home

www.gemtree.com

Jaroslav Knapek

Domain Information

The domain www.gemtree.com registered by Jaroslav Knapek was initially registered in December of 1998 through TUCOWS DOMAINS INC.. Currently this domain has been known to host various forms of malware. The hosted servers are located in Lhenice, Jihocesky Kraj within Czech Republic which resides on the RIPE Network Coordination Centre network.
Registrar:
TUCOWS DOMAINS INC.

Server location:
Jihocesky Kraj, Czech Republic (CZ)

Create date:
Tuesday, December 29, 1998

Expires date:
Saturday, December 29, 2018

Updated date:
Tuesday, December 22, 2015

ASN:
AS24806 INTERNET-CZ INTERNET CZ, a.s.,CZ

Root domain:
gemtree.com

Whois:
1 gemtree.com record

Scanner detections:
Malware distribution  (71% detected)

Scan engine
Details
Detections

Norman
Win32.Sality.3, Win32.Ramnit, Gen:Variant.Kazy.617935
100.00%

F-Prot
W32/MalwareF.JQFC, W32/Sality.gen2, W32/Ramnit.B, W32/Ramnit.B!Generic
66.67%

McAfee
Trojan.Artemis!9C9AAAFE31D8, Virus.W32/Sality.gen.z, Virus.W32/Ramnit.a
66.67%

avast!
Win32:SaliCode, Win32:Quolko, Win32:Ramnit-CC [Trj]
50.00%

AVG
Win32/Sality, Win32/Ramnit.A, Win32/Zbot.G
50.00%

Reason Heuristics
Threat.Win.Reputation.IMP
33.33%

VIPRE Antivirus
Threat.4150696, Threat.4721115
33.33%

Dr.Web
Win32.Sector.30, Win32.Rmnet.56
33.33%

Emsisoft Anti-Malware
Win32.Sality, Gen:Variant.Kazy.617935
33.33%

Bkav FE
W32.Clod77a.Trojan
16.67%

Malwarebytes
Joke.Stressreducer
16.67%

Clam AntiVirus
Joke.Stressreducer
16.67%

Comodo Security
TrojWare.Win32.GameThief.Steam.s
16.67%

AhnLab V3 Security
Win-Joke/Stressreducer.1283584
16.67%

Rising Antivirus
PE:Trojan.Win32.Generic.12A32AE8!312683240
16.67%

The domain www.gemtree.com has been seen to resolve to the following IP address.

81.2.194.165
c165un.forpsi.com
February 26, 2016

File downloads found at URLs served by www.gemtree.com.

0 / 68
http://www.gemtree.com/.../desktop.exe  (b8091faa708213f2920f63a7d26b00dc)

2 / 68      (inconclusive)
http://www.gemtree.com/.../pet223en.exe  (9c9aaafe31d84e4424df1fe6e649ab88)

10 / 68    (Malware)
http://www.gemtree.com/.../desktop.exe  (ffc41bd361cfd179bc66b19dfc295a2a)

1 / 68      (Malware)
http://www.gemtree.com/.../desktop.exe  (d2d533dfa922d181af620735de63901a)

8 / 68      (Malware)
http://www.gemtree.com/.../desktop.exe  (71825fc2589dc76f4f6bf0d491101b40)

6 / 68      (Malware)
http://www.gemtree.com/.../desktop.exe  (9fff4a00c8bfbc2d4d7d75268337389b)

10 / 68    (Infected)
http://www.gemtree.com/.../desktop.exe  (9864e93e014cb402da3429b3eeb3e696)

URL:
http://www.gemtree.com/

Title:
“Gemtree Software - Playing with Programming by Visual Programming Tool Peter”

Description:
“Gemtree Software - Visual programming tool Peter designated for easy and quick creation of applications for Windows 95/98/NT/2000/XP”

Web server:
Apache/1.3.41 (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8k

Facebook:
Likes:  4
Shares:  27
Comments:  10

Statistics are for the previous month.

autopen.net

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.