» load.win9soft.ru
Overview
Analysis
IPs Addresses (1)
Downloads (1)
Website Detail
Related Domains (5)

load.win9soft.ru

Private Person (Proxy Registrant)

Domain Information

The domain load.win9soft.ru is registered by proxy through REGRU-REG-RIPN and was originally registered in November of 2012. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Moscow, Moscow City within Russia which resides on the RIPE Network Coordination Centre network.

Registrant:

Private Person

Registrar:

REGRU-REG-RIPN

Server location:

Moscow City, Russia (RU)

Create date:

Sunday, November 25, 2012

Expires date:

Tuesday, November 25, 2014

ASN:

AS42632 MNOGOBYTE-AS MnogoByte LLC

Root domain:

win9soft.ru

Whois:

1 win9soft.ru record

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.Optional.MailRu.O

100.00%

The domain load.win9soft.ru has been seen to resolve to the following IP address.

146.255.192.10

loadmoney.ru

April 25, 2014

File downloads found at URLs served by load.win9soft.ru.

1 / 68 (PUP)

http://load.win9soft.ru/get_file?sid=12650&url=aHR0cDovL2NvbnRpbmVudGFsLWRyaWZ0LnJ1L2ZpbGVzXzQ2NTYzZHQ2LnJhcg==&name=ZmlsZXNfNDY1NjNkdDYucmFy&type=YXJjaGl2ZQ==&size=ODY= (files_46563dt6.exe)

URL:

http://load.win9soft.ru/

Web server:

nginx (PHP/5.3.10)

Related Domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.