» gmload.net
Overview
Analysis
IPs Addresses (3)
Downloads (22)
Website Detail
Related Domains (4)

gmload.net

Chastnoe litso

Domain Information

The domain gmload.net registered by Chastnoe litso was initially registered in August of 2014 through PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Nuremberg, Bayern within Germany which resides on the RIPE Network Coordination Centre network.

Registrant:

Chastnoe litso

Registrar:

PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

Server location:

Bayern, Germany (DE)

Create date:

Saturday, August 23, 2014

Expires date:

Tuesday, August 23, 2016

Updated date:

Friday, August 7, 2015

ASN:

AS24940 HETZNER-AS Hetzner Online GmbH,DE

Whois:

2 gmload.net records

Scanner detections:

Detections (95% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.iDatixCorporation.HH, PUP.OOOSoftMedia.M, PUP.iDatixCorporation.a, Threat.Win.Reputation.IMP, PUP.iDatixCorporation.X, PUP.OOOSoftM (M)

100.00%

avast!

Win32:Webalta-Y [PUP], Win32:Webalta-M [PUP], Win32:Adware-gen [Adw]

33.33%

Avira AntiVirus

ADWARE/Adware.Gen, APPL/LoadMoney.qoys, TR/Strictor.64839

33.33%

Sophos

WebAlta Toolbar, PUA 'WebAlta Toolbar' (of type Adware)

33.33%

Vba32 AntiVirus

Downware.iDatix.gen

33.33%

AVG

Could be an adware AdLoad

33.33%

Dr.Web

Adware.Webalta.675, Adware.Downware.5907, Trojan.DownLoader11.30028, Trojan.LoadMoney.362, Trojan.Packed.28612

33.33%

K7 AntiVirus

Adware

33.33%

Comodo Security

Application.Win32.Webalta.FL, Application.Win32.AgentCV.HWYF, Application.Win32.Webalta.GU, Application.Win32.Webalta.GZ

28.57%

MicroWorld eScan

Application.LoadMoney.R, Gen:Variant.Zusy.108353, Gen:Variant.Zusy.108226

28.57%

Zillya! Antivirus

Downloader.LMN.Win32.116214, Trojan.Black.Win32.19353, Downloader.LMN.Win32.130348, Trojan.Black.Win32.19637, Trojan.Black.Win32.19253

28.57%

NANO AntiVirus

Trojan.Win32.LMN.dejjnp, Trojan.Win32.LMN.dfykpx, Trojan.Win32.LMN.delyxt, Trojan.Win32.LMN.dgjnwf, Trojan.Win32.Toolbar.dghfjz

28.57%

Bitdefender

Application.LoadMoney.R, Gen:Variant.Zusy.108353, Gen:Variant.Zusy.108226, Gen:Variant.Adware.Strictor.64839

28.57%

F-Prot

W32/A-60a331ce, W32/A-2a282aa4, W32/A-dc5b6e3d, W32/A-43d29137

28.57%

G Data

Application.LoadMoney, Gen:Variant.Zusy.108353, Gen:Variant.Zusy.108226, Gen:Variant.Adware.Strictor.64839

28.57%

The domain gmload.net has been seen to resolve to the following 3 IP addresses.

178.63.166.148

static.148.166.63.178.clients.your-server.de

February 24, 2016

5.79.80.68

October 9, 2014

46.165.233.24

hosted-by.leaseweb.com

August 28, 2014

File downloads found at URLs served by gmload.net.

1 / 68 (Adware)

http://gmload.net/install.php?rid=552&name=dmticmVha2Vy&url=aHR0cDovL0FSQ0hDTE9VRC1MT0FESU5HLlJVLzE2MTAxNDE1L3ZrYnJlYWtlci56aXA= (vkbreaker.exe)

1 / 68 (Malware)

http://gmload.net/install.php?rid=1302&name=Y3ViYXNlbGVtZW50cy5pc28uc29mdHRvcnJlbnQucnUudG9ycmVudA==&url=aHR0cDovL2Z0cDMuc29mdHRvcnJlbnQucnUvdG9ycmVudC9jdWJhc2VsZW1lbnRzLmlzby5zb2Z0dG9ycmVudC5ydS50b3JyZW50 (cubaselements.iso.softtorrent.ru.torrent.exe)

1 / 68 (Adware)

http://gmload.net/install.php?rid=1202&url=aHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2Rvd25sb2FkL3JudTU1dTlqajhyODExaC9NaWNyb3NvZnQtT2ZmaWNlLTIwMTAucmFy&name=bWljcm9zb2Z0LW9mZmljZS0yMDEwcmFy (microsoft-office-2010rar.exe)

1 / 68 (Adware)

http://gmload.net/install.php?rid=592&url=aHR0cDovL3MyLmZpbGUtc3BhY2Uub3JnL2Rvd24vNHJqcHdXai1DWC8xNDEyMjc3NDA1L2R2UnZQMmpRdS1FZGNXMFYwYjhPZXcvNjczLzAvNjczL05vcnRvbl8tX0ludGVybmV0X1NlY3VyaXR5XzEuemlw&name=Tm9ydG9uXy1fSW50ZXJuZXRfU2VjdXJpdHlfMQ== (norton_-_internet_security_1.exe)

1 / 68 (Adware)

http://gmload.net/install.php?rid=1202&url=aHR0cDovL2FudGl0YWJsZXRrYS5ydS93cC1jb250ZW50L3VwbG9hZHMvMjAxNC8wOS9Ob3J0b24tTklTLTA2LTA5LTIwMTQucmFy&name=bm9ydG9uLW5pcy0wNi0wOS0yMDE0cmFy (norton-nis-06-09-2014rar.exe)

1 / 68 (Adware)

http://gmload.net/install.php?rid=155&url=aHR0cDovL3d3dy5zb2x2ZWlnbW0uY29tL2Rvd25sb2FkL1NvbHZlaWdNTV9BVklfVHJpbW1lcl9NS1YuZXhl&name=QVZJX1RyaW1tZXJfTUtW (avi_trimmer_mkv.exe)

1 / 68 (Adware)

http://gmload.net/install.php?rid=1139&url=aHR0cDovL2ZpbGUudG9ycmVudC1nYW1lcy5uZXQvVGhlU2ltczMyMDA5UENfMTM1Mjg4Mzk2Mi50b3JyZW50&name=VGhlU2ltczMyMDA5UENfMTM1Mjg4Mzk2Mi50b3JyZW50 (thesims32009pc_1352883962.torrent.exe)

1 / 68 (Adware)

http://gmload.net/install.php?rid=1139&url=aHR0cDovL2ZpbGVzMS50b3JyZW50LWdhbWVzLm5ldC9UaGUlMjBTSU1TJTIwNCUyMERlbHV4ZSUyMEVkaXRpb25fMTQxMTk3NTI2NC50b3JyZW50&name=VGhlJTIwU0lNUyUyMDQlMjBEZWx1eGUlMjBFZGl0aW9uXzE0MTE5NzUyNjQudG9ycmVudA== (the sims 4 deluxe edition_1411975264.torrent.exe)

1 / 68 (Adware)

http://gmload.net/install.php?rid=1330&url=aHR0cDovL3JvenVtYWthLmNvbS93cC1jb250ZW50L3VwbG9hZHMvMjAxNC8wOS9NaW5pLXByb2VrdC4tVml5YXZsZW5ueWEtcGlsdS12LXBvdml0cmktdGEtdnN0YW5vdmxlbm55YS1kemhlcmVsLXlvZ28temFicnVkbmVubnlhLmRvYw==&name=TWluaS1wcm9la3QuLVZpeWF2bGVubnlhLXBpbHUtdi1wb3ZpdHJpLXRhLXZzdGFub3ZsZW5ueWEtZHpoZXJlbC15b2dvLXphYnJ1ZG5lbm55YS5kb2M= (mini-proekt.-viyavlennya-pilu-v-povitri-ta-vstanovlennya-dzherel-yogo-zabrudnennya.doc.exe)

1 / 68 (Malware)

http://gmload.net/install.php?rid=640&name=RklGQV8yMDA3X1Vrcl9MX1t0ZmlsZS5ydV0udG9ycmVudA==&url=aHR0cDovL3RmaWxlLm1lL2ZvcnVtL2Rvd25sb2FkLnBocD9pZD02MTUzNiZ1az0xMTExMTExMTEx (fifa_2007_ukr_l_[tfile.ru].torrent.exe)

1 / 68 (Malware)

http://gmload.net/install.php?rid=803&url=aHR0cDovL3JhcmxhYi5jb20vcmFyL3dyYXI1MTBydS5leGU=&name=d3JhcjUxMHJ1 (wrar510ru.exe)

1 / 68 (Malware)

http://gmload.net/install.php?rid=1330&url=aHR0cDovL3JvenVtYWthLmNvbS93cC1jb250ZW50L3VwbG9hZHMvMjAxNC8xMC9WaW5haG9kaS1seXVkc3R2YS5kb2M=&name=VmluYWhvZGktbHl1ZHN0dmEuZG9j (vinahodi-lyudstva.doc.exe)

1 / 68 (Malware)

http://gmload.net/install.php?rid=800&url=aHR0cDovL2tleWdhbWV6LnJ1L2xvYWQvMC0wLTEtNjUtMjA=&name=TmVlZCBGb3IgU3BlZWQgSG90IFB1cnN1aXQ= ({blocked}.exe)

28 / 68 (PUP)

http://gmload.net/install.php?rid=1202&url=aHR0cDovL2FuLmFudGl0YWJsZXRrYS5ydS9kb3dsb2Fkcy9NaWNyb3NvZnQtT2ZmaWNlLTIwMTAucmFy&name=bWljcm9zb2Z0LW9mZmljZS0yMDEwcmFy (microsoft-office-2010rar.exe)

11 / 68 (Adware)

http://gmload.net/install.php?rid=592&url=aHR0cDovL3MyLmZpbGUtc3BhY2Uub3JnL2Rvd24vQlFvTVF2S3dsWS8xNDEyMTE2MTQxL2ZHbVU5aS0zSGJXWlNtRklaLVNWR3cvNjgxNC8wLzY4MTQvV2luZG93cy5Mb2FkZXIudjIuMi4yLnppcA==&name=V2luZG93cy5Mb2FkZXIudjIuMi4y (windows.loader.v2.2.2__592.exe)

24 / 68 (PUP)

http://gmload.net/install.php?rid=1109&url=aHR0cDovL3J1c2lmaWNhdG9yZ2FtZS51Y296LnJ1L2xvYWQvMC0wLTAtNjItMjA=&name=UnVzaWZpa2F0b3IgZGx5YSBBcm1BIDM= (rusifikator dlya arma 3.exe)

25 / 68 (PUP)

0 / 68

http://gmload.net/install.php?rid=157&name=YXJjaGl2ZV85MjMxMV9zZXR1cA==&url=aHR0cDovL3BjcG9ydGFsLm9yZy5ydS9nbz9odHRwOi8vZG93bmxvYWQubWljcm9zb2Z0LmNvbS9kb3dubG9hZC8yL0QvNS8yRDVFNTg4NS0xQjE3LTRFQjAtOEU3NC05RTg5NjRFOTdFQjAvTWF0c19SdW4uZGV2aWNlcy5leGU= (mats_run.devices.exe)

21 / 68 (PUP)

http://gmload.net/install.php?rid=592&url=aHR0cDovL3MyLmZpbGUtc3BhY2Uub3JnL2Rvd24va05TRU8ySUVaei8xNDE0MDk2MzE1L2lMUllPcWJFdWZZMW9DYjVOQXVqc3cvMjkwNS8wLzI5MDUvRHplcnpoaW5za2l5X0YuX1lhX19WYXNpbGV2X0IuX0RfX01hbGFob3ZfVi5fVi5fLV9ab29sb2dpeWFfcG96dm9ub2NobnloX19WeXNzaGVlX3Byb2Zlc3Npb25hbG5vZV9vYnJhem92YW5pZS5fQmFrYWxhdnJpYXRfXy1fMjAxMy5yYXI=&name=RHplcnpoaW5za2l5X0YuX1lhX19WYXNpbGV2X0IuX0RfX01hbGFob3ZfVi5fVi5fLV9ab29sb2dpeWFfcG96dm9ub2NobnloX19WeXNzaGVlX3Byb2Zlc3Npb25hbG5vZV9vYnJhem92YW5pZS5fQmFrYWxhdnJpYXRfXy1fMjAxMw== (dzerzhinskiy_f._ya__vasilev_b._d__malahov_v._v._-_zoologiya_pozvonochnyh__vysshee_professionalnoe_ob)

20 / 68 (Adware)

http://gmload.net/install.php?rid=1108&name=Sm92ZXNNb2RQYWNr&url=aHR0cDovL21vZHMtYnktam92ZS5ydS9Kb3Zlc01vZFBhY2suZXhl (jovesmodpack.exe)

25 / 68 (PUP)

http://gmload.net/install.php?rid=1132&name=0KfQtdGA0LXQv9Cw0YjQutC4LdC90LjQvdC00LfRjyAyMDE0INCyINGF0L7RgNC 0YjQtdC8INC60LDRh9C10YHRgtCy0LU=&url= (r§rµsђrµrїr°s€rєre_rѕrerѕrґr·sџ_2014_rі_s…rѕsђrґb4_t_-4.ґ_4af.exe)

URL:

http://gmload.net/

Title:

“phpinfo()”

Web server:

nginx (PHP/5.4.16)

Related Domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.