home

bg5nvzg8xv9olgo.fetji.ru

CORLEON GROUP LTD

Domain Information

The domain bg5nvzg8xv9olgo.fetji.ru registered by CORLEON GROUP LTD was initially registered in June of 2014 through REGRU-REG-RIPN. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Amsterdam, Noord-Holland within Netherlands which resides on the RIPE Network Coordination Centre network.
Registrar:
REGRU-REG-RIPN

Server location:
Noord-Holland, Netherlands (NL)

Create date:
Tuesday, June 3, 2014

Expires date:
Wednesday, June 3, 2015

ASN:
AS5580 HIBERNIA TripartZ B.V.,NL

Root domain:
fetji.ru

Whois:
1 fetji.ru record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.CORLEONGROUP.AA, PUP.InstallMonster.CORLEONG (M)
100.00%

avast!
Win32:InstallMonstr-DY [PUP]
50.00%

Kaspersky
UDS:DangerousObject.Multi.Generic
50.00%

F-Secure
Trojan.Generic.12391921
50.00%

Dr.Web
Trojan.InstallMonster.242
50.00%

VIPRE Antivirus
Adware.Win32.Installpath.a
50.00%

Emsisoft Anti-Malware
Trojan.Generic.12391921
50.00%

Avira AntiVirus
APPL/InstallMonst.QA
50.00%

ESET NOD32
Win32/InstallMonstr.EO potentially unwanted (variant)
50.00%

The domain bg5nvzg8xv9olgo.fetji.ru has been seen to resolve to the following IP address.

5.149.254.189
June 20, 2014

File downloads found at URLs served by bg5nvzg8xv9olgo.fetji.ru.

1 / 68      (Adware)
http://bg5nvzg8xv9olgo.fetji.ru/get_file/?sid=23&url=http://stream.get-tune.net/listen/163865955/5889629/1307866989/.../dato_kenchiashvili_udzlieresi_simgera_-_ramdeni_malodine..._(get-tune.net).mp3&name=dato_kenchiashvili_udzlieresi_simgera_-_ramdeni_malodine..._(get-tune.net).mp3&type=mp3&size=6524223  (dato_kenchiashvili_udzlieresi_simgera_-_ramdeni_malodine..._(get-tune.net).exe)

9 / 68      (Adware)
http://bg5nvzg8xv9olgo.fetji.ru/.../?p=eyJuYW1lIjoiVmlraW5nIFNhZ2EgRXBpYyBBZHZlbnR1cmUudG9ycmVudCIsInNpZCI6MzM0MCwic2l6ZSI6MTI5ODksInR5cGUiOiJ0b3JyZW50IiwidXJsIjoiaHR0cDovL3RmaWxlLm1lL2ZvcnVtL2Rvd25sb2FkLnBocD9pZD02NzMzMTgmdWs9MTExMTExMTExMSJ9  (viking saga epic adventure.exe)

URL:
http://bg5nvzg8xv9olgo.fetji.ru/

Web server:
nginx/1.4.2 (PHP/5.4.17)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.