home

moywot.ru

Private Person  (Proxy Registrant)

Domain Information

The domain moywot.ru is registered by proxy through R01-RU and was originally registered in March of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Gunzenhausen, Bayern within Germany which resides on the RIPE Network Coordination Centre network.
Registrar:
R01-RU

Server location:
Bayern, Germany (DE)

Create date:
Monday, March 25, 2013

Expires date:
Friday, March 25, 2016

ASN:
AS24940 HETZNER-AS Hetzner Online AG,DE

Whois:
1 moywot.ru record

Scanner detections:
Detections  (84% detected)

Scan engine
Details
Detections

Kaspersky
UDS:DangerousObject.Multi.Generic, not-a-virus:HEUR:Downloader.NSIS.SoftBase, not-a-virus:Downloader.NSIS.SoftBase
66.67%

ESET NOD32
Win32/Softobase.C potentially unwanted, Win32/InstallCore.CU (variant)
55.56%

Trend Micro House Call
Suspicious_GEN.F47V0220, Suspicious_GEN.F47V0327, Suspicious_GEN.F47V0319, Suspicious_GEN.F47V0128, TROJ_GEN.R021H07EL15, Suspicious_GEN.F47V0315, TROJ_GEN.R047H07DG15, Suspicious_GEN.F47V0316
40.74%

Reason Heuristics
Threat.Win.Reputation.IMP, Adware.Generic.AT (M), PUP.InstallCore.ENG (M)
37.04%

Baidu Antivirus
PUA.Win32.Softobase
37.04%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h, Downware.InstallCore
33.33%

Dr.Web
Adware.Downware.9858, Detection.Undefined, Adware.InstallCore.133, Adware.Downware.9855, Adware.Downware.10974, Adware.Downware.10038
29.63%

McAfee
Artemis!C0F96F8D8389, Artemis!F823C509D0A9, Artemis!B8608A909B25, Artemis!4D237E7FEAE4, Artemis!C2C9D49753D6, Artemis!B64EB63AB0AF
29.63%

Sophos
Generic PUA EH (PUA), PUA 'Softobase', Install Core Click run software, Generic PUA PH (PUA), Generic PUA II (PUA)
25.93%

avast!
Win32:Malware-gen, Win32:Rootkit-gen [Rtk], Win32:Adware-gen [Adw]
18.52%

NANO AntiVirus
Trojan.Nsis.SoftBase.dsgvph
18.52%

Panda Antivirus
Generic Suspicious, Trj/CI.A
18.52%

ESET NOD32
Win32/Softobase.C potentially unwanted application
18.52%

K7 AntiVirus
Adware , Unwanted-Program
14.81%

Qihoo 360 Security
HEUR/QVM20.1.Malware.Gen
14.81%

The domain moywot.ru has been seen to resolve to the following 9 IP addresses.

194.85.61.76
expirepages-kiae-2.nic.ru
April 8, 2016

109.70.26.37
expirepages-kiae-1.nic.ru
April 8, 2016

136.243.24.33
static.33.24.243.136.clients.your-server.de
November 7, 2015

85.10.196.94
static.85-10-196-94.clients.your-server.de
May 6, 2015

85.10.200.21
85-10-200-21.clients.your-server.de
May 6, 2015

178.63.40.158
static.158.40.63.178.clients.your-server.de
May 6, 2015

46.4.69.113
static.113.69.4.46.clients.your-server.de
March 12, 2015

178.63.40.140
static.140.40.63.178.clients.your-server.de
March 12, 2015

78.46.65.182
static.182.65.46.78.clients.your-server.de
March 12, 2015

File downloads found at URLs served by moywot.ru.

3 / 68      (PUP)
http://moywot.ru/.../BurnAware_Free_Rus_Setup.exe  (2b401e9ee78d2b2c8b9514e0a6552473)

13 / 68    (PUP)
http://moywot.ru/.../MicrosoftOffice2007SP3_Rus_Setup.exe  (653d5aefaaf4aea368290ceb5c7d513e)

2 / 68      (PUP)
http://moywot.ru/.../MovaviVideoEditor_Trial_Rus_Setup.exe  (1ffd53b1e0eb630de8eb371d0c9ee366)

1 / 68      (Malware)
http://moywot.ru/.../VLC_Media_Player_Rus_Setup.exe  (2be257cc4526c0a2df0c953d314293eb)

2 / 68      (inconclusive)
http://moywot.ru/.../K-Lite_Codec_Pack_Standard.exe  (73b4757c7c0ff8b0edb5fa64098bc6fc)

8 / 68      (PUP)
http://moywot.ru/.../uTorrent_Rus_Setup.exe  (f823c509d0a9f562f214608bcbc78877)

8 / 68      (PUP)
http://moywot.ru/.../Steam_Rus_Setup.exe  (e333784f2145335c0d578a78a40ca0ce)

0 / 68
http://moywot.ru/.../Realtek_HD_Audio_Vista_Win7_Win8_32bit-64bit.exe  (3ec401e3fcf3cd886efc30bc23fcab8c)

1 / 68      (Malware)
http://moywot.ru/.../ABBYYFineReaderProfessionalEdition_Trial_Rus_Setup.exe  (27c8b3e0c0bf2144dab946878885cdb7)

12 / 68    (PUP)
http://moywot.ru/.../Mp3DirectCut_Setup.exe  (bf8708bde18a3c65ae59d3157f138229)

1 / 68      (Malware)
http://moywot.ru/.../Java_Runtime_Environment_x32.exe  (12dc9af3ff62fddcc88dc7f73bd173b6)

0 / 68
http://moywot.ru/wp-content/uploads/2013/.../wot_JovesModPack_0.8.9_v8.0.exe  (534705710e8752169de00128b7a442a6)

4 / 68      (PUP)
http://moywot.ru/.../AIMP_Rus_Setup.exe  (2a914a001cc6be929aafda776f55f8c3)

6 / 68      (PUP)
http://moywot.ru/.../SamsungKies_Rus_Setup.exe  (3000a01c0f2d5b590efdd38a2bef8856)

7 / 68      (PUP)
http://moywot.ru/.../TeamSpeak_x32_Setup.exe  (5ebf6f7c64e7f44f90e57b415e9881c2)

7 / 68      (PUP)
http://moywot.ru/.../Avast_Free_Antivirus_Rus_Setup.exe  (c2c9d49753d6b0ce86cd08126f362db2)

2 / 68      (Malware)
http://moywot.ru/.../Download_Master_Rus_Setup.exe  (cf43e86474f06b113827d119c94ec3fd)

3 / 68      (Malware)
http://moywot.ru/.../MyPhoneExplorer_Rus_Setup.exe  (bfc2889ba7b5d1db7899f7c12781727e)

0 / 68
http://moywot.ru/.../Directx_9.10.11.exe  (7061e89308b96d1352e66d88649b32e0)

2 / 68      (PUP)
http://moywot.ru/.../Avast_Free_Antivirus_Rus_Setup.exe  (d60c680e7697771ae8ed2bec2325c805)

3 / 68      (Malware)
http://moywot.ru/.../Zona_Russian_Setup.exe  (584d72ecd69f592c76e3f9153ee2c717)

The following 22 files have been seen to comunicate with moywot.ru in live environments.

TCP » 109.70.26.37:80
online-guardian-v2.0.9.exe

TCP » 109.70.26.37:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 85.10.196.94:80
SoftobaseUpdater_2.0.exe (Softobase Updater)

TCP » 109.70.26.37:80
7eda.tmp.exe

TCP » 178.63.40.158:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 85.10.196.94:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 109.70.26.37:443
client.exe (ClientWrapper)

TCP » 194.85.61.76:80
ContentFinder.exe (ContentFinder by ContentFinder Company)

TCP » 109.70.26.37:80
onlineguardian-v2.exe

TCP » 194.85.61.76:443
Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

TCP » 194.85.61.76:80
7eda.tmp.exe

TCP » 109.70.26.37:993
produpd.exe (produpd.exe by Vested Development, Inc)

TCP » 109.70.26.37:80
oujzmdpj.exe

TCP » 109.70.26.37:9997
svchostupdate.exe

TCP » 109.70.26.37:80
UCBrowser.exe (by UCWeb)

TCP » 194.85.61.76:443
client.exe (ClientWrapper)

TCP » 85.10.196.94:80
installpack.exe

TCP » 85.10.200.21:80
directx_9.10.11.exe

TCP » 85.10.200.21:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 109.70.26.37:443
injector.txt (Windows by Microsoft)

 
Latest 20 of 29 files

URL:
http://moywot.ru/

Title:
“MoyWOT.ru - все для World of Tanks”

Description:
“Моды и прицелы для World of Tanks - cкины, шкурки, зоны пробития, xvm оленеметр для wot.”

Web server:
nginx/1.8.0

Facebook:
Shares:  2

Statistics above are for the previous month of April 2024.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.