home

l4ep2fiy5vhgi5a.mediasnooper.ru

Private Person  (Proxy Registrant)

Domain Information

The domain l4ep2fiy5vhgi5a.mediasnooper.ru is registered by proxy through REGRU-RU and was originally registered in April of 2015. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Moscow, Moscow City within Russia which resides on the RIPE Network Coordination Centre network.
Registrar:
REGRU-RU

Server location:
Moscow City, Russia (RU)

Create date:
Monday, April 6, 2015

Expires date:
Wednesday, April 6, 2016

ASN:
AS197695 AS-REGRU _Domain names registrar REG.RU_, Ltd, RU

Root domain:
mediasnooper.ru

Whois:
1 mediasnooper.ru record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.InstallMonster.Samson, PUP.InstallMonster.Samson (M)
100.00%

F-Prot
W32/Trojan5.LXL
40.00%

Bkav FE
W32.HfsAdware
40.00%

Dr.Web
Trojan.InstallMonster.1222
40.00%

Malwarebytes
PUP.Optional.InstallMonster
20.00%

Avira AntiVirus
APPL/InstallMontsr.J
20.00%

G Data
Win32.Application.InstallMon
20.00%

ESET NOD32
Win32/InstallMonstr.JT potentially unwanted (variant)
20.00%

herdProtect (fuzzy)
a variant of 3af926755a344dc12fe14a4c04d88f813dde786a
20.00%

VIPRE Antivirus
Threat.4150696
20.00%

ESET NOD32
Win32/InstallMonstr.JT potentially unwanted application
20.00%

Agnitum Outpost
Trojan.InstallMonster
20.00%

AVG
BundleApp
20.00%

The domain l4ep2fiy5vhgi5a.mediasnooper.ru has been seen to resolve to the following 2 IP addresses.

194.58.56.78
April 8, 2016

5.149.254.157
May 5, 2015

File downloads found at URLs served by l4ep2fiy5vhgi5a.mediasnooper.ru.

1 / 68      (Adware)
http://l4ep2fiy5vhgi5a.mediasnooper.ru/eWZrYnRwYXN2YXZwZWJncm5seHJ0Y3sic2lkIjoiNjY3NiIsInVybCI6Imh0dHA6XC9cL2dvcGVvcGxlc3MuY29tXC9JbnN0YWxsZXIuZXhlIiwibmFtZSI6ImZpbGUuZXhlIiwidHlwZSI6ImFyY2hpdmUiLCJzaXplIjozMTQ1NzI4LCJ2ZXIiOjF9  (file.exe)

1 / 68      (Adware)
http://l4ep2fiy5vhgi5a.mediasnooper.ru/bnJmbGJ0dHNwZW5va214ZnJ1c3N2cmlmcGd7InNpZCI6IjU5MTkiLCJ1cmwiOiJodHRwczpcL1wveGFrZXB5Lm9yZ1wvZmlsZXNcL3NldHVwLnppcCIsIm5hbWUiOiJDaWZyb2xvbS5leGUiLCJ0eXBlIjoic2V0dXAiLCJzaXplIjo3MDAwLCJ2ZXIiOiIxIiwicm5kMCI6IjZhYWM3ZWQ3Yjc3MjIxNTA1NmEwZTUyNWM3MmEzNDBkIn0  (cifrolom.exe)

1 / 68      (Adware)
http://l4ep2fiy5vhgi5a.mediasnooper.ru/eyJ2ZXIiOiIxIiwic2lkIjoiNjMxOCIsInVybCI6Imh0dHA6Ly9wc2lmcmVlLmNvbS90b3JyZW50cy8zL1twc2lmcmVlLmNvbV1sZWdvLWluZGlhbmEtam9uZXMtMi50b3JyZW50XHUwMDAwIiwibmFtZSI6IkxlZ28taW5kaWFuYS1kemhvbnMtMiIsInR5cGUiOiJ0b3JyZW50Iiwic2l6ZSI6IjkyODAwIiwicm5kMCI6NjIwNDQxODM0MjA5NDh9  (lego_indiana_dzhons_2.exe)

8 / 68      (Adware)
http://l4ep2fiy5vhgi5a.mediasnooper.ru/.../file_out.php?data=UQ0xUwNKRDBbAwEKFQFVWFIPRm9ZWQRWEwwACAEJDRlKCwRbEEVCW0ACQg1QBQYKFQpNRUdbHR9DQwUBCAVPQEVDUQ1VVVITHFNfWk1dXkAPXl9RU00GAgBXAwMBBVYfe1kgYVYHfVB7S14KfHZxZAFNYUMifUJVXS9rAhJTdHYJAjNqVk4DAUheVCNKdnIxBkYEBSpBeXZVBHJ7dDJuawUES1N7AxdcRkQZQnZKARVOenoLYmNWWQFPdFYpeVN0RxZ3VGAudgFUAS0AcBJSdhZZWRFNUFsNX19eRBZcQwpQEAtDDVUDE0QIRlVvXgYbCl5bBAQBAVlKCwBbEFJCWBVKVEVDCUMKAVgbcl8TXV1VFVlKCwZUCBJSRQ1OQlITbUZVRRFQXllDCUMKBFgbARlREAtDDVoDE0cNU0RWWBBUEwwSCAQKFTVQXwBDCUMKBlQDE0cNU0RWWBBUbkEEQENZWAwbCkRbBAoSAUwIEQFVEAtDDVUDE1QOR15ERRsbCkRbAAoSZTcbCkRbAwUKFQtKbkQMU0JEaBFaQ1IEXBILVVgJCkRbBgoSWQNUVBVaQQoCB1gbQ0ISVF9cUwdLblMORV5cWANdVEVDCUMKA1gbRU4RVxILRFgOCxUIVF9cUwdLEwwSCAQKFRFQS1JDCVkKBFsKAw9YBwYLRFgIBg1DRVVSWgNKRVITcVFEUgVWQ05DCUMKBlgbARVaQQoHDUBMQlITbVlUFVlKCwNbEAUJAFYbCkRbBgoSQwtUVBVaWwoBA1AAAQJRAQUIDBEDBg1DQFVWUhBcQxVaQQoEBFgbWUMVQgofGBFVUEEAAEMeRRdKV1gNVlVCGQxcRRgHW1xVRE0KBgFQAQECA0ACQg1XCBJDQgBmWFNDCVkKBlsPBgdTAgtDDVUDE0QUUG9ZU1AbCl5bAgtDDVEDE0  (rusfolder_downloader.exe)

9 / 68      (Adware)
http://l4ep2fiy5vhgi5a.mediasnooper.ru/eGZtYnJxZW5jdmdueXBhYWpwd3l2eGN1eHlucXlidnFhdm5meyJzaWQiOiI1NTIxIiwidXJsIjoiaHR0cHM6XC9cL3hha2Vycy5vcmdcL2ZpbGVzXC9zZXR1cC56aXAiLCJuYW1lIjoiV2lDcmFjay1Qcm8uZXhlIiwidHlwZSI6InNldHVwIiwic2l6ZSI6NzAwMCwidmVyIjoiMSIsInJuZDAiOiI2Mjk2NmM5NWJhYTlkYTRjMmJhNzAyYmU0NTE1NzNhYSJ9  (wicrack_pro.exe)

URL:
http://l4ep2fiy5vhgi5a.mediasnooper.ru/

Google Analytics:
UA-55552418

Title:
“Истёк срок регистрации доменаmediasnooper.ru”

Web server:
nginx

1castrakhan.ru

3detali.ru

adobeprogramsbuy.ru

allezlelosc.ru

antisteam.ru

antivirysy.ru

armoredwarfare-aw.ru

arxofbalance.ru

avast-skachatbesplatno.ru

beautygrunt.ru

betterexcept323.ru

botherprogress.ru

boy-cook-promise.ru

brb-trade.ru

bytedrive.ru

check-live24.net

check-live24.org

checker-24.com

checkerweb.com

checkfreeupdates.net

checkupdateslive.net

concern-rabbit.ru

correctsurround.ru

data-senior.ru

dive-garden.ru

do-eic.ru

dohod-ogorod.ru

eodclan.ru

fast-mir.ru

fine-ok.ru

30 of 151 related domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.