home

avallon2013.ru

Private Person  (Proxy Registrant)

Domain Information

The domain avallon2013.ru is registered by proxy through R01-RU and was originally registered in June of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Moscow, Moscow City within Russia which resides on the RIPE Network Coordination Centre network.
Registrar:
R01-RU

Server location:
Moscow City, Russia (RU)

Create date:
Tuesday, June 25, 2013

Expires date:
Saturday, June 25, 2016

ASN:
AS48287 RU-SERVICE-AS RU-SERVICE Ltd,RU

Whois:
1 avallon2013.ru record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

MicroWorld eScan
Adware.Agent.PFT
100.00%

nProtect
Adware.Agent.PFT
100.00%

McAfee
Artemis!73FF527AABB7
100.00%

K7 AntiVirus
Adware
100.00%

NANO AntiVirus
Riskware.Win32.FileTour.dnmpve
100.00%

Trend Micro House Call
Suspicious_GEN.F47V0130
100.00%

avast!
Win32:Adware-gen [Adw]
100.00%

Kaspersky
UDS:DangerousObject.Multi.Generic
100.00%

Bitdefender
Adware.Agent.PFT
100.00%

Lavasoft Ad-Aware
Adware.Agent.PFT
100.00%

Emsisoft Anti-Malware
Adware.Agent.PFT
100.00%

F-Secure
Adware.Agent.PFT
100.00%

VIPRE Antivirus
Adware.Crossid
100.00%

Sophos
Generic PUA KO
100.00%

ESET NOD32
Win32/Adware.FileTour.NG (variant)
100.00%

The domain avallon2013.ru has been seen to resolve to the following 2 IP addresses.

109.70.26.37
expirepages-kiae-1.nic.ru
July 16, 2016

194.85.61.76
expirepages-kiae-2.nic.ru
July 16, 2016

File downloads found at URLs served by avallon2013.ru.

24 / 68    (PUP)
http://avallon2013.ru/777?bk2&charset=windows-1251&keyword=motorola h700 ?????????  (motorola h700 инструкция-5299311-3.exe)

The following 15 files have been seen to comunicate with avallon2013.ru in live environments.

TCP » 109.70.26.37:80
online-guardian-v2.0.9.exe

TCP » 109.70.26.37:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 109.70.26.37:80
7eda.tmp.exe

TCP » 109.70.26.37:443
client.exe (ClientWrapper)

TCP » 194.85.61.76:80
ContentFinder.exe (ContentFinder by ContentFinder Company)

TCP » 109.70.26.37:80
onlineguardian-v2.exe

TCP » 194.85.61.76:443
Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

TCP » 194.85.61.76:80
7eda.tmp.exe

TCP » 109.70.26.37:993
produpd.exe (produpd.exe by Vested Development, Inc)

TCP » 109.70.26.37:80
oujzmdpj.exe

TCP » 109.70.26.37:9997
svchostupdate.exe

TCP » 109.70.26.37:80
UCBrowser.exe (by UCWeb)

TCP » 194.85.61.76:443
client.exe (ClientWrapper)

TCP » 109.70.26.37:443
injector.txt (Windows by Microsoft)

TCP » 109.70.26.37:80
online-guardian-v2.exe

TCP » 109.70.26.37:80
dsjrdhmsdoen.exe

TCP » 109.70.26.37:993
produpd.exe (produpd.exe by Vested Development, Inc)

TCP » 194.85.61.76:80
oujzmdpj.exe

URL:
http://avallon2013.ru/

Web server:
nginx

0aautix21m.ru

2-flashadobe.ru

abandon-little.ru

amgone.ru

audiobookmaker.com

beauty-mix-probe.ru

cheapsunday.ru

cowboyscale378.ru

epubkindle.com

feed-extend.ru

file-storemy.ru

fireprog.ru

genser-auto.ru

getfile-bs.ru

getfile-prosoft-one.ru

middle-loudly979.ru

moywot.ru

needright.ru

office-skachat.ru

press-set356.ru

programmibesplatno.ru

relisting.ru

roadshortway.ru

sdance.su

severalrecognize.ru

snowik.ru

softplaneta.ru

sysfilepro.ru

syspro-file.ru

tanjune.ru

30 of 35 related domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.