» perf.gepseguridad.com
Overview
Analysis
IPs Addresses (1)
Downloads (2)
Network (3)
Website Detail
Related Domains (6)

perf.gepseguridad.com

Grupo Isec S.L.

Domain Information

The domain perf.gepseguridad.com registered by Grupo Isec S.L. was initially registered in April of 2014 through OVH. Currently this domain has been known to host various forms of malware. The hosted servers are located in Roubaix, Nord-Pas-De-Calais within France which resides on the RIPE Network Coordination Centre network.

Registrant:

Grupo Isec S.L.

Registrar:

OVH

Server location:

Nord-Pas-De-Calais, France (FR)

Create date:

Saturday, April 26, 2014

Expires date:

Tuesday, April 26, 2016

Updated date:

Tuesday, November 17, 2015

ASN:

AS16276 OVH OVH SAS,FR

Root domain:

gepseguridad.com

Whois:

1 gepseguridad.com record

Scanner detections:

Malware distribution (100% detected)

Scan engine

Details

Detections

MicroWorld eScan

Trojan.Generic.14630398

100.00%

nProtect

Trojan.Generic.14630398

100.00%

Quick Heal

TrojanPWS.AutoIt.Zbot.F

100.00%

McAfee

Artemis!69A4BCC8200F, Artemis!2A989FD71892

100.00%

Bitdefender

Trojan.Generic.14630398

100.00%

K7 AntiVirus

Trojan

100.00%

avast!

Win32:Evo-gen [Susp], Win32:Malware-gen

100.00%

Kaspersky

Trojan-Dropper.Win32.Injector

100.00%

Lavasoft Ad-Aware

Trojan.Generic.14630398

100.00%

Emsisoft Anti-Malware

Trojan.Generic.14630398

100.00%

Avira AntiVirus

DR/AutoIt.Gen

100.00%

Arcabit

Trojan.Generic.DDF3DFE

100.00%

AhnLab V3 Security

Trojan/Win32.Agent

100.00%

G Data

Trojan.Generic.14630398

100.00%

Vba32 AntiVirus

Trojan.Autoit.F

100.00%

The domain perf.gepseguridad.com has been seen to resolve to the following IP address.

87.98.231.18

cluster007.ovh.net

March 2, 2016

File downloads found at URLs served by perf.gepseguridad.com.

26 / 68 (Malware)

http://perf.gepseguridad.com/?q=uTorrent32-64bits.exe (2a989fd718925d7ca9f2781a82eb44b0)

18 / 68 (Malware)

http://perf.gepseguridad.com/?q=uTorrent32-64bits.exe (69a4bcc8200fcb2129a4b622487d6509)

The following 3 files have been seen to comunicate with perf.gepseguridad.com in live environments.

TCP » 87.98.231.18:80

jingling.exe

TCP » 87.98.231.18:80

onlineguardian-v2.exe

TCP » 87.98.231.18:80

online-guardian-v2.0.9.exe

URL:

http://perf.gepseguridad.com/

Web server:

Apache

Related Domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.