home

orbitumsoftware.ru

Orbitum Software LLC

Domain Information

The domain orbitumsoftware.ru registered by Orbitum Software LLC was initially registered in June of 2015 through REGRU-RU. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Roubaix, Nord-Pas-De-Calais within France which resides on the RIPE Network Coordination Centre network.
Registrar:
REGRU-RU

Server location:
Nord-Pas-De-Calais, France (FR)

Create date:
Monday, June 1, 2015

Expires date:
Thursday, June 1, 2017

ASN:
AS16276 OVH OVH SAS, FR

Whois:
1 orbitumsoftware.ru record

Scanner detections:
Detections  (92% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Orbitum.Bergariu.Installer.Meta (L), (M), Adware.Downloader.TOV.Installer.Meta (M), PUP.DLHelper, PUP.SmartIst.Installer (M), PUP.DLHelper.SmartPro.Installer (M), Adware.Bundler.TOV.Installer.Meta (M), PUP.DLHelper (M), PUP (M), Adware.Bundler.TOV (M)
97.87%

avast!
Win32:Adware-gen [Adw]
2.13%

The domain orbitumsoftware.ru has been seen to resolve to the following 4 IP addresses.

176.31.227.134
ns3032477.ip-176-31-227.eu
May 26, 2016

193.0.201.27
May 25, 2016

62.210.112.55
62-210-112-55.rev.poneytelecom.eu
May 17, 2016

37.19.5.151
May 17, 2016

File downloads found at URLs served by orbitumsoftware.ru.

1 / 68      (PUP)
http://orbitumsoftware.ru/setup.php  (setup.exe)

1 / 68      (PUP)
http://orbitumsoftware.ru/171E92C18EEE40A29D1749C505091DFC_SOPHOS_WARN_PROCEEDED_FLAG  (setup.exe)

1 / 68      (PUP)
http://orbitumsoftware.ru/.../FinalDownload/DownloadId-DAC07954C199A811316E6EB8CEE5C6B4/.../setup.php  (setup.exe)

The following 32 files have been seen to comunicate with orbitumsoftware.ru in live environments.

TCP » 37.19.5.151:80
auth-prod.crx

TCP » 37.19.5.151:80
ohcat_producation.crx

TCP » 37.19.5.151:80
ohcat_producation.crx

TCP » 37.19.5.151:80
myspeed_en.crx

TCP » 37.19.5.151:80
sidebar-prod.crx

TCP » 37.19.5.151:80
auth-prod.crx

TCP » 37.19.5.151:80
vk_theme.crx

TCP » 37.19.5.151:80
ohcat_producation.crx

TCP » 37.19.5.151:80
auth-prod.crx

TCP » 37.19.5.151:80
myspeed_en.crx

TCP » 37.19.5.151:80
sidebar-prod.crx

TCP » 37.19.5.151:80
auth-prod.crx

TCP » 37.19.5.151:80
sidebar-prod.crx

TCP » 37.19.5.151:80
auth-prod.crx

TCP » 62.210.112.55:80
myspeed_en_prod.crx

TCP » 62.210.112.55:80
ohcat_producation.crx

TCP » 62.210.112.55:80
auth-prod.crx

TCP » 62.210.112.55:80
myspeed_en_prod.crx

TCP » 62.210.112.55:80
ohcat_producation.crx

TCP » 62.210.112.55:80
myspeed_en_prod.crx

 
Latest 20 of 32 files

URL:
http://orbitumsoftware.ru/

Web server:
nginx/1.6.3 (PHP/5.4.16)

orbitum.com

orbitum.me

agentvkontakte.ru

orbitum.ru

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.