» dc325.gulfup.com
Overview
Analysis
IPs Addresses (1)
Downloads (3)
Website Detail

dc325.gulfup.com

FR Group

Domain Information

The domain dc325.gulfup.com registered by FR Group was initially registered in April of 2006 through GODADDY.COM, LLC. Currently this domain has been known to host various forms of malware. The hosted servers are located in Dronten, Flevoland within Netherlands which resides on the RIPE Network Coordination Centre network.

Registrant:

FR Group

Registrar:

GODADDY.COM, LLC

Server location:

Flevoland, Netherlands (NL)

Create date:

Thursday, April 6, 2006

Expires date:

Monday, April 3, 2023

Updated date:

Wednesday, February 25, 2015

ASN:

AS50673 SERVERIUS-AS Serverius Holding B.V.,NL

Root domain:

gulfup.com

Whois:

1 gulfup.com record

Google Safe Browsing:

unwanted

Scanner detections:

Malware distribution (67% detected)

Scan engine

Details

Detections

nProtect

Backdoor/W32.Bredavi.4026368

50.00%

ViRobot

Backdoor.Win32.S.Afcore.4026368

50.00%

Reason Heuristics

Unnamed.Threat.14

50.00%

MicroWorld eScan

Gen:Variant.Zusy.154973

50.00%

Quick Heal

Trojan.MSI.g3

50.00%

McAfee

Artemis!A75E1660B608

50.00%

Zillya! Antivirus

Trojan.Agent.Win32.570438

50.00%

K7 AntiVirus

Trojan

50.00%

Arcabit

Trojan.Zusy.D25D5D

50.00%

Agnitum Outpost

Trojan.Agent

50.00%

ESET NOD32

Generik.FDEUQJH (variant)

50.00%

avast!

Win32:Malware-gen

50.00%

Kaspersky

Trojan.MSIL.Agent

50.00%

Bitdefender

Gen:Variant.Zusy.154973

50.00%

NANO AntiVirus

Trojan.Win32.Agent.dvuavh

50.00%

The domain dc325.gulfup.com has been seen to resolve to the following IP address.

5.255.89.70

May 6, 2015

File downloads found at URLs served by dc325.gulfup.com.

28 / 68 (Malware)

http://dc325.gulfup.com/8kdA0H.exe (play.exe)

0 / 68

http://dc325.gulfup.com/PpVoT7.txt?gu=HRDykHdI6ngOJlziaLE4yA&e=1443233435&n=66696c656e616d652a3d5554462d3827274265696e73706f727425323073616e73636f6f6b6965732532306279253230464f782e747874 (beinsport sanscookies by fox.txt)

3 / 68 (Malware)

http://dc325.gulfup.com/JiwGUe.exe (calc.exe)

URL:

http://dc325.gulfup.com/

Web server:

Gulfup.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.