a24.tmp

TCP » 188.165.237.181:80
nsr90fc.tmp

TCP » 188.165.237.181:80
upgmsd_us_005010157.exe

TCP » 37.59.30.196:80
upmbot_nl_85.exe

TCP » 37.59.30.196:80
nsrbfe9.tmp

 
Latest 20 of 22 files

URL:
http://dles.eorezo.com/

Title:
“eoRezo”

Web server:
Apache/2.2.16 (Debian) PHP/5.3.3-7+squeeze25 with Suhosin-Patch mod_ssl/2.2.16 OpenSSL/0.9.8o mod_perl/2.0.4 Perl/v5.10.1

buboascalaphus.com

custotorade.com

dasoftopc.com

dtxpc.com

dysodiopsis.com

egiossis.com

eudyptulaminor.com

gruscanadensis.com

hcuoteno.com

kiklou.eu

kochialaetum.com

nectophrynoides.com

physetermacrocephalus.com

proteusanguinus.com

quiquou.eu

reclinataretama.com

saguinusoedipus.com

samplayeedmed.com

setadall.com

taxideataxus.com

testmieu.eu

tiressea.com

vramvram.eu

yadiothironen.com

bariatharg.com

myrmecobiusfasciatus.com

syncopmy.com

tuto4pc.com

csdi-media.com

haematocephala.com

30 of 30 related domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.