home

d.gostaller.com

Whois protection, this company does not own this domain name s.r.o.

Domain Information

The domain d.gostaller.com registered by Whois protection, this company does not own this domain name s.r.o. was initially registered in February of 2016 through ENOM, INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Nuremberg, Bayern within Germany which resides on the RIPE Network Coordination Centre network.
Registrar:
HEBEI GUOJI MAOYI (SHANGHAI) LTD DBA HEBEIDOMAINS.COM

Server location:
Bayern, Germany (DE)

Create date:
Tuesday, February 2, 2016

Expires date:
Thursday, February 2, 2017

Updated date:
Tuesday, February 2, 2016

ASN:
AS24940 HETZNER-AS Hetzner Online AG,DE

Root domain:
gostaller.com

Whois:
3 gostaller.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Vitallia.SecureLabsPayments.Installer (M), PUP.Installer.MaxSetup.c, PUP.Installer.MaxSetup.EE, PUP.Installer.MaxSetup.d, PUP.installCore.MaxSetup.Installer (M), PUP.Vitallia.SecureLa.Installer (M), PUP.installCore.WorldSet.Installer (M), PUP.Vittalia.QUICKIDE.Installer (M), PUP.installCore (M), PUP.Vitallia (M)
92.00%

VIPRE Antivirus
InstallCore.b, Threat.4788237, Threat.4150696
20.00%

AVG
MalSign.InstallC, InstallCore, Win.Threat.Medium, Could be an adware MultiBundle
20.00%

Agnitum Outpost
PUA.InstallCore
12.00%

Sophos
Install Core Click run software
12.00%

Avira AntiVirus
ADWARE/InstallCore.Gen7
12.00%

G Data
Win32.Application.InstallCore
12.00%

ESET NOD32
Win32/InstallCore.MJ potentially unwanted application, Win32/DownWare.J potentially unwanted application
12.00%

ESET NOD32
Win32/InstallCore.MJ (variant)
8.00%

Norman
Downware.PQ
8.00%

SUPERAntiSpyware
Trojan.Agent/Gen-Artemis
8.00%

Dr.Web
Trojan.Packed.24524
4.00%

Malwarebytes
PUP.Optional.InstallCore
4.00%

K7 AntiVirus
Unwanted-Program
4.00%

Vba32 AntiVirus
Downware.InstallCore
4.00%

The domain d.gostaller.com has been seen to resolve to the following 6 IP addresses.

103.224.182.232
May 21, 2016

103.224.182.241
lb-182-241.above.com
April 9, 2016

64.74.223.46
September 18, 2014

94.23.81.26
December 26, 2013

188.40.86.87
static.87.86.40.188.clients.your-server.de
December 26, 2013

87.98.226.154
December 26, 2013

File downloads found at URLs served by d.gostaller.com.

1 / 68      (PUP)
http://d.gostaller.com/d.php?name=Airxonix&version=&url=http://files.gooofull.com/resources/binaries/2008/.../7ee45232a017f9e58a4db0ea18d10198.exe&id=gooofull&img=&idv=  (airxonix_setup.exe)

1 / 68      (Adware)
http://d.gostaller.com/d.php?name=SopCast&version=3.5.0&url=http://files.gooofull.com/resources/.../&id=gooofull&img=&idv=  (sopcast_3.5.0_setup.exe)

1 / 68      (Adware)
http://d.gostaller.com/d.php?name=Sumotori Dreams&version=1.2&url=http://files.gooofull.com/resources/binaries/2008/.../c36c06b961f0137698d8a6b515c013f4.zip&id=gooofull&img=&idv=  (sumotori dreams_1.2_setup.exe)

1 / 68      (Adware)
http://d.gostaller.com/d.php?name=.NET Framework&version=4.0.30319.1 - Final&url=http://files.gooofull.com/resources/binaries/2010/.../82007fc2034b59113cd66a06d79b3202.exe&id=gooofull&img=&idv=  (net framework_4.0.30319.1 - final_setup.exe)

1 / 68      (PUP)
http://d.gostaller.com/.../audacity-win-2.0.2.exe&name=Audacity&idc=34&paym=1&ids=4934&ref=r9.audacity.descasoft.net&idv=812332e5a45a1a4a&idt=inst_9786355505337ffbae4182&idtaux=&ccod=Es&pwids=38&miid=125&id=  (596b82c048cca08d97b8afb24e3cfa8a)

1 / 68      (PUP)
http://d.gostaller.com/d.php?name=Granny in Paradise&version=&url=http://files.gooofull.com/resources/binaries/2008/.../14319ac7dacb97d23f48ba1596a51e6a.exe&id=gooofull&img=&idv=  (granny_in_paradise_setup.exe)

1 / 68      (Adware)
http://d.gostaller.com/d.php?name=SpongeBob SquarePants Obstacle Odyssey 2 &version=&url=http://files.gooofull.com/resources/binaries/2008/.../b57f3c5472c3d3a8bb211f93bc719f7a.exe&id=gooofull&img=&idv=  (spongebob squarepants obstacle odyssey 2__setup.exe)

1 / 68      (Adware)
http://d.gostaller.com/d.php?name=Gmail for Windows 7&version=1.0&url=http://files.gooofull.com/resources/binaries/2014/.../706bb31e05028f3369319cdc179bdc4d.exe&id=gooofull&img=&idv=  (gmail for windows 7_1.0_setup.exe)

1 / 68      (PUP)
http://d.gostaller.com/d.php?name=Granny in Paradise&version=&url=http://files.gooofull.com/resources/binaries/2008/.../14319ac7dacb97d23f48ba1596a51e6a.exe&id=gooofull&img=&idv=  (granny_in_paradise_setup.exe)

1 / 68      (Adware)
http://d.gostaller.com/d.php?name=Sumotori Dreams&version=1.2&url=http://files.gooofull.com/resources/binaries/2008/.../c36c06b961f0137698d8a6b515c013f4.zip&id=gooofull&img=&idv=  (sumotori dreams_1.2_setup.exe)

1 / 68      (Adware)
http://d.gostaller.com/d.php?name=Sumotori Dreams&version=1.2&url=http://files.gooofull.com/resources/binaries/2008/.../c36c06b961f0137698d8a6b515c013f4.zip&id=gooofull&img=&idv=  (sumotori dreams_1.2_setup.exe)

1 / 68      (Adware)
http://d.gostaller.com/d.php?name=Sumotori Dreams&version=1.2&url=http://files.gooofull.com/resources/binaries/2008/.../c36c06b961f0137698d8a6b515c013f4.zip&id=gooofull&img=&idv=  (sumotori dreams_1.2_setup.exe)

1 / 68      (Adware)
http://d.gostaller.com/d.php?name=Sumotori Dreams&version=1.2&url=http://files.gooofull.com/resources/binaries/2008/.../c36c06b961f0137698d8a6b515c013f4.zip&id=gooofull&img=&idv=  (sumotori dreams_1.2_setup.exe)

1 / 68      (Adware)
http://d.gostaller.com/d.php?name=HP Deskjet 6940 series&version=&url=http://files.gooofull.com/resources/.../0000001651_dl.exe&id=gooofull&img=&idv=  (hp deskjet 6940 series__setup.exe)

1 / 68      (Adware)
http://d.gostaller.com/d.php?name=Sumotori Dreams&version=1.2&url=http://files.gooofull.com/resources/binaries/2008/.../c36c06b961f0137698d8a6b515c013f4.zip&id=gooofull&img=&idv=  (sumotori dreams_1.2_setup.exe)

1 / 68      (PUP)
http://d.gostaller.com/d.php?name=Drive Rescue&version=1.9d&url=http://files.gooofull.com/resources/binaries/2009/.../6a37175bc4d775fcd41e1aeb077bf44a.exe&id=gooofull&img=&idv=  (drive_rescue_1.9d_setup.exe)

1 / 68      (PUP)
http://d.gostaller.com/d.php?name=Pro Evolution Soccer 6 Demo&version=&url=http://files.gooofull.com/resources/binaries/2008/.../b967af996d62e8eff45de9b17bdce46c.exe&id=gooofull&img=&idv=  (pro_evolution_soccer_6_demo_setup.exe)

1 / 68      (Adware)
http://d.gostaller.com/d.php?name=Nero Burning Rom&version=15.0.04600&url=http://files.gooofull.com/resources/binaries/2014/.../ebfb05382e840b0b55906698da785cb8.exe&id=gooofull&img=&idv=  (nero burning rom_15.0.04600_setup.exe)

1 / 68      (Adware)
http://d.gostaller.com/d.php?name=BS.Player&version=2.67.1076&url=http://files.gooofull.com/resources/binaries/2014/.../b50115dd7e48b4221ac847d4d39e6f72.exe&id=gooofull&img=&idv=  (bs.player_2.67.1076_setup.exe)

5 / 68      (PUP)
http://d.gostaller.com/d.php?name=SharePod&version=3.9.9&url=http://files.gooofull.com/resources/binaries/2013/.../f742c49b238aeef7d57d3d83b3233c2b.exe&id=gooofull&img=&idv=  (sharepod_3.9.9_setup.exe)

8 / 68      (PUP)
http://d.gostaller.com/d.php?name=Google AdWords Editor&version=10.1&url=http://files.gooofull.com/resources/binaries/2013/.../e32bd59db922b4c1595ae9f43daf72fd.msi&id=gooofull&img=&idv=  (google_adwords_editor_10.1_setup.exe)

12 / 68    (Adware)
http://d.gostaller.com/d.php?name=Natata eBook Compiler&version=Free 2.1 &url=http://files.gooofull.com/resources/binaries/2010/.../54e735f0cf8b87729a371d260b31bd6f.exe&id=gooofull&img=&idv=  (natata ebook compiler_free 2.1_setup.exe)

8 / 68      (Adware)
http://d.gostaller.com/d.php?name=Auslogics Disk Defrag&version=4.5&url=http://files.gooofull.com/resources/binaries/2014/.../02a5936508f658eff8bd5a41880dcdf8.exe&id=gooofull&img=&idv=  (Auslogics Disk Defrag_4.5_setup.exe)

8 / 68      (Adware)
http://d.gostaller.com/d.php?name=CutePDF Professional&version=Pro 3.61&url=http://files.gooofull.com/resources/binaries/2009/.../eeb6f39304ff2e4ce6930b9f01a0ce84.exe&id=gooofull&img=&idv=  (CutePDF Professional_Pro 3.61_setup.exe)

1 / 68      (PUP)
http://d.gostaller.com/d.php?name=Windows Doctor&version=2.5.0&url=http://files.gooofull.com/resources/binaries/2010/.../83fef60088a974d87b52c3a2c9e054d4.exe&id=gooofull&img=&idv=  (windows_doctor_2.5.0_setup.exe)

The following 16 files have been seen to comunicate with d.gostaller.com in live environments.

TCP » 103.224.182.241:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 103.224.182.232:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 103.224.182.241:80
uplus.exe (LoadMoneyWebSite)

TCP » 103.224.182.232:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 103.224.182.241:80
7tkkmsa v1.5.1.exe (KMS Activator by 7pm Tech)

TCP » 103.224.182.241:80
y03fd24.tmp

TCP » 103.224.182.241:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 103.224.182.241:80
torrent-search.exe (torrent-search)

TCP » 103.224.182.241:3000
dopipjen.exe

TCP » 103.224.182.232:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 103.224.182.232:80
uran.exe (Uran by uCoz Media and Chromium Authors)

TCP » 103.224.182.241:80
online-guardian-v2.0.9.exe

TCP » 103.224.182.241:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 103.224.182.232:80
ContentFinder.exe (ContentFinder by ContentFinder Software)

TCP » 103.224.182.241:80
skype_addon.crx

TCP » 103.224.182.241:3000
fzegwzshmv.exe (Mmradpzyxy nasxbzmaqh epdrtoxayhvufidy xwldikaaz fvfm by Yyqlkf gweeginvoxdfd dcaliect mmvqzaspb ryitflkjseyc zsiydrsyv)

TCP » 103.224.182.241:3000
fuheabyq.exe

URL:
http://d.gostaller.com/

Web server:
Apache

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.