home

downloadcloud.ru

Private Person  (Proxy Registrant)

Domain Information

The domain downloadcloud.ru is registered by proxy through REGRU-RU and was originally registered in September of 2014. Currently this domain has been known to host various forms of malware. The hosted server (94.228.218.215) is located in Netherlands which resides on the RIPE Network Coordination Centre network.
Registrar:
REGRU-RU

Server location:
Netherlands (NL)

Create date:
Thursday, September 18, 2014

Expires date:
Sunday, September 18, 2016

ASN:
AS47869 NETROUTING-AS Netrouting,NL

Whois:
1 downloadcloud.ru record

Scanner detections:
Malware distribution  (80% detected)

Scan engine
Details
Detections

Emsisoft Anti-Malware
Trojan.GenericKD.2330605, Trojan.GenericKD.2356492, Trojan.GenericKD.2429726, Gen:Variant.Kazy.627312, Trojan.GenericKD.2483844
78.57%

MicroWorld eScan
Trojan.GenericKD.2330605, Trojan.GenericKD.2356492, Trojan.GenericKD.2429726, Gen:Variant.Kazy.627312, Trojan.GenericKD.2483844, Trojan.GenericKD.2507201, Trojan.GenericKD.2530578, Trojan.GenericKD.2655756, Trojan.GenericKD.2769475, Trojan.GenericKD.2730589, Trojan.GenericKD.2769608, Trojan.GenericKD.2794846, Trojan.GenericKD.2794907, Trojan.GenericKD.2794850, Gen:Variant.Midie.2099, Trojan.GenericKD.2869321, Trojan.GenericKD.2868371, Gen:Variant.Symmi.57814, Trojan.GenericKD.2924707, Gen:Variant.Kazy.730799
75.00%

Bitdefender
Trojan.GenericKD.2330605, Trojan.GenericKD.2356492, Trojan.GenericKD.2429726, Gen:Variant.Kazy.627312, Trojan.GenericKD.2483844
75.00%

G Data
Trojan.GenericKD.2330605, Trojan.GenericKD.2356492, Trojan.GenericKD.2429726, Gen:Variant.Kazy.627312, Trojan.GenericKD.2483844
75.00%

F-Secure
Trojan.GenericKD.2429726, Trojan.GenericKD.2483844, Trojan.GenericKD.2507201, Trojan.GenericKD.2530578, Trojan.GenericKD.2655756
60.71%

Arcabit
Trojan.Kazy.D99270, Trojan.Generic.D25E684, Trojan.Generic.D2641C1, Trojan.Generic.D269D12, Trojan.Generic.D28860C, Trojan.Generic.D2A4243
57.14%

Lavasoft Ad-Aware
Trojan.GenericKD.2429726, Gen:Variant.Kazy.627312, Trojan.GenericKD.2483844, Trojan.GenericKD.2507201, Trojan.GenericKD.2530578
50.00%

nProtect
Trojan.GenericKD.2330605, Trojan.GenericKD.2356492, Trojan.GenericKD.2429726, Trojan.GenericKD.2483844, Trojan.GenericKD.2507201
42.86%

McAfee
Artemis!3E1256020907, Artemis!3E18B250527B, Artemis!0856321C5EC8, Artemis!70473CCD27EC, Artemis!5CD5C8F1B5D7, Artemis!8A057989B9EF, Artemis!616D5A714CA4
39.29%

ESET NOD32
Win32/MediaMagnet.BO potentially unwanted (variant), Win32/MediaMagnet.CF potentially unwanted (variant), Win32/MediaMagnet.A potentially unwanted (variant)
39.29%

Fortinet FortiGate
Riskware/MediaMagnet, Adware/Agent
39.29%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4150696, Adware.Agent
35.71%

Baidu Antivirus
PUA.Win32.MediaMagnet, Trojan.Win32.Generik
28.57%

K7 AntiVirus
Trojan , Adware
25.00%

AVG
Downloader, Crypt5
25.00%

The domain downloadcloud.ru has been seen to resolve to the following 2 IP addresses.

151.80.243.158
ext1-res.coin32.com
February 10, 2016

94.228.218.215
ip4-94-228-218-215.rdns.netrouting.net
February 10, 2016

File downloads found at URLs served by downloadcloud.ru.

15 / 68    (PUP)
http://downloadcloud.ru/libs/.../c32plugin.dll  (1bedce4b9f2ae11441f4cf00f1865fa0)

27 / 68    (PUP)
http://downloadcloud.ru/uploads2/.../xx.IdealMedia21092013.exe  (nse8ab6.tmp)

11 / 68    (Malware)
http://downloadcloud.ru/libs/core/.../shystaler_sig.dll  (nStaller.dll)

6 / 68      (PUP)
http://downloadcloud.ru/libs/.../c32lib.dll  (Fb2kShellExt.dll)

12 / 68    (Malware)
http://downloadcloud.ru/libs/.../shystaler_sig.dll  (nstaller.dll)

12 / 68    (Malware)
http://downloadcloud.ru/libs/.../c_shystaler.dll  (nstaller.dll)

1 / 68      (Malware)
http://downloadcloud.ru/upload/8x/Tc/.../Bundle.exe  (9b88415ebf5991b3227c08b499c06ffb)

The following 39 files have been seen to comunicate with downloadcloud.ru in live environments.

TCP » 151.80.243.158:80
skin selector v2.1.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
dbupdater.exe

TCP » 151.80.243.158:80
163839-nissan-gtr-r35-rocket-bunny-gtasa.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
184499-iron-man-gtasa.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
162119-colormod-v.3-gtasa.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
191550-audi-s4-brktn24-ets2.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
dbupdater.exe

TCP » 151.80.243.158:80
7245-porsche-carrera-gt-carbon-gtasa.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
139556-wheels-pack-by-vitalik101-gtasa.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
144597-gta-v-hud-by-dk22pac-gtasa.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
dbupdater.exe

TCP » 151.80.243.158:80
dbupdater.exe

TCP » 151.80.243.158:80
112118-volkswagen-gol-g4-gtasa.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
153862-arctic-beta2-map-css.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
162741-foxy-iz-five-nights-att-freddys-gtasa.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
199105-ford-focus-3-gtasa.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
151218-gta-v-hud-v0.925-next-gen-edition-gtasa.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
196514-dodge-charger-hellcat-fs2015.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
23141-new-hd-roads-gtasa.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
90575-honda-cb600f-hornet-2012-gtasa.exe (ModInstall by www.GameModding.net)

 
Latest 20 of 39 files

URL:
http://downloadcloud.ru/

Web server:
nginx

elegantsoft.ru

fastloadmedia.ru

sputnikdistr.ru

360av.ru

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.