home

www.liderancacobrancas.ru

Private Person  (Proxy Registrant)

Domain Information

The domain www.liderancacobrancas.ru is registered by proxy through RU-CENTER-RU and was originally registered in December of 2015. Currently this domain has been known to host various forms of malware. The hosted servers are located in Moscow, Moscow City within Russia which resides on the RIPE Network Coordination Centre network.
Registrar:
RU-CENTER-RU

Server location:
Moscow City, Russia (RU)

Create date:
Tuesday, December 1, 2015

Expires date:
Thursday, December 1, 2016

ASN:
AS20655 E-STYLEISP-AS e-Style ISP LLC,RU

Root domain:
liderancacobrancas.ru

Whois:
1 liderancacobrancas.ru record

Scanner detections:
Malware distribution  (83% detected)

Scan engine
Details
Detections

MicroWorld eScan
Trojan.Agent.BORX, Gen:Variant.Kazy.777780, Gen:Variant.Adware.Barys.2182, Gen:Variant.Strictor.101116, Trojan.Downloader.JSMO
100.00%

Bitdefender
Trojan.Agent.BORX, Gen:Variant.Kazy.777780, Gen:Variant.Adware.Barys.2182, Gen:Variant.Strictor.101116, Trojan.Downloader.JSMO
100.00%

Lavasoft Ad-Aware
Trojan.Agent.BORX, Gen:Variant.Kazy.777780, Gen:Variant.Adware.Barys.2182, Gen:Variant.Strictor.101116, Trojan.Downloader.JSMO
100.00%

F-Secure
Trojan.Agent.BORX, Gen:Variant.Kazy.777780, Gen:Variant.Adware.Barys, Gen:Variant.Strictor.101116, Trojan.Downloader.JSMO
100.00%

Emsisoft Anti-Malware
Trojan.Agent.BORX, Gen:Variant.Kazy.777780, Gen:Variant.Adware.Barys.2182, Gen:Variant.Strictor.101116, Trojan.Downloader.JSMO
100.00%

ESET NOD32
MSIL/TrojanDownloader.Agent.BGK (variant), Generik.NNSRMBN (variant)
100.00%

Arcabit
Trojan.Agent.BORX, Trojan.Kazy.DBDE34, Trojan.Strictor.D18AFC, Trojan.Downloader.JSMO
80.00%

Avira AntiVirus
TR/Dropper.MSIL.231988, TR/Dropper.MSIL.231997, TR/Dropper.MSIL.190639, TR/Dropper.MSIL.234116
80.00%

G Data
Trojan.Agent.BORX, Gen:Variant.Kazy.777780, Gen:Variant.Adware.Barys.2182, Gen:Variant.Strictor.101116
80.00%

Baidu Antivirus
Trojan.Win32.Generik, Trojan.MSIL.Agent
80.00%

Malwarebytes
Trojan.Dropper.FSHRD
60.00%

NANO AntiVirus
Trojan.Win32.Agent.dyzusp, Trojan.Win32.Agent.dyzunl, Trojan.Win32.Agent.dzdzte
60.00%

Kaspersky
UDS:DangerousObject.Multi.Generic
60.00%

VIPRE Antivirus
Trojan.Win32.Generic
60.00%

Panda Antivirus
Trj/CI.A, Trj/GdSda.A
60.00%

The domain www.liderancacobrancas.ru has been seen to resolve to the following 2 IP addresses.

192.64.147.142
192.64.147.142.voodoo.com
April 15, 2016

217.174.100.233
217-174-100-233.e-styleisp.ru
January 30, 2016

File downloads found at URLs served by www.liderancacobrancas.ru.

9 / 68      (PUP)
http://www.liderancacobrancas.ru/cobranca.php?cliente=xEkk6nmCHCQkwLJJVTlf2VNyqlx5BcNj  (cobranca-pdf1640896917.exe)

11 / 68    (Malware)
http://www.liderancacobrancas.ru/cobranca.php?cliente=zVfN3ZpbE0RRPfCWnD0Y9W7zq7Gtyzdi  (cobranca-pdf1411152997.exe)

0 / 68
http://www.liderancacobrancas.ru/cobranca.php?cliente=XhpfL0sNh1HrvO2LmD0in31kVzv4p9Ve-ATHOSADVOGADO  (cobranca-pdf987445211.exe)

20 / 68    (Malware)
http://www.liderancacobrancas.ru/cobranca.php?cliente=91OwlKjrsnKVZNuSMcrGSbbJQ37o2ogI  (cobranca-pdf673715698.exe)

23 / 68    (Malware)
http://www.liderancacobrancas.ru/cobranca.php?cliente=8BWZnt6Piy3em4V3nSBgpW6SdtTLoyyj  (liderancacobrancaapjc0f6ajjavwls-pdf.exe)

21 / 68    (Malware)
http://www.liderancacobrancas.ru/cobranca.php?cliente=0ACgooDjwm0NY5gktm7XcM5QwzG2ZxSo  (liderancacobrancacnpaac8edzsgxjz-pdf.exe)

URL:
http://www.liderancacobrancas.ru/

Web server:
Apache (PHP/5.3.8)

cobfinanceira.com

cobrance.ru

ecocobrancas.ru

entregaregistrada.ru

leadershipcobrancas.ru

regularizecobrancas.ru

silvacobrancas.ru

whatsappbr.org

xvidcodec.org

cobraqui.ru

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.