home

mires.eorezo.com

haurais jl

Domain Information

The domain mires.eorezo.com registered by haurais jl was initially registered in March of 2004 through GANDI SAS. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Roubaix, Nord-Pas-De-Calais within France which resides on the RIPE Network Coordination Centre network.
Registrar:
GANDI SAS

Server location:
Nord-Pas-De-Calais, France (FR)

Create date:
Friday, March 19, 2004

Expires date:
Sunday, March 19, 2017

Updated date:
Friday, February 13, 2015

ASN:
AS16276 OVH OVH SAS,FR

Root domain:
eorezo.com

Whois:
3 eorezo.com records

Google Safe Browsing:
unwanted

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Tuto4PC.N, PUP.Installer.TUTO4PCCOMINTERNATIONALSL.N, PUP.Installer.TUTO4PCCOMINTERNATIONALSL.K, PUP.Eorezo.EorezoTu.Installer (M)
100.00%

Malwarebytes
PUP.Eorezo, Adware.EoRezo
75.00%

avast!
Win32:Eorezo-AI [PUP], Win32:Eorezo-CC [PUP], Win32:Eorezo-CB [PUP]
75.00%

Dr.Web
Adware.Siggen.24550, Adware.Downware.1597
75.00%

ESET NOD32
Win32/Adware.EoRezo.AC, Win32/Adware.EoRezo.AT (variant)
75.00%

Avira AntiVirus
Adware/EoRezo.G, Adware/EoRezo.BE.2
62.50%

MicroWorld eScan
Trojan.Generic.8513548, Adware.Eorezo.AX
50.00%

nProtect
Adware.Eorezo.AL, Adware.Eorezo.AX
50.00%

Trend Micro House Call
TROJ_GEN.R0CBH0AJO13, TROJ_GEN.F47V1226
50.00%

Bitdefender
Trojan.Generic.8513548, Adware.Eorezo.AX
50.00%

Sophos
EoRezo Adware, Eorezo
50.00%

F-Secure
Trojan.Generic.8513548, Adware.Eorezo.AX
50.00%

Emsisoft Anti-Malware
Trojan.Generic.8513548, Adware.Eorezo.AX
50.00%

G Data
Trojan.Generic.8513548, Adware.Eorezo.AX
50.00%

IKARUS anti.virus
AdWare.Win32.EoRezo, AdWare.Eorezo
50.00%

The domain mires.eorezo.com has been seen to resolve to the following 4 IP addresses.

176.31.126.133
dl6.eorezo.com
April 17, 2016

37.59.30.197
dl4.eorezo.com
February 3, 2014

198.245.62.89
dl2.eorezo.com
December 11, 2013

176.31.126.119
dl7.eorezo.com
November 16, 2013

File downloads found at URLs served by mires.eorezo.com.

1 / 68      (Adware)
http://mires.eorezo.com/clib/eorezo/es//.../webinstall_es.exe  (f63593fb42cc13adfa8c318b73ae6181)

1 / 68      (Adware)
http://mires.eorezo.com/clib/eorezo/es//.../webinstall_es.exe  (01a355fa23098badd45e983d0e250af6)

6 / 68      (Adware)
http://mires.eorezo.com/download/.../setup_clickmein_fst_pl_30.exe  (nseadc9.tmp.exe)

18 / 68    (Adware)
http://mires.eorezo.com/download/.../setup_tuguu_fst_fr_35.exe  (freesofttoday.exe)

7 / 68      (Adware)
http://mires.eorezo.com/download/.../setup_clickmein_fst_pl_14.exe  (nss3fc1.tmp.exe)

22 / 68    (Adware)
http://mires.eorezo.com/clib/eorezo/es/.../webinstall_es.exe  (33752e282fdcdeee399b1238e4e152c7)

22 / 68    (Adware)
http://mires.eorezo.com/clib/eorezo/es/.../webinstall_es.exe  (366d4df97e9e31845894081bfc27dd17)

22 / 68    (Adware)
http://mires.eorezo.com/clib/eorezo/es/.../webinstall_es.exe  (b407ee421b2f439145095e1dcf261f66)

The following 10 files have been seen to comunicate with mires.eorezo.com in live environments.

TCP » 176.31.126.119:80
Client.exe

TCP » 176.31.126.119:80
Client.exe

TCP » 176.31.126.119:80
wgpro.tmp

TCP » 176.31.126.119:80
nss279.tmp

TCP » 176.31.126.133:80
wgpro.tmp

TCP » 176.31.126.133:80
nsh61b2.tmp

TCP » 176.31.126.133:80
nsr8816.tmp

TCP » 176.31.126.133:80
nss279.tmp

TCP » 176.31.126.133:80
updpcc_en_014020153.exe

TCP » 37.59.30.197:80
nss6027.tmp

TCP » 37.59.30.197:80
bc595c310903369e50e3e112aefc06dc.exe

TCP » 37.59.30.197:80
nsr4ba7.tmp

URL:
http://mires.eorezo.com/

Title:
“eoRezo”

Web server:
Apache/2.2.16 (Debian) PHP/5.3.3-7+squeeze25 with Suhosin-Patch mod_ssl/2.2.16 OpenSSL/0.9.8o mod_perl/2.0.4 Perl/v5.10.1

buboascalaphus.com

custotorade.com

dasoftopc.com

dtxpc.com

dysodiopsis.com

egiossis.com

eudyptulaminor.com

gruscanadensis.com

hcuoteno.com

kiklou.eu

kochialaetum.com

nectophrynoides.com

physetermacrocephalus.com

proteusanguinus.com

quiquou.eu

reclinataretama.com

saguinusoedipus.com

samplayeedmed.com

setadall.com

taxideataxus.com

testmieu.eu

tiressea.com

vramvram.eu

yadiothironen.com

bariatharg.com

myrmecobiusfasciatus.com

syncopmy.com

tuto4pc.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.