home

dlt.mail.ru

MGL Mail.ru Internet Assets Limited

Domain Information

The domain dlt.mail.ru registered by MGL Mail.ru Internet Assets Limited was initially registered in September of 1997 through RU-CENTER-REG-RIPN. Currently this domain has been known to host various forms of malware. The hosted servers are located in Redwood City, California within the United States which resides on the SKYE network.
Registrar:
RU-CENTER-RU

Server location:
California, United States (US)

Create date:
Saturday, September 27, 1997

Expires date:
Saturday, October 1, 2016

ASN:
AS26008 NOMINUM-SKYE1 - SKYE

Root domain:
mail.ru

Whois:
2 mail.ru records

Scanner detections:
Malware distribution  (83% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Optional.MailRu.DD, Win32.Generic
100.00%

The domain dlt.mail.ru has been seen to resolve to the following 3 IP addresses.

217.69.139.87
lfrd.mail.ru
March 1, 2016

94.100.180.87
lfrd.mail.ru
March 1, 2016

199.101.28.20
search.dnsassist.verizon.net
February 8, 2014

File downloads found at URLs served by dlt.mail.ru.

0 / 68
http://dlt.mail.ru/output/torrent/00/a6/ac/.../smertelnaya_gonka_3_tfile_ru.exe  (51176d127dfbd7f8ef8cd3fa955f7d19)

1 / 68      (Malware)
http://dlt.mail.ru/output/torrent/00/0f/7c/.../tfile_org_217590.exe  (9653d0e3036c79b63d50fe4a698e580e)

1 / 68      (Malware)
http://dlt.mail.ru/output/classic/00/9b/82/.../ref-25215.exe  (9598d3abcb703ae382a86fb1ec909aa3)

1 / 68      (Malware)
http://dlt.mail.ru/output/torrent/.../c5/ec/.../wargame_evropa_v_ogne_wargame_european_escalation_2012_20_12_2012_repack_ot_fenixx_skachat_igry_cherez_torrent_-_skachat_filmy_cherez_torrent.exe  (8fa76424ab9c6cd31ed2f5ec074c5cbf)

1 / 68      (Malware)
http://dlt.mail.ru/output/torrent/00/a1/83/.../zamerzshay_2012_700mb_tfile_ru_avi.exe  (d424f16b289b69194a723613a4a4a70d)

1 / 68      (PUP)
http://dlt.mail.ru/output/classic/00/d1/c9/.../movavi_video_converter_11_0_1.exe  (283ce14a2e0dbe1b7c0387e541295c94)

The following 62 files have been seen to comunicate with dlt.mail.ru in live environments.

TCP » 217.69.139.87:80
SputnikFlashPlayer.exe (SputnikFlashPlayer Module by Mail.Ru)

TCP » 217.69.139.87:80
SputnikFlashPlayer.exe (SputnikFlashPlayer Module by Mail.Ru)

TCP » 94.100.180.87:80
SputnikFlashPlayer.exe (SputnikFlashPlayer Module by Mail.Ru)

TCP » 94.100.180.87:80
SputnikFlashPlayer.exe (SputnikFlashPlayer Module)

TCP » 94.100.180.87:80
SputnikFlashPlayer.exe (SputnikFlashPlayer Module by Mail.Ru)

TCP » 199.101.28.20:80
suggestions.crx

TCP » 199.101.28.20:80
firstuse.crx

TCP » 199.101.28.20:80
google-search.crx

TCP » 199.101.28.20:80
whylogin.crx

TCP » 199.101.28.20:80
facebook.crx

TCP » 199.101.28.20:80
rss.crx

TCP » 199.101.28.20:80
viewlater.crx

TCP » 199.101.28.20:80
ntp.crx

TCP » 199.101.28.20:80
datapump.crx

TCP » 199.101.28.20:80
composer.crx

TCP » 199.101.28.20:80
app-center.crx

TCP » 199.101.28.20:80
3dayinvite.crx

TCP » 199.101.28.20:80
twitter.crx

TCP » 199.101.28.20:80
twitter.crx

TCP » 199.101.28.20:80
ntp.crx

 
Latest 20 of 67 files

URL:
http://dlt.mail.ru/

Title:
“Mail.Ru: почта, поиск в интернете, новости, игры”

Description:
“Почта Mail.Ru — крупнейшая бесплатная почта, быстрый и удобный интерфейс, неограниченный объем ящика, надежная защита от спама и вирусов, мобильная версия и приложения для смартфонов. Доступ по IMAP, SMS-уведомления, интерфейс на разных языках и ...”

SSL certificate subject:
CN=*.mail.ru, OU=IT, O=LLC Mail.Ru, L=Moscow, S=RUSSIAN FEDERATION, C=RU

SSL certificate issuer:
CN=GeoTrust SSL CA - G3, O=GeoTrust Inc., C=US

Web server:
nginx/1.6.2

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.