home

s3.ru-minecraft.org

Kuzauchuk Vadzim

Domain Information

Currently this domain has been known to host various forms of malware. The hosted servers are located in Moscow, Moscow City within Russia which resides on the RIPE Network Coordination Centre network.
Registrar:
Instra Corporation Pty Ltd.

Server location:
Moscow City, Russia (RU)

Root domain:
ru-minecraft.org

Whois:
1 ru-minecraft.org record

Scanner detections:
Malware distribution  (80% detected)

Scan engine
Details
Detections

Dr.Web
Trojan.Hosts.4563
100.00%

AVG
Luhe.Fiha.A, Citem_c
100.00%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4150696
80.00%

McAfee
Artemis!9B60FEBB0F80, Artemis!3A44CE7A043A, Artemis!3518E4FC56D4
60.00%

avast!
Win32:Malware-gen
60.00%

Trend Micro House Call
PAK_Generic.016, TROJ_GEN.R0CBH05DC14
40.00%

ESET NOD32
Win32/Qhost.PGV
40.00%

NANO AntiVirus
Trojan.Win32.Hosts.daiwpe, Trojan.Win32.Hosts.dahgfy
40.00%

Comodo Security
UnclassifiedMalware
40.00%

Sophos
Mal/Generic-S
40.00%

Avira AntiVirus
TR/Strictor.54258.1, TR/Strictor.54258.2
40.00%

IKARUS anti.virus
Win32.SuspectCrc, Win32.Malware
40.00%

Fortinet FortiGate
W32/Qhost.PGV!tr
40.00%

Baidu Antivirus
Trojan.Win32.Qhost
40.00%

Norman
OnLineGames.SPEM, Suspicious_Gen4.FYWCI
40.00%

The domain s3.ru-minecraft.org has been seen to resolve to the following IP address.

195.88.208.137
hosted-by.spheral.ru
April 15, 2016

File downloads found at URLs served by s3.ru-minecraft.org.

4 / 68      (inconclusive)
http://s3.ru-minecraft.org/.../Minecraft-1.5.2-v0.7.2.exe  (ee64e511fafe48bf76610d0d05475eb3)

8 / 68      (Malware)
http://s3.ru-minecraft.org/.../Minecraft-1.7.2-v0.7.2.exe  (3518e4fc56d41e3ce2c9e7e3d52b6181)

5 / 68      (Malware)
http://s3.ru-minecraft.org/.../Minecraft-1.7.4-v0.7.2.exe  (2d71608150a99e80050fc298903305c1)

15 / 68    (Malware)
http://s3.ru-minecraft.org/.../Minecraft-1.6.4-v0.7.1.exe  (3a44ce7a043a191ad9dde915ed2debb4)

14 / 68    (Malware)
http://s3.ru-minecraft.org/.../Minecraft-1.7.2-v0.7.1.exe  (9b60febb0f80bd9f9b3af57151007a67)

The following 9 files have been seen to comunicate with s3.ru-minecraft.org in live environments.

TCP » 195.88.208.137:443
browserairexec.exe (BrowserAir by Goobzo)

TCP » 195.88.208.137:443
uran.exe (Uran by uCoz Media and Chromium Authors)

TCP » 195.88.208.137:443
UCBrowser.exe (by UCWeb)

TCP » 195.88.208.137:443
citrio.exe (Citrio by CatalinaGroup)

TCP » 195.88.208.137:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 195.88.208.137:443
UCBrowser.exe (by UCWeb)

TCP » 195.88.208.137:443
new_chrome.exe (1stBrowser by The 1stBrowser Authors)

TCP » 195.88.208.137:80
kometa.exe (Kometa by @COMPANY_FULLNAME@)

TCP » 195.88.208.137:80
kometa.exe (Kometa by Kometa Authors)

URL:
http://s3.ru-minecraft.org/

Title:
“ , HD 2016 , LookMix.org”

Description:
“ , LookMix.org . 2016 2015 ”

Web server:
nginx

tlauncher.org

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.