» kapq5300u940dif.battletrek.ru
Overview
Analysis
IPs Addresses (1)
Downloads (7)
Website Detail
Related Domains (4)

kapq5300u940dif.battletrek.ru

Private Person (Proxy Registrant)

Domain Information

The domain kapq5300u940dif.battletrek.ru is registered by proxy through REGRU-REG-RIPN and was originally registered in July of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Amsterdam, Noord-Holland within Netherlands which resides on the RIPE Network Coordination Centre network.

Registrant:

Private Person

Registrar:

REGRU-REG-RIPN

Server location:

Noord-Holland, Netherlands (NL)

Create date:

Thursday, July 31, 2014

Expires date:

Friday, July 31, 2015

Root domain:

battletrek.ru

Whois:

1 battletrek.ru record

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.CORLEONGROUP.?, PUP.CORLEONGROUP.L, PUP.InstallMonster.CORLEONG (M)

100.00%

VIPRE Antivirus

Threat.4845009

28.57%

avast!

Win32:InstallMonstr-DY [PUP]

28.57%

NANO AntiVirus

Trojan.Win32.InstallMonster.dbipfy

28.57%

Sophos

Install Monster

28.57%

Avira AntiVirus

TR/Fraud.Gen7, APPL/InstallMonster.Gen

28.57%

G Data

Application.InstallMonster, Win32.Application.Installmonstr

28.57%

Vba32 AntiVirus

Signed-Downware.InstallMonstr, BScope.Downware.InstallMonstr

28.57%

Panda Antivirus

PUP/InstallMonstr

28.57%

herdProtect (fuzzy)

a variant of dc3983b76a155333a4fb5c5fa312612afa4c42d3, a variant of 8f1a71d31f1b2348a89057b10a72b9899d26cd67

28.57%

McAfee

Trojan.Artemis!6CE08F703E9E, Trojan.Artemis!E45C33D560A6

28.57%

Dr.Web

Trojan.InstallMonster.242

14.29%

MicroWorld eScan

Application.InstallMonster.F

14.29%

K7 AntiVirus

Unwanted-Program

14.29%

Bitdefender

Application.InstallMonster.F

14.29%

The domain kapq5300u940dif.battletrek.ru has been seen to resolve to the following IP address.

5.149.255.178

August 17, 2014

File downloads found at URLs served by kapq5300u940dif.battletrek.ru.

1 / 68 (Adware)

http://kapq5300u940dif.battletrek.ru/get_file/?sid=23&url=http://stream.get-tune.net/listen/293893239/207218192/3170746535/.../Sevil_Sevinc_-_Ezab_2014_(get-tune.net).mp3&name=Sevil_Sevinc_-_Ezab_2014_(get-tune.net).mp3&type=mp3&size=6885145 (sevil_sevinc_-_ezab_2014_(get-tune.net).exe)

1 / 68 (Adware)

http://kapq5300u940dif.battletrek.ru/get_file/?sid=23&url=http://stream.get-tune.net/listen/155238022/3768248/3170746535/.../Rehim_Rehimli_-_Yeter_(get-tune.net).mp3&name=Rehim_Rehimli_-_Yeter_(get-tune.net).mp3&type=mp3&size=8840945 (rehim_rehimli_-_yeter_(get-tune.net).exe)

1 / 68 (Adware)

http://kapq5300u940dif.battletrek.ru/get_file/?sid=25&url=http://data.iplayer.fm/file/izann8c/4782016/.../Mihail_SHifutinskij_-_Dyadya_Pasha_(iPlayer.fm).mp3&name=Mihail_SHifutinskij_-_Dyadya_Pasha_(iPlayer.fm).mp3&type=mp3&size=9264244 (mihail_shifutinskij_-_dyadya_pasha_(iplayer.fm).exe)

1 / 68 (Adware)

http://kapq5300u940dif.battletrek.ru/get_file/?sid=25&url=http://data.iplayer.fm/file/izann8c/73967384/.../Shot-Ona_takaya_odna_sukka._-_ahuennaya_pesnya_(iPlayer.fm).mp3&name=Shot-Ona_takaya_odna_sukka._-_ahuennaya_pesnya_(iPlayer.fm).mp3&type=mp3&size=5607665 ({blocked}.exe)

1 / 68 (Adware)

http://kapq5300u940dif.battletrek.ru/get_file/?sid=25&url=http://data.iplayer.fm/file/d3ylbkc/163108237/.../Byanka_-_YA_ne_otstuplyu._(iPlayer.fm).mp3&name=Byanka_-_YA_ne_otstuplyu._(iPlayer.fm).mp3&type=mp3&size=9586441 (byanka_-_ya_ne_otstuplyu._(iplayer.fm).exe)

12 / 68 (Adware)

http://kapq5300u940dif.battletrek.ru/.../?p=eyJzaWQiOiIxOTg3IiwidXJsIjoiaHR0cDpcL1wvdHVyYm9iaXQubmV0XC9kb3dubG9hZFwvcmVkaXJlY3RcL2YwMmQyOTdhNWJiYjI4ZWI5OWE1ZjBmZGJiMWNhODllXC8yc2tvdG56dXJtOWNcLyIsIm5hbWUiOiJNQUcuWDYuMTMuMC4zLjI0LnJhciIsInR5cGUiOiIiLCJzaXplIjoiMzUwNTM0MTQ0Iiwic3ViX2lkIjoiNzU2In0, (MAG.X6.13.0.3.24.exe)

22 / 68 (Adware)

http://kapq5300u940dif.battletrek.ru/get_file/?sid=23&url=http://stream.get-tune.net/listen/142174263/-18921089/1294383404/.../Christina_Perri_._A_Thousand_Years_-_MINUS_Bek_original_club18921089_(get-tune.net).mp3&name=Christina_Perri_._A_Thousand_Years_-_MINUS_Bek_original_club18921089_(get-tune.net).mp3&type=mp3&size=5992349 (christina_perri_._a_thousand_years_-_minus_bek_original_club18921089_(get-tune.net).exe)

URL:

http://kapq5300u940dif.battletrek.ru/

Web server:

nginx/1.4.2 (PHP/5.4.17)

Related Domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.