home

download.megagrabber.ru

Private Person  (Proxy Registrant)

Domain Information

The domain download.megagrabber.ru is registered by proxy through REGGI-RU and was originally registered in March of 2013. Currently this domain has been known to host various forms of malware. The hosted servers are located in Saint Petersburg, Saint Petersburg City within Russia which resides on the RIPE Network Coordination Centre network.
Registrar:
REGGI-RU

Server location:
Saint Petersburg City, Russia (RU)

Create date:
Tuesday, March 19, 2013

Expires date:
Saturday, March 19, 2016

ASN:
AS5537 RU-CENTER-AS JSC _RU-CENTER_,RU

Root domain:
megagrabber.ru

Whois:
1 megagrabber.ru record

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.iTVA.R, Threat.Win.Reputation.IMP
100.00%

AVG
nbsp;
50.00%

The domain download.megagrabber.ru has been seen to resolve to the following 2 IP addresses.

89.111.166.60
redirection.reggi.ru
April 5, 2016

185.44.14.131
March 4, 2016

File downloads found at URLs served by download.megagrabber.ru.

2 / 68      (PUP)
http://download.megagrabber.ru/MegaGrabber_Setup.exe  (f2097ef49b6409ba5cc2d02b04f0f317)

1 / 68      (Malware)
http://download.megagrabber.ru/MegaGrabber_Setup.exe  (9524a5622a18414479d4dd88e4bdcff4)

The following file have been seen to comunicate with download.megagrabber.ru in live environments.

TCP » 89.111.166.60:80
94f8.tmp.exe

URL:
http://download.megagrabber.ru/

Web server:
nginx/1.1.19

dicter.ru

windowscodecs.ru

torrent-musics.net

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.