home

www.malekal.com

BERTRAND Thibault

Domain Information

The domain www.malekal.com registered by BERTRAND Thibault was initially registered in December of 2002 through GANDI SAS. Currently this domain has been known to host various forms of malware. The hosted servers are located in Clermont-Ferrand, Auvergne within France which resides on the RIPE Network Coordination Centre network.
Registrar:
GANDI SAS

Server location:
Auvergne, France (FR)

Create date:
Saturday, December 28, 2002

Expires date:
Thursday, December 28, 2017

Updated date:
Friday, August 21, 2015

ASN:
AS16276 OVH OVH SAS,FR

Root domain:
malekal.com

Whois:
2 malekal.com records

Scanner detections:
Malware distribution  (60% detected)

Scan engine
Details
Detections

McAfee
GenericTRA-BE!FBC207AD85D0, Artemis!59538D76EA7D, Artemis!C1DB9BDF885C, Artemis!F6F0365FCCF1
100.00%

Norman
Troj_Generic.KAGGB, Suspicious_Gen2.VJEQF, BlacoleRef.Z, Suspicious_Gen2.VQZCZ
100.00%

Vba32 AntiVirus
Trojan-Downloader.Autoit.gen
100.00%

VIPRE Antivirus
Trojan.Win32.Generic
75.00%

IKARUS anti.virus
Virus.Win32.Dropper, Worm.Win32.AutoIt, Win32.SuspectCrc
75.00%

Comodo Security
UnclassifiedMalware
75.00%

Bkav FE
W32.FantimeX.Trojan
50.00%

MicroWorld eScan
HEUR:Trojan-Downloader.Win32.Generic, Win32.SuspectCrc
50.00%

Trend Micro House Call
TROJ_SPNR.0BDG13, HV_DORIFEL_CH160260.UVPA
50.00%

Reason Heuristics
Unnamed.Threat.18
50.00%

F-Prot
W32/Undefined.Threat
50.00%

AVG
Worm/Autoit
50.00%

Sophos
Mal/Generic-S
25.00%

Trend Micro
TROJ_SPNR.0BDG13
25.00%

AhnLab V3 Security
ASD.Prevention
25.00%

The domain www.malekal.com has been seen to resolve to the following IP address.

94.23.44.69
ns206195.ovh.net
February 3, 2014

File downloads found at URLs served by www.malekal.com.

0 / 68
http://www.malekal.com/.../SpyHunter-Installer.exe.zip  (cacf58cdf8dd45beeba52179678bfd5b)

9 / 68      (inconclusive)
http://www.malekal.com/HOSTS_filtre/.../HOSTS_Anti-Adware.exe  (59538d76ea7d0fe8283d72265833e0e4)

10 / 68    (Malware)
http://www.malekal.com/HOSTS_filtre/.../HOSTS_Anti-Adware_main.exe  (c1db9bdf885c2f1adc15264fbea2788f)

9 / 68      (Malware)
http://www.malekal.com/HOSTS_filtre/.../HOSTS_Install_V2.exe  (f6f0365fccf1c2008515a4202a36ca5d)

13 / 68    (Malware)
http://www.malekal.com/HOSTS_filtre/.../Install_HOSTS_Anti-Adware.exe  (fbc207ad85d053d4fd9dd93c595d1a1d)

The following 2 files have been seen to comunicate with www.malekal.com in live environments.

TCP » 94.23.44.69:80
browser.exe (Browser)

TCP » 94.23.44.69:80
SBRender.exe (SlimBrowser Rendering Process by FlashPeak)

URL:
http://www.malekal.com/

Google Analytics:
UA-88499

Title:
“malekal's site | site entraide informatique”

Description:
“Les Ransomwares et rançongiciels, une menace informatique, virus en augmentation.”

SSL certificate subject:
CN=www.malekal.com, OU=Gandi Standard SSL, OU=Domain Control Validated

SSL certificate issuer:
CN=Gandi Standard SSL CA 2, O=Gandi, L=Paris, S=Paris, C=FR

Web server:
nginx (PHP/5.6.13-0+deb8u1)

Facebook:
Likes:  248
Shares:  345
Comments:  136

Statistics are for the previous month.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.