home

www.truygulama.com

Privacy Protection Service INC d/b/a PrivacyProtect.org  (Proxy Registrant)

Domain Information

The domain www.truygulama.com is registered by proxy through FBS INC. and was originally registered in October of 2012. Currently this domain has been known to host various forms of malware. The hosted servers are located in Belfast, Northern Ireland within United Kingdom which resides on the RIPE Network Coordination Centre network.
Registrar:
FBS INC.

Server location:
Northern Ireland, United Kingdom (GB)

Create date:
Friday, October 19, 2012

Expires date:
Sunday, October 19, 2014

Updated date:
Friday, February 14, 2014

Root domain:
truygulama.com

Whois:
1 truygulama.com record

Scanner detections:
Malware distribution  (75% detected)

Scan engine
Details
Detections

Malwarebytes
Trojan.Agent.AI
100.00%

Fortinet FortiGate
W32/Zbot.ALG!tr, W32/Scar.HOEI!tr, W32/Agent.U!tr
100.00%

Qihoo 360 Security
Malware.QVM06.Gen, Malware.QVM11.Gen, HEUR/Malware.QVM06.Gen
75.00%

Quick Heal
(Suspicious) - DNAScan, TrojanPWS.AutoIt.Zbot.D
75.00%

Microsoft Security Essentials
Trojan:Win32/Cutolomo.A, Trojan:Win32/Malagent, Trojan:Win32/Malagent!gmb
75.00%

MicroWorld eScan
Trojan.GenericKDV.1038120, Trojan.GenericKD.1613667, Gen:Variant.Strictor.56278
75.00%

McAfee
RDN/Generic.dx!cgw, Artemis!4317A6BB033B, Artemis!629407001E99
75.00%

avast!
Win32:Malware-gen, Win32:Dropper-gen [Drp]
75.00%

Kaspersky
Trojan.Win32.Scar, Backdoor.Win32.Androm, Trojan.Win32.Autoit
75.00%

Bitdefender
Trojan.GenericKDV.1038120, Trojan.GenericKD.1613667, Gen:Variant.Strictor.56278
75.00%

F-Secure
Trojan.GenericKDV.1038120, Trojan.GenericKD.1613667, Gen:Variant.Strictor.52721
75.00%

Dr.Web
Trojan.AVKill.31251, Trojan.Inject1.40249, Trojan.Inject1.41704
75.00%

VIPRE Antivirus
Trojan.Win32.Generic
75.00%

Avira AntiVirus
TR/Kilim.A.12, TR/Drop.Autoit.aio.41, TR/Malagent.A.22938
75.00%

Emsisoft Anti-Malware
Trojan.GenericKDV.1038120, Trojan.GenericKD.1613667, Gen:Variant.Strictor.56278
75.00%

The domain www.truygulama.com has been seen to resolve to the following 3 IP addresses.

103.224.182.241
lb-182-241.above.com
June 6, 2016

92.242.140.21
unallocated.barefruit.co.uk
May 2, 2015

77.223.129.191
dns1.pitikareweb.net
March 1, 2014

File downloads found at URLs served by www.truygulama.com.

32 / 68    (Malware)
http://www.truygulama.com/fle2.php  (install_flashplayer12x32_x64mssd_aaa_aih.exe)

3 / 68      (inconclusive)
http://www.truygulama.com/fla2.php  (install_flashplayer11x32_mssd_aih.exe)

27 / 68    (Malware)
http://www.truygulama.com/wl2.php  (smart hd player installer.exe)

27 / 68    (Malware)
http://www.truygulama.com/fls2.php  (install_flashplayer12x32_x64mssd_aaa_aih.exe)

3 / 68      (inconclusive)
http://www.truygulama.com/flc2.php  (install_flashplayer11x32_mssd_aih.exe)

The following 242 files have been seen to comunicate with www.truygulama.com in live environments.

TCP » 92.242.140.21:80
smelled.exe (Smelled)

TCP » 103.224.182.241:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 92.242.140.21:443
dca-monitoring.exe (Compete DCA Monitoring Tool by Compete)

TCP » 92.242.140.21:80
marini.exe (Marini)

TCP » 103.224.182.241:80
uplus.exe (LoadMoneyWebSite)

TCP » 103.224.182.241:80
7tkkmsa v1.5.1.exe (KMS Activator by 7pm Tech)

TCP » 103.224.182.241:80
y03fd24.tmp

TCP » 92.242.140.21:443
client.exe (ClientWrapper)

TCP » 92.242.140.21:80
thebrowser.exe (TheBrowser by Goobzo)

TCP » 103.224.182.241:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 103.224.182.241:80
torrent-search.exe (torrent-search)

TCP » 92.242.140.21:443
dca-monitoring.exe (Compete DCA Monitoring Tool by Compete)

TCP » 103.224.182.241:3000
dopipjen.exe

TCP » 103.224.182.241:80
online-guardian-v2.0.9.exe

TCP » 103.224.182.241:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 92.242.140.21:443
WindowService.exe (WindowService)

TCP » 92.242.140.21:443
ciuninstall.exe

TCP » 92.242.140.21:1866
jutched.exe

TCP » 92.242.140.21:443
dca-monitoring.exe (Compete DCA Monitoring Tool by Compete)

TCP » 92.242.140.21:80
masterupdater.exe

 
Latest 20 of 242 files

URL:
http://www.truygulama.com/

Web server:
nginx (PleskLin)

Alexa:
Global rank:  77,434
Backlinks:  13

Compete.com:
US visitors:  29,108

Statistics are for the previous month (Alexa statistics are for entire truygulama.com).

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.