home

8sf9mlc6sk531gg.tyadod.ru

CORLEON GROUP LTD

Domain Information

The domain 8sf9mlc6sk531gg.tyadod.ru registered by CORLEON GROUP LTD was initially registered in July of 2014 through REGRU-REG-RIPN. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Amsterdam, Noord-Holland within Netherlands which resides on the RIPE Network Coordination Centre network.
Registrar:
REGRU-REG-RIPN

Server location:
Noord-Holland, Netherlands (NL)

Create date:
Thursday, July 10, 2014

Expires date:
Friday, July 10, 2015

ASN:
AS59711 FORTUNIX-AS Fortunix Networks L.P.,GB

Root domain:
tyadod.ru

Whois:
1 tyadod.ru record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.CORLEONGROUP.g, PUP.InstallMonster.CORLEONG (M)
100.00%

VIPRE Antivirus
Threat.4845009
33.33%

avast!
Win32:InstallMonstr-DY [PUP]
33.33%

NANO AntiVirus
Trojan.Win32.InstallMonster.dbipfy
33.33%

Avira AntiVirus
APPL/InstallMonster.Gen
33.33%

Sophos
Install Monster
33.33%

G Data
Win32.Application.Installmonstr
33.33%

Vba32 AntiVirus
BScope.Downware.InstallMonstr
33.33%

Rising Antivirus
PE:Trojan.Agentb!6.211
33.33%

Panda Antivirus
PUP/InstallMonstr
33.33%

herdProtect (fuzzy)
a variant of f084c9f3191f1cbe430c346dcf97b03e43e2636e
33.33%

The domain 8sf9mlc6sk531gg.tyadod.ru has been seen to resolve to the following IP address.

5.149.254.159
August 17, 2014

File downloads found at URLs served by 8sf9mlc6sk531gg.tyadod.ru.

1 / 68      (Adware)
http://8sf9mlc6sk531gg.tyadod.ru/.../?p=eyJuYW1lIjoiRW5kbGVzcyBMb3ZlLlt0ZmlsZS5ydV0udG9ycmVudCIsInNpZCI6MzM0MCwic2l6ZSI6MTUzNjIsInR5cGUiOiJ0b3JyZW50IiwidXJsIjoiaHR0cDovL3RmaWxlLm1lL2ZvcnVtL2Rvd25sb2FkLnBocD9pZD02NzkwNDYmdWs9MTExMTExMTExMSJ9  (endless love.[tfile.ru].exe)

1 / 68      (Adware)
http://8sf9mlc6sk531gg.tyadod.ru/get_file/?sid=23&url=http://stream.get-tune.net/listen/188208298/90649964/786742992/.../YASEMIN_YILDIZ_BENIM_ICIN_UZULME_-_SEN_BENIM_IDUN_SEVDIYUM_IDUN_NEW_2013_(get-tune.net).mp3&name=YASEMIN_YILDIZ_BENIM_ICIN_UZULME_-_SEN_BENIM_IDUN_SEVDIYUM_IDUN_NEW_2013_(get-tune.net).mp3&type=mp3&size=7221575  (yasemin_yildiz_benim_icin_uzulme_-_sen_benim_idun_sevdiyum_idun_new_2013_(get-tune.net).exe)

11 / 68    (Adware)
http://8sf9mlc6sk531gg.tyadod.ru/get_file/?sid=23&url=http://stream.get-tune.net/listen/264814071/49188604/628358135/.../FIDLAR_-_No_Waves_BTR_LS_(get-tune.net).mp3&name=FIDLAR_-_No_Waves_BTR_LS_(get-tune.net).mp3&type=mp3&size=6192227  (FIDLAR_-_No_Waves_BTR_LS_(get-tune.net).exe)

URL:
http://8sf9mlc6sk531gg.tyadod.ru/

Web server:
nginx/1.4.2 (PHP/5.4.17)

ufjiki.ru

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.