home

roadshortway.ru

Artex Management S.A.

Domain Information

The domain roadshortway.ru registered by Artex Management S.A. was initially registered in April of 2015 through REGTIME-RU. Currently this domain has been known to host various forms of malware. The hosted servers are located in Moscow, Moscow City within Russia which resides on the RIPE Network Coordination Centre network.
Registrar:
RU-CENTER-RU

Server location:
Moscow City, Russia (RU)

Create date:
Sunday, April 12, 2015

Expires date:
Tuesday, April 12, 2016

ASN:
AS48287 RU-SERVICE-AS RU-SERVICE Ltd,RU

Whois:
2 roadshortway.ru records

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Amonitize.Installer, PUP.Amonitize.Installer, Threat.Win.Reputation.IMP, PUP.Amonitize.Installer (M), PUP.Amonitize (M)
100.00%

VIPRE Antivirus
Threat.5064197, Threat.4150696
11.11%

Lavasoft Ad-Aware
Gen:Variant.Graftor.186698, Application.Downloader.WQ
11.11%

F-Secure
Gen:Variant.Graftor.186698, Riskware.Application.Downloader.WQ
11.11%

Emsisoft Anti-Malware
Gen:Variant.Graftor.186698, Application.Downloader.WQ
11.11%

ESET NOD32
Win32/Dlhelper.E potentially unwanted application
11.11%

Dr.Web
Trojan.Zadved.80
11.11%

Kaspersky
not-a-virus:AdWare.Win32.AdLoad
11.11%

MicroWorld eScan
Gen:Variant.Graftor.186698, Application.Downloader.WQ
11.11%

K7 AntiVirus
Unwanted-Program
11.11%

Bitdefender
Gen:Variant.Graftor.186698, Application.Downloader.WQ
11.11%

NANO AntiVirus
Riskware.Win32.AdLoad.drjalh, Trojan.Win32.Zadved.dqntoj
11.11%

G Data
Gen:Variant.Graftor.186698, Application.Downloader.WQ
11.11%

AVG
Dlhelper, Potentially harmful program Downloader.FUL
11.11%

Panda Antivirus
Trj/Genetic.gen
11.11%

The domain roadshortway.ru has been seen to resolve to the following 3 IP addresses.

109.70.26.37
expirepages-kiae-1.nic.ru
April 12, 2016

194.85.61.76
expirepages-kiae-2.nic.ru
April 12, 2016

200.7.96.12
May 15, 2015

File downloads found at URLs served by roadshortway.ru.

1 / 68      (Malware)
http://roadshortway.ru/266/0/0/.../MTIxMjc7MDtodHRwOi8vbWF4ZG93bmxvYWRlci5jb20vTWF4RG93bmxvYWQuZXhlO2ZpbG02NDkzLXRvcnJlbnQuZXhlOzY7NDA5NjsxOzA7  (film6493-torrent.exe)

1 / 68      (Adware)
http://roadshortway.ru/266/0/0/.../MTE2ODc7MDtodHRwOi8vbWF4ZG93bmxvYWRlci5jb20vTWF4RG93bmxvYWQuZXhlO2ZpbGVTZXR1cGUuZXhlOzI7NDA5NjsxOzA7  (filesetupe.exe)

1 / 68      (Adware)
http://roadshortway.ru/266/0/0/.../MTE2ODc7MDtodHRwOi8vbWF4ZG93bmxvYWRlci5jb20vTWF4RG93bmxvYWQuZXhlO2ZpbGVTZXR1cGUuZXhlOzI7NDA5NjsxOzA7  (filesetupe.exe)

1 / 68      (Malware)
http://roadshortway.ru/266/0/0/.../MTIxODg7MDtodHRwOi8vbWF4ZG93bmxvYWRlci5jb20vTWF4RG93bmxvYWQuZXhlO3RvcnIwOTQ3LXRvcnJlbnQuZXhlOzY7NDA5NjsxOzA7  (torr0947-torrent.exe)

1 / 68      (Adware)
http://roadshortway.ru/266/0/0/.../MTE5NDA7MDtodHRwOi8vbWF4ZG93bmxvYWRlci5jb20vTWF4RG93bmxvYWQuZXhlO2RsaUd0YTQ2NzMuZXhlOzE7NDA5NjsxOzA7  (dligta4673.exe)

1 / 68      (Adware)
http://roadshortway.ru/266/0/0/.../MTE2NzE7MDtodHRwOi8vbWF4ZG93bmxvYWRlci5jb20vTWF4RG93bmxvYWQuZXhlO1RvcnI4MTg3LXRvcnJlbnQuZXhlOzY7NDA5NjsxOzA7  (torr8187-torrent.exe)

1 / 68      (Malware)
http://roadshortway.ru/266/0/0/.../MTE5NDA7MDtodHRwOi8vbWF4ZG93bmxvYWRlci5jb20vTWF4RG93bmxvYWQuZXhlO2RsaUd0YTQ2NzMuZXhlOzE7NDA5NjsxOzA7  (dligta4673.exe)

1 / 68      (Malware)
http://roadshortway.ru/266/0/0/.../MTE2ODc7MDtodHRwOi8vbG9hZGxlYWRlci5uZXQvTG9hZExlYWRlci5leGU7ZmlsZS1zZXR1cGUuZXhlOzI7NDA5NjsxOzA7  (file-setupe.exe)

1 / 68      (Malware)
http://roadshortway.ru/266/0/0/.../MTE5NDA7MDtodHRwOi8vbWF4ZG93bmxvYWRlci5jb20vTWF4RG93bmxvYWQuZXhlO2RsaUd0YTQ2NzMuZXhlOzE7NDA5NjsxOzA7  (dligta4673.exe)

1 / 68      (Malware)
http://roadshortway.ru/266/0/0/.../MTE1Mjc7MDtodHRwOi8vbWF4ZG93bmxvYWRlci5jb20vTWF4RG93bmxvYWQuZXhlO3ZzZWd0YTAuZXhlOzE7NDA5NjsxOzA7  (vsegta0.exe)

1 / 68      (Malware)
http://roadshortway.ru/266/0/0/.../MTE1Mjc7MDtodHRwOi8vbWF4ZG93bmxvYWRlci5jb20vTWF4RG93bmxvYWQuZXhlO3ZzZWd0YTAuZXhlOzE7NDA5NjsxOzA7  (vsegta0.exe)

1 / 68      (Malware)
http://roadshortway.ru/266/0/0/.../MTE1Mjc7MDtodHRwOi8vbWF4ZG93bmxvYWRlci5jb20vTWF4RG93bmxvYWQuZXhlO3ZzZWd0YTAuZXhlOzE7NDA5NjsxOzA7  (vsegta0.exe)

1 / 68      (Malware)
http://roadshortway.ru/266/0/0/.../MTE1Mjc7MDtodHRwOi8vbWF4ZG93bmxvYWRlci5jb20vTWF4RG93bmxvYWQuZXhlO3ZzZWd0YTAuZXhlOzE7NDA5NjsxOzA7  (vsegta0.exe)

1 / 68      (Malware)
http://roadshortway.ru/266/0/0/.../MTE1Mjc7MDtodHRwOi8vbWF4ZG93bmxvYWRlci5jb20vTWF4RG93bmxvYWQuZXhlO3ZzZWd0YTAuZXhlOzE7NDA5NjsxOzA7  (vsegta0.exe)

1 / 68      (Malware)
http://roadshortway.ru/266/0/0/.../MTE5NDA7MDtodHRwOi8vbWF4ZG93bmxvYWRlci5jb20vTWF4RG93bmxvYWQuZXhlO2RsaUd0YTQ2NzMuZXhlOzE7NDA5NjsxOzA7  (dligta4673.exe)

1 / 68      (Malware)
http://roadshortway.ru/266/0/0/.../MTE1Mjc7MDtodHRwOi8vbWF4ZG93bmxvYWRlci5jb20vTWF4RG93bmxvYWQuZXhlO3ZzZWd0YTAuZXhlOzE7NDA5NjsxOzA7  (vsegta0.exe)

1 / 68      (Malware)
http://roadshortway.ru/159/0/0/11952/.../2  (csgo-v1.34.8.3.iso.torrent.exe)

1 / 68      (Adware)
http://roadshortway.ru/266/0/0/.../MTE2NzQ7MDtodHRwOi8vbWF4ZG93bmxvYWRlci5jb20vTWF4RG93bmxvYWQuZXhlO1RvcnI3MTc4LXRvcnJlbnQuZXhlOzY7NDA5NjsxOzA7  (torr7178-torrent.exe)

1 / 68      (Adware)
http://roadshortway.ru/266/0/0/.../MTE2ODc7MDtodHRwOi8vbWF4ZG93bmxvYWRlci5jb20vTWF4RG93bmxvYWQuZXhlO2ZpbGVTZXR1cGUuZXhlOzI7NDA5NjsxOzA7  (filesetupe.exe)

1 / 68      (Malware)
http://roadshortway.ru/266/0/0/.../MTE1MzM7MDtodHRwOi8vbG9hZGxlYWRlci5uZXQvTG9hZExlYWRlci5leGU7dG9ycjc1Njg5LXRvcnJlbnQuZXhlOzY7NDA5NjsxOzA7  (torr75689-torrent.exe)

1 / 68      (Malware)
http://roadshortway.ru/266/0/0/.../MTE5NDA7MDtodHRwOi8vbWF4ZG93bmxvYWRlci5jb20vTWF4RG93bmxvYWQuZXhlO2RsaUd0YTQ2NzMuZXhlOzE7NDA5NjsxOzA7  (dligta4673.exe)

1 / 68      (Malware)
http://roadshortway.ru/159/0/0/11952/.../2  (torrent-1132398.torrent.exe)

1 / 68      (Malware)
http://roadshortway.ru/159/0/0/11952/.../2  (torrent-0.torrent.exe)

25 / 68    (Adware)
http://roadshortway.ru/266/0/0/.../MTE2ODc7MDtodHRwOi8vbWF4ZG93bmxvYWRlci5jb20vTWF4RG93bmxvYWQuZXhlO2ZpbGVTZXR1cGUuZXhlOzI7NDA5NjsxOzA7  (filesetupe.exe)

1 / 68      (Malware)
http://roadshortway.ru/266/0/0/.../MTE2ODc7MDtodHRwOi8vbG9hZGxlYWRlci5uZXQvTG9hZExlYWRlci5leGU7ZmlsZS1zZXR1cGUuZXhlOzI7NDA5NjsxOzA7  (file-setupe.exe)

24 / 68    (Adware)
http://roadshortway.ru/266/0/0/.../MTE2ODc7MDtodHRwOi8vbWF4ZG93bmxvYWRlci5jb20vTWF4RG93bmxvYWQuZXhlO2ZpbGVTZXR1cGUuZXhlOzI7NDA5NjsxOzA7  (filesetupe.exe)

18 / 68    (Adware)
http://roadshortway.ru/266/0/0/.../MTE2ODc7MDtodHRwOi8vbWF4ZG93bmxvYWRlci5jb20vTWF4RG93bmxvYWQuZXhlO2ZpbGVTZXR1cGUuZXhlOzI7NDA5NjsxOzA7  (filesetupe.exe)

The following 15 files have been seen to comunicate with roadshortway.ru in live environments.

TCP » 109.70.26.37:80
online-guardian-v2.0.9.exe

TCP » 109.70.26.37:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 109.70.26.37:80
7eda.tmp.exe

TCP » 109.70.26.37:443
client.exe (ClientWrapper)

TCP » 194.85.61.76:80
ContentFinder.exe (ContentFinder by ContentFinder Company)

TCP » 109.70.26.37:80
onlineguardian-v2.exe

TCP » 194.85.61.76:443
Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

TCP » 194.85.61.76:80
7eda.tmp.exe

TCP » 109.70.26.37:993
produpd.exe (produpd.exe by Vested Development, Inc)

TCP » 109.70.26.37:80
oujzmdpj.exe

TCP » 109.70.26.37:9997
svchostupdate.exe

TCP » 109.70.26.37:80
UCBrowser.exe (by UCWeb)

TCP » 194.85.61.76:443
client.exe (ClientWrapper)

TCP » 109.70.26.37:443
injector.txt (Windows by Microsoft)

TCP » 109.70.26.37:80
online-guardian-v2.exe

TCP » 109.70.26.37:80
dsjrdhmsdoen.exe

TCP » 109.70.26.37:993
produpd.exe (produpd.exe by Vested Development, Inc)

TCP » 194.85.61.76:80
oujzmdpj.exe

0aautix21m.ru

2-flashadobe.ru

abandon-little.ru

amgone.ru

audiobookmaker.com

avallon2013.ru

beauty-mix-probe.ru

cheapsunday.ru

cowboyscale378.ru

epubkindle.com

feed-extend.ru

file-storemy.ru

fireprog.ru

genser-auto.ru

getfile-bs.ru

getfile-prosoft-one.ru

middle-loudly979.ru

moywot.ru

needright.ru

office-skachat.ru

press-set356.ru

programmibesplatno.ru

relisting.ru

sdance.su

severalrecognize.ru

snowik.ru

softplaneta.ru

sysfilepro.ru

syspro-file.ru

tanjune.ru

30 of 37 related domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.