home

m.cn94857395.com

cg.sp47374@gmail.com

Domain Information

The domain m.cn94857395.com registered by cg.sp47374@gmail.com was initially registered in January of 2015 through TODAYNIC.COM, INC.. Currently this domain has been known to host various forms of malware. The hosted servers are located in Saint Petersburg, Saint Petersburg City within Russia which resides on the RIPE Network Coordination Centre network.
Registrar:
TODAYNIC.COM, INC.

Server location:
Saint Petersburg City, Russia (RU)

Create date:
Tuesday, January 13, 2015

Expires date:
Friday, January 13, 2017

Updated date:
Thursday, November 26, 2015

ASN:
AS44050 PIN-AS Petersburg Internet Network ltd.,RU

Root domain:
cn94857395.com

Whois:
1 cn94857395.com record

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

Bkav FE
HW64.Paked, W64.HfsAutoA
100.00%

McAfee
Artemis!EEDB9D86AE8A, Artemis!9D8F08C4F840
100.00%

Agnitum Outpost
Trojan.CoinMiner
100.00%

Trend Micro House Call
TROJ_GEN.R0CBH05I314, TROJ_GEN.R08NC0RE615
100.00%

Comodo Security
UnclassifiedMalware
100.00%

ESET NOD32
Win64/CoinMiner.J trojan, Win64/CoinMiner.X trojan
100.00%

IKARUS anti.virus
Trojan.Win64.CoinMiner
100.00%

AVG
Skodna.BitCoinMiner, Atros
100.00%

Baidu Antivirus
Hacktool.Win32.Bitcoinminer, Hacktool.Win64.BitCoinMiner
100.00%

VIPRE Antivirus
Threat.4150696
100.00%

F-Secure
Trojan:W32/BitCoinMiner.G, Trojan.Generic.13166951
100.00%

F-Prot
W64/BitCoinMiner.E
100.00%

Kaspersky
not-a-virus:RiskTool.Win64.BitCoinMiner
100.00%

Emsisoft Anti-Malware
Application.Bitcoinminer.HH, Trojan.Generic.13166951
100.00%

Rising Antivirus
PE:Trojan.Win32.Generic.1724D5DA!388290010
50.00%

The domain m.cn94857395.com has been seen to resolve to the following IP address.

146.185.234.88
March 3, 2016

File downloads found at URLs served by m.cn94857395.com.

22 / 68    (Malware)
http://m.cn94857395.com/foo/iiiH_5IMG9BMjoivc4JBVA/1464706952/.../svchost.exe  (colhost.exe)

23 / 68    (Malware)
http://m.cn94857395.com/foo/JXrYTmsXYzcaJHk6hI_gOg/1464706952/.../lsass.exe  (9d8f08c4f8401a6a7651065068b2d9e3)

22 / 68    (Malware)
http://m.cn94857395.com/foo/jqXLuzDROuW3nG9FEfrW7Q/1467992988/.../svchost.exe  (colhost.exe)

22 / 68    (Malware)
http://m.cn94857395.com/foo/wU2aTe0oDkLWcByeD2G11A/1464856157/.../svchost.exe  (colhost.exe)

22 / 68    (Malware)
http://m.cn94857395.com/foo/zv6lENa9dmK_lCfms2q0IQ/1457836635/.../svchost.exe  (colhost.exe)

23 / 68    (Malware)
http://m.cn94857395.com/foo/J7_J4FYg4WIYHiZakmmA5Q/1457836635/.../lsass.exe  (9d8f08c4f8401a6a7651065068b2d9e3)

22 / 68    (Malware)
http://m.cn94857395.com/foo/JUNn2BepawLvzk5fywPycg/1456560993/.../svchost.exe  (colhost.exe)

22 / 68    (Malware)
http://m.cn94857395.com/foo/-sLcyUfHAl9Klv4P6JpBbQ/1451579740/.../svchost.exe  (colhost.exe)

23 / 68    (Malware)
http://m.cn94857395.com/foo/MuyNJkgG_p0MAODLW4RqNA/1451579740/.../lsass.exe  (9d8f08c4f8401a6a7651065068b2d9e3)

22 / 68    (Malware)
http://m.cn94857395.com/foo/taw5rFemDKx7kxIVViKAbw/1453051237/.../svchost.exe  (colhost.exe)

22 / 68    (Malware)
http://m.cn94857395.com/foo/F7ERS2XsT9e6vRwaemQZfA/1456751810/.../svchost.exe  (colhost.exe)

23 / 68    (Malware)
http://m.cn94857395.com/foo/__0JguQRTzg_MVtxF2o2WQ/1456751810/.../lsass.exe  (9d8f08c4f8401a6a7651065068b2d9e3)

22 / 68    (Malware)
http://m.cn94857395.com/foo/hSAG-sPwBFi77-wIzskw-A/1457531254/.../svchost.exe  (colhost.exe)

23 / 68    (Malware)
http://m.cn94857395.com/foo/RWuMAK4ov7Q7n_9eP5I4fQ/1457531254/.../lsass.exe  (9d8f08c4f8401a6a7651065068b2d9e3)

22 / 68    (Malware)
http://m.cn94857395.com/foo/WhtqQ-B10s0ZY6n_StdaKw/1454764107/.../svchost.exe  (colhost.exe)

23 / 68    (Malware)
http://m.cn94857395.com/foo/PB0jVs3lBa4IuRaAxKy5FQ/1454764107/.../lsass.exe  (9d8f08c4f8401a6a7651065068b2d9e3)

23 / 68    (Malware)
http://m.cn94857395.com/foo/tUDx83G9tuLn-neDfO-X5Q/1439926346/.../lsass.exe  (9d8f08c4f8401a6a7651065068b2d9e3)

22 / 68    (Malware)
http://m.cn94857395.com/foo/v-jO8RnNHcO0552GdbbOiA/1439926379/.../svchost.exe  (colhost.exe)

22 / 68    (Malware)
http://m.cn94857395.com/foo/xXG7P0iH7OE947FnuIlS3A/1452434951/.../svchost.exe  (colhost.exe)

23 / 68    (Malware)
http://m.cn94857395.com/foo/MIwz2HOLcWPZWHRTL8pAWw/1452434951/.../lsass.exe  (9d8f08c4f8401a6a7651065068b2d9e3)

22 / 68    (Malware)
http://m.cn94857395.com/foo/EszqmU66zOLDkicSI-FFpQ/1456696586/.../svchost.exe  (colhost.exe)

23 / 68    (Malware)
http://m.cn94857395.com/foo/eW1V4WbNbmY2uIusVtujkQ/1456696586/.../lsass.exe  (9d8f08c4f8401a6a7651065068b2d9e3)

22 / 68    (Malware)
http://m.cn94857395.com/foo/778X8m2XQOXwex1-NEh6vQ/1454924291/.../svchost.exe  (colhost.exe)

23 / 68    (Malware)
http://m.cn94857395.com/foo/WWTMipubGDUOJc2WNq8rWA/1454924291/.../lsass.exe  (9d8f08c4f8401a6a7651065068b2d9e3)

22 / 68    (Malware)
http://m.cn94857395.com/foo/Lj0R5okwXVxU_UUBtZWd5w/1437935768/.../svchost.exe  (colhost.exe)

23 / 68    (Malware)
http://m.cn94857395.com/foo/Do-FAlljXQnHf04HKkcPUA/1437935768/.../lsass.exe  (9d8f08c4f8401a6a7651065068b2d9e3)

URL:
http://m.cn94857395.com/

Web server:
nginx/1.2.1 (PHP/5.4.41-0+deb7u1)

003a63aa0b2e193ef81111bc8c0b56c3.com

0839f88ae61efaa3e91fdf5b732b242f.com

1h2ccnmjclickb6qdybkrszrgjfkar7gv22.com

9846f2d7e24272f38e6f66bf0ff8d7cf.com

icolor19495344.com

skype4885758.com

sony4gamesman.com

xxxl84675900374.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.