www.malekal.com

BERTRAND Thibault

Domain Information

The domain www.malekal.com registered by BERTRAND Thibault was initially registered in December of 2002 through GANDI SAS. Currently this domain has been known to host various forms of malware. The hosted servers are located in Clermont-Ferrand, Auvergne within France which resides on the RIPE Network Coordination Centre network.
Registrar:
GANDI SAS

Server location:
Auvergne, France (FR)

Create date:
Saturday, December 28, 2002

Expires date:
Thursday, December 28, 2017

Updated date:
Friday, August 21, 2015

ASN:
AS16276 OVH OVH SAS,FR

Root domain:

Scanner detections:
Malware distribution  (80% detected)

Scan engine
Details
Detections

McAfee
GenericTRA-BE!FBC207AD85D0, Artemis!59538D76EA7D, Artemis!C1DB9BDF885C, Artemis!F6F0365FCCF1
100.00%

Norman
Troj_Generic.KAGGB, Suspicious_Gen2.VJEQF, BlacoleRef.Z, Suspicious_Gen2.VQZCZ
100.00%

McAfee Web Gateway
GenericTRA-BE!FBC207AD85D0, Artemis!59538D76EA7D, Artemis!C1DB9BDF885C, Artemis!F6F0365FCCF1
100.00%

Vba32 AntiVirus
Trojan-Downloader.Autoit.gen
100.00%

CMC Antivirus
Trojan.Win32.Generic!O
100.00%

VIPRE Antivirus
Trojan.Win32.Generic
75.00%

IKARUS anti.virus
Virus.Win32.Dropper, Worm.Win32.AutoIt, Win32.SuspectCrc
75.00%

Comodo Security
UnclassifiedMalware
75.00%

Bkav FE
W32.FantimeX.Trojan
50.00%

MicroWorld eScan
HEUR:Trojan-Downloader.Win32.Generic, Win32.SuspectCrc
50.00%

Trend Micro House Call
TROJ_SPNR.0BDG13, HV_DORIFEL_CH160260.UVPA
50.00%

Reason Heuristics
Unnamed.Threat.18
50.00%

F-Prot
W32/Undefined.Threat
50.00%

Commtouch SDK
W32/GenBl.59538D76!Olympus, W32/GenBl.F6F0365F!Olympus
50.00%

AVG
Worm/Autoit
50.00%

The domain www.malekal.com has been seen to resolve to the following IP address.

ns206195.ovh.net
February 3, 2014

File downloads found at URLs served by www.malekal.com.

0 / 68
http://www.malekal.com/.../SpyHunter-Installer.exe.zip  (cacf58cdf8dd45beeba52179678bfd5b)

12 / 68    (Malware)

12 / 68    (Malware)

12 / 68    (Malware)

15 / 68    (Malware)

The following 2 files have been seen to comunicate with www.malekal.com in live environments.

URL:
http://www.malekal.com/

Google Analytics:
UA-88499

Title:
“malekal's site | site entraide informatique”

Description:
“Les Ransomwares et rançongiciels, une menace informatique, virus en augmentation.”

SSL certificate subject:
CN=www.malekal.com, OU=Gandi Standard SSL, OU=Domain Control Validated

SSL certificate issuer:
CN=Gandi Standard SSL CA 2, O=Gandi, L=Paris, S=Paris, C=FR

Web server:
nginx (PHP/5.6.13-0+deb8u1)

Facebook:
Likes:  248
Shares:  345
Comments:  136

Statistics are for the previous month.