www.truygulama.com

Privacy Protection Service INC d/b/a PrivacyProtect.org  (Proxy Registrant)

Domain Information

The domain www.truygulama.com is registered by proxy through FBS INC. and was originally registered in October of 2012. Currently this domain has been known to host various forms of malware. The hosted servers are located in Belfast, Northern Ireland within United Kingdom which resides on the RIPE Network Coordination Centre network.
Registrar:
FBS INC.

Server location:
Northern Ireland, United Kingdom (GB)

Create date:
Friday, October 19, 2012

Expires date:
Sunday, October 19, 2014

Updated date:
Friday, February 14, 2014

Root domain:

Scanner detections:
Malware distribution  (75% detected)

Scan engine
Details
Detections

Malwarebytes
Trojan.Agent.AI
100.00%

Fortinet FortiGate
W32/Zbot.ALG!tr, W32/Scar.HOEI!tr, W32/Agent.U!tr
100.00%

Qihoo 360 Security
Malware.QVM06.Gen, Malware.QVM11.Gen, HEUR/Malware.QVM06.Gen
75.00%

Quick Heal
(Suspicious) - DNAScan, TrojanPWS.AutoIt.Zbot.D
75.00%

McAfee Web Gateway
Heuristic.LooksLike.Win32.Suspicious.C!81, Artemis!4317A6BB033B, BehavesLike.Win32.Backdoor.tc
75.00%

Microsoft Security Essentials
Trojan:Win32/Cutolomo.A, Trojan:Win32/Malagent, Trojan:Win32/Malagent!gmb
75.00%

MicroWorld eScan
Trojan.GenericKDV.1038120, Trojan.GenericKD.1613667, Gen:Variant.Strictor.56278
75.00%

McAfee
RDN/Generic.dx!cgw, Artemis!4317A6BB033B, Artemis!629407001E99
75.00%

avast!
Win32:Malware-gen, Win32:Dropper-gen [Drp]
75.00%

Kaspersky
Trojan.Win32.Scar, Backdoor.Win32.Androm, Trojan.Win32.Autoit
75.00%

Bitdefender
Trojan.GenericKDV.1038120, Trojan.GenericKD.1613667, Gen:Variant.Strictor.56278
75.00%

F-Secure
Trojan.GenericKDV.1038120, Trojan.GenericKD.1613667, Gen:Variant.Strictor.52721
75.00%

Dr.Web
Trojan.AVKill.31251, Trojan.Inject1.40249, Trojan.Inject1.41704
75.00%

VIPRE Antivirus
Trojan.Win32.Generic
75.00%

Avira AntiVirus
TR/Kilim.A.12, TR/Drop.Autoit.aio.41, TR/Malagent.A.22938
75.00%

The domain www.truygulama.com has been seen to resolve to the following 3 IP addresses.

lb-182-241.above.com
June 6, 2016

unallocated.barefruit.co.uk
May 2, 2015

dns1.pitikareweb.net
March 1, 2014

File downloads found at URLs served by www.truygulama.com.

34 / 68    (Malware)
http://www.truygulama.com/fle2.php  (install_flashplayer12x32_x64mssd_aaa_aih.exe)

3 / 68      (inconclusive)
http://www.truygulama.com/fla2.php  (install_flashplayer11x32_mssd_aih.exe)

32 / 68    (Malware)
http://www.truygulama.com/wl2.php  (smart hd player installer.exe)

30 / 68    (Malware)
http://www.truygulama.com/fls2.php  (install_flashplayer12x32_x64mssd_aaa_aih.exe)

3 / 68      (inconclusive)
http://www.truygulama.com/flc2.php  (install_flashplayer11x32_mssd_aih.exe)

The following 242 files have been seen to comunicate with www.truygulama.com in live environments.

 
Latest 20 of 242 files

URL:
http://www.truygulama.com/

Web server:
nginx (PleskLin)

Alexa:
Global rank:  77,434
Backlinks:  13

Compete.com:
US visitors:  29,108

Statistics are for the previous month (Alexa statistics are for entire truygulama.com).