home

li.ru

Ventail Limited

Domain Information

The domain li.ru registered by Ventail Limited was initially registered in March of 2000 through RU-CENTER-REG-RIPN. Currently this domain has been known to host various forms of malware. The hosted servers are located in Moscow, Moscow City within Russia which resides on the RIPE Network Coordination Centre network.
Registrar:
RU-CENTER-RU

Server location:
Moscow City, Russia (RU)

Create date:
Thursday, March 16, 2000

Expires date:
Saturday, April 1, 2017

ASN:
AS39134 UNITEDNET United Network LLC

Whois:
5 li.ru records

Scanner detections:
Malware distribution  (61% detected)

Scan engine
Details
Detections

Reason Heuristics
Optional.MediaGetApp.Installer.X, PUP.MediaGet.Banner.Installer (M), PUP.MediaGet.Inbox.Installer (M), PUP.InstallMonster.CORLEONG (M), Win32.Generic, PUP.NewMedia.NMH.Bundler (M), PUP.MailRu (L)
96.77%

Malwarebytes
PUP.Adware.MediaGet, PUP.Optional.MediaGet
12.90%

Kaspersky
not-a-virus:Downloader.Win32.MediaGet, not-a-virus:HEUR:Downloader.Win32.MediaGet
12.90%

Dr.Web
Program.MediaGet.21, Adware.Downware.9040, Program.MediaGet.133
12.90%

Sophos
MediaGet, MediaGet (PUA)
12.90%

G Data
Win32.Adware.MediaGet
12.90%

ESET NOD32
Win32/MediaGet.AE (variant), Win32/MediaGet.AF (variant), Win32/MediaGet.AE potentially unwanted (variant)
12.90%

AVG
Banne
12.90%

Avira AntiVirus
APPL/MediaGet.Gen5
6.45%

Bkav FE
W32.HfsAdware
6.45%

K7 AntiVirus
Unwanted-Program
6.45%

Comodo Security
Application.Win32.MediaGet.G
6.45%

Baidu Antivirus
Adware.Win32.MediaGet
6.45%

Trend Micro House Call
HV_ZYX_BL132900.TOMC
3.23%

Emsisoft Anti-Malware
Gen:Variant.Strictor.46875
3.23%

The domain li.ru has been seen to resolve to the following 4 IP addresses.

88.212.202.35
host135.rax.ru
May 28, 2016

88.212.202.38
host138.rax.ru
May 28, 2016

88.212.196.88
host48.rax.ru
February 16, 2014

88.212.196.87
host47.rax.ru
February 16, 2014

File downloads found at URLs served by li.ru.

1 / 68      (Malware)
http://li.ru/.../amigo_setup.exe  (18a3bf9586f9ad989e0f90d4d0defe02)

0 / 68
http://li.ru/.../go.php?sid=28  (powerpoint-setup.exe)

1 / 68      (PUP)
http://li.ru/.../torr.php?b&r=allking.ru  (mediaget_id2529599ids2s.exe)

1 / 68      (PUP)
http://li.ru/.../mediaget.exe  (outlast-full-turkce-indir_id2959289ids2s.exe)

0 / 68
http://li.ru/.../BitTorrent.exe  (96015c913f4638c44c23aaeb89c81518)

0 / 68
http://li.ru/.../go.php?sid=69  (gta-san-andreas-setup.exe)

0 / 68
http://li.ru/go?getfirefox.yandex.ru/.../FirefoxSetup.exe  (63b29b203de5d7a19771eaf98e92859f)

1 / 68      (PUP)
http://li.ru/.../uTorrent-klient.php  (mediaget_id3993269ids1s.exe)

9 / 68      (PUP)
http://li.ru/.../torr.php?r=hotcharts.ru  (mediaget_id535578ids2s.exe)

1 / 68      (Adware)
http://li.ru/.../uTorrent.php  (utorrent.exe)

0 / 68
http://li.ru/.../uTorrent.exe  (d0278fa8947ed54a112893f71917f46a)

0 / 68
http://li.ru/go?http://soft-b.ru/go.php?url=http://soft-b.ru/.../  (adguardinstaller.exe)

1 / 68      (PUP)
http://li.ru/go?sub2.admitlead.ru/sb/clk/s/471/h/1df76e/o/471/sub/utorrent?a=1&auto=1&f=uTorrent&fu=http://download-new.utorrent.com/endpoint/utorrent/os/windows/track/.../  (mediaget_id3993269ids1s.exe)

0 / 68
http://li.ru/.../go.php?sid=47  (sims3-setup.exe)

1 / 68      (Adware)
http://li.ru/.../adguardInstaller.exe  (2aad2f6ad17c15587c4fb36652705e49)

3 / 68
http://li.ru/go?utorrent-russian.com/.../uTorrent-3.2.1.exe  (utorrent 3.2.1.exe)

1 / 68      (PUP)
http://li.ru/.../mediaget.php  (mediaget_id3638348ids2s.exe)

0 / 68
http://li.ru/go?www.3dnews.ru/files/pub/soft/internet/.../Chrome_43.0.2357.81.exe  (57d008eb9b34e29980e9544ffd9257d2)

1 / 68      (PUP)
http://li.ru/go?sub2.admitlead.ru/sb/clk/s/1128/h/3957bf/o/471/.../0?a=1  (mediaget_id3997002ids1s.exe)

0 / 68
http://li.ru/go?www.3dnews.ru/files/pub/soft/sec_adm/.../eav_nt64_9.0.375.0.exe  (eav_nt64_enu.exe)

0 / 68
http://li.ru/go?www.3dnews.ru/files/pub/soft/multimedia/.../aimp_4.00.1697.exe  (ws1b311e40.dat)

0 / 68
http://li.ru/.../go.php?sid=28  (powerpoint-setup.exe)

0 / 68
http://li.ru/go?www.softdoska.ru/download/.../Alcohol120_trial_2.0.3.6731.exe  (alcohol120_trial_2.0.3.6731_562f81fdf33a04d4c2c8b2a260e5e1aa.exe)

0 / 68
http://li.ru/go?http://oneprog.ru/.../DirectXwebsetup.exe  (dxwebsetup.exe)

The following 5 files have been seen to comunicate with li.ru in live environments.

TCP » 88.212.202.38:80
uran.exe (Uran by uCoz Media and Chromium Authors)

TCP » 88.212.202.35:80
uran.exe (Uran by uCoz Media and Chromium Authors)

TCP » 88.212.202.35:80
produpd.exe (produpd.exe by Vested Development, Inc)

TCP » 88.212.202.35:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 88.212.202.38:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 88.212.196.87:80
online-guardian-v2.0.9.exe

TCP » 88.212.202.38:80
SafeSurf.exe (SafeSurf by JetSwap)

URL:
http://li.ru/

Title:
“Мобильный LiveInternet”

Web server:
0W/0.8e

Facebook:
Likes:  55
Shares:  41
Comments:  55

Statistics above are for the previous month of October 2024.

liveinternet.ru

www.li.ru

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.