home

skesste.h19.ru

Private Person  (Proxy Registrant)

Domain Information

The domain skesste.h19.ru is registered by proxy through SALENAMES-RU and was originally registered in October of 2004. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Moscow, Moscow City within Russia which resides on the RIPE Network Coordination Centre network.
Registrar:
SALENAMES-RU

Server location:
Moscow City, Russia (RU)

Create date:
Monday, October 11, 2004

Expires date:
Tuesday, October 11, 2016

ASN:
AS43146 AGAVA3 Agava Ltd., RU

Root domain:
h19.ru

Whois:
1 h19.ru record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

MicroWorld eScan
Gen:Variant.Barys.5274
100.00%

McAfee
Artemis!DAEEB94F412B
100.00%

Malwarebytes
PUP.SmsPay
100.00%

K7 AntiVirus
Riskware
100.00%

F-Prot
W32/Delf.CW.gen
100.00%

Norman
Suspicious_Gen5.IOYS
100.00%

Trend Micro House Call
TROJ_GEN.RCBB1AR
100.00%

avast!
Win32:Malware-gen
100.00%

Bitdefender
Gen:Variant.Barys.5274
100.00%

Agnitum Outpost
Hoax.ArchSMS
100.00%

Sophos
Generic PUA CB
100.00%

Comodo Security
ApplicUnwnt.Win32.Hoax.ArchSMS.SLF
100.00%

F-Secure
Gen:Variant.Barys.5274
100.00%

Dr.Web
Trojan.SMSSend.3878
100.00%

VIPRE Antivirus
Trojan.Win32.Generic
100.00%

The domain skesste.h19.ru has been seen to resolve to the following IP address.

89.108.91.183
double6.holm.ru
May 16, 2016

File downloads found at URLs served by skesste.h19.ru.

24 / 68    (PUP)
http://skesste.h19.ru/Skype5.5.exe  (daeeb94f412b1e7cf9c7cb1afed9e967)

URL:
http://skesste.h19.ru/

Web server:
nginx/0.7.62

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.