home

goz.heimdalsecurity.com

Contact Privacy Inc. Customer 0135558477  (Proxy Registrant)

Domain Information

The domain goz.heimdalsecurity.com is registered by proxy through TUCOWS DOMAINS INC. and was originally registered in September of 2013. The hosted servers are located in Ashburn, Virginia within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below).
Registrar:
TUCOWS DOMAINS INC.

Server location:
Virginia, United States (US)

Create date:
Sunday, September 15, 2013

Expires date:
Monday, September 15, 2014

Updated date:
Friday, June 13, 2014

Root domain:
heimdalsecurity.com

Whois:
1 heimdalsecurity.com record

The domain goz.heimdalsecurity.com has been seen to resolve to the following 8 IP addresses.

216.137.33.130
server-216-137-33-130.iad2.r.cloudfront.net
September 3, 2014

216.137.33.4
server-216-137-33-4.iad2.r.cloudfront.net
September 3, 2014

54.230.103.198
server-54-230-103-198.iad2.r.cloudfront.net
September 3, 2014

54.230.103.86
server-54-230-103-86.iad2.r.cloudfront.net
September 3, 2014

54.230.102.47
server-54-230-102-47.iad2.r.cloudfront.net
September 3, 2014

54.230.101.161
server-54-230-101-161.iad2.r.cloudfront.net
September 3, 2014

54.230.100.118
server-54-230-100-118.iad2.r.cloudfront.net
September 3, 2014

216.137.33.174
server-216-137-33-174.iad2.r.cloudfront.net
September 3, 2014

File downloads found at URLs served by goz.heimdalsecurity.com.

0 / 68
http://goz.heimdalsecurity.com/HeimdalSetup.exe  (461b8d4dae8b26c9042332b2640b0b49)

The following file have been seen to comunicate with goz.heimdalsecurity.com in live environments.

TCP » 54.230.101.161:80
ctfmon.exe

URL:
http://goz.heimdalsecurity.com/

Google Analytics:
UA-24254239

Title:
“Heimdal Security - Zeus Gameover (P2P) & Cryptolocker Detection and Removal Tool”

Description:
“Heimdal proactively detects, removes and protects your system against the latest malware threats, such as Zeus Gameover (P2P) or Cryptolocker.”

Network:
Amazon Cloudfront

SSL certificate subject:
CN=*.heimdalsecurity.com, O=CSIS Security Group A/S, L=Copenhagen K, S=Copenhagen, C=DK

SSL certificate issuer:
CN=GlobalSign Organization Validation CA - G2, O=GlobalSign nv-sa, C=BE

Web server:
AmazonS3

Facebook:
Likes:  27
Shares:  28
Comments:  21

Statistics are for the previous month.

heimdalagent.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.