home

e6eewe384gns8ug.neyd.ru

CORLEON GROUP LTD

Domain Information

The domain e6eewe384gns8ug.neyd.ru registered by CORLEON GROUP LTD was initially registered in July of 2014 through REGRU-REG-RIPN. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Amsterdam, Noord-Holland within Netherlands which resides on the RIPE Network Coordination Centre network.
Registrar:
REGRU-REG-RIPN

Server location:
Noord-Holland, Netherlands (NL)

Create date:
Thursday, July 3, 2014

Expires date:
Friday, July 3, 2015

ASN:
AS59711 FORTUNIX-AS Fortunix Networks L.P.,GB

Root domain:
neyd.ru

Whois:
1 neyd.ru record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.CORLEONGROUP.u, Threat.Win.Reputation.IMP, PUP.InstallMonster.CORLEONG (M)
100.00%

avast!
Win32:InstallMonstr-DY [PUP]
40.00%

VIPRE Antivirus
Threat.4845009
40.00%

Sophos
Install Monster
40.00%

Avira AntiVirus
APPL/InstallMonster.Gen
40.00%

G Data
Gen:Variant.Graftor.148912, Win32.Application.Installmonstr
40.00%

Vba32 AntiVirus
AdWare.InstallMonster, BScope.Downware.InstallMonstr
40.00%

Panda Antivirus
PUP/InstallMonstr
40.00%

herdProtect (fuzzy)
a variant of d4896ab0a13fb3090a03cec463a17b809e81ddf6, a variant of 8f1a71d31f1b2348a89057b10a72b9899d26cd67
40.00%

Dr.Web
Trojan.InstallMonster.242
20.00%

ESET NOD32
Win32/InstallMonstr.EW potentially unwanted application
20.00%

MicroWorld eScan
Gen:Variant.Graftor.148912
20.00%

Agnitum Outpost
Riskware.Agent
20.00%

Bitdefender
Gen:Variant.Graftor.148912
20.00%

Comodo Security
Application.Win32.InstallMonster.EA
20.00%

The domain e6eewe384gns8ug.neyd.ru has been seen to resolve to the following IP address.

5.149.255.170
August 12, 2014

File downloads found at URLs served by e6eewe384gns8ug.neyd.ru.

1 / 68      (Adware)
http://e6eewe384gns8ug.neyd.ru/.../?j=c2lkPTUzNjQmdXJsPWh0dHAlM0ElMkYlMkZiaXN0cm9maWxldGRzLmJpeiUyRmZhc3QlMkZuZXclMkZBQkJZWV9GaW5lUmVhZGVyXzExLnJhciZuYW1lPUFCQllZX0ZpbmVSZWFkZXJfMTEmdHlwZT0mc2l6ZT0mcm5kMD0zOTc1ODQ0NTIyOTk5Mw  (ABBYY_FineReader_11.exe)

1 / 68      (Adware)
http://e6eewe384gns8ug.neyd.ru/get_file/?sid=23&url=http://stream.get-tune.net/listen/285347128/160955833/1565343824/.../Shakira_-_Dare_La_La_La_(get-tune.net).mp3&name=Shakira_-_Dare_La_La_La_(get-tune.net).mp3&type=mp3&size=8510584  (shakira_-_dare_la_la_la_(get-tune.net).exe)

1 / 68      (Adware)
http://e6eewe384gns8ug.neyd.ru/get_file/?sid=23&url=http://stream.get-tune.net/listen/291111548/243323964/2992452761/.../IOWA_Ulybajsya_-_IOWA_Ulybajsya_(get-tune.net).mp3&name=IOWA_Ulybajsya_-_IOWA_Ulybajsya_(get-tune.net).mp3&type=mp3&size=3324696  (iowa_ulybajsya_-_iowa_ulybajsya_(get-tune.net).exe)

12 / 68    (PUP)
http://e6eewe384gns8ug.neyd.ru/.../?p=eyJzaWQiOiIxOTg3IiwidXJsIjoiaHR0cDpcL1wvdHVyYm9iaXQubmV0XC9kb3dubG9hZFwvcmVkaXJlY3RcLzI2MGQyMjI4MjM5Y2EyZGRkZGQ5YTRkNjExM2Q4MzRlXC9meTVxMnlvcjJ3OHNcLyIsIm5hbWUiOiJCcm9hZGNhc3Rlci5TdHVkaW8udjEuMy4xNDAzLjEyMDIucmFyIiwidHlwZSI6IiIsInNpemUiOiI0MjY0NDg1OCIsInN1Yl9pZCI6Ijc1NiJ9  (Broadcaster.Studio.v1.3.1403.1202.exe)

19 / 68    (Adware)
http://e6eewe384gns8ug.neyd.ru/get_file/?sid=23&url=http://stream.get-tune.net/listen/78663627/23413318/1608319697/.../Turciya_-_Parovozik_Detskaya_diskoteka_(get-tune.net).mp3&name=Turciya_-_Parovozik_Detskaya_diskoteka_(get-tune.net).mp3&type=mp3&size=7506833  (turciya_-_parovozik_detskaya_diskoteka_(get-tune.net).exe)

URL:
http://e6eewe384gns8ug.neyd.ru/

Web server:
nginx/1.4.2 (PHP/5.4.17)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.