Domain > avp-mech.ru

More information on this domain is in AlienVault OTX

Reports

http://cybertracker.malwarehunterteam.com/maliciou...

https://otx.alienvault.com/pulse/56cd255067db8c585...

https://kc.mcafee.com/resources/sites/MCAFEE/conte...

Files that talk to avp-mech.ru

MD5	A/V
1a090b18f17a6c58970e98e8f9243ebe
85db57ef75826c99bc3b43337822208d	[W97M/DLoader.A] [W2KM_DLOADR.BYX] [W97M/DLoader.A]
8a1f06a2452e6a4886cd83934aa6d1ec	[Trojan-Downloader:W97M/Dridex.S]
ac121eeb4c974ee8f92236059d608630	[Trojan-Downloader:W97M/Dridex.S]
8db40d418e32c05a3607f218a500dd48	[Trojan-Downloader:W97M/Dridex.S]
fe319296e6a65047d8afa8a1fea8d795	[W97M/DLoader.A] [W2KM_DL.4BC4FF72] [W2Km.Dloadr.Byx!c] [W2KM_DL.4BC4FF72] [W97M/DLoader.A]
ac62bae66f76f402ca24df6c6ea1f38f	[Trojan-Downloader:W97M/Dridex.S]
8ad3a34602a2ebeba53a0c1b5e397512	[W97M/DLoader.A] [W2KM_DL.4BC4FF72] [W2KM_DL.4BC4FF72] [W97M/DLoader.A]
07a3e90e90bb20f0ef30cd88eff00259	[Trojan-Downloader:W97M/Dridex.S]
c1575d555ae518bbeb67762c8d5e52cc
0c5668d334c58770264cace66aa95141
c689d01f9ace8bc2c2b0749c2b2b1c9d	[Trojan-Downloader:W97M/Dridex.S]
b53fe97a41c6ff43bf0bf3855edd56c6	[W97M.Downloader.AVM] [W97M/Donoff] [W2KM_CRYPWALL.Y] [W97M.Downloader.AVM] [W97M.Downloader.AVM] [Trojan-Downloader:W97M/Dridex.S] [W97M.MulDrop.97] [W2KM_CRYPWALL.Y] [Troj/DocDl-BDH] [W97M/Downloader]
28881599df09131685522abebb9957a6	[W97M.Downloader.AVM] [W2KM_CRYPWALL.Y] [W97M.Downloader.AVM] [W97M.Downloader.AVM] [Trojan-Downloader:W97M/Dridex.S] [W97M.MulDrop.97] [W2KM_CRYPWALL.Y] [Troj/DocDl-BDH] [W97M/Donoff] [W97M.Downloader.Avm!c] [W97M/Downloader] [TrojanDownloader:O97M/Donoff] [W97M/Downloader.aya] [Trojan-Downloader.VBA.Locky] [W97M/Downloader] [O97M/Downloader]
99d7742555c00d151122edf902a7005a	[W2KM_HP.9DF081F9] [Trojan.Script.MLW.ebktdw] [W2KM_HP.9DF081F9] [PP97M/Downldr] [HEUR.VBA.Trojan.d] [W97M/Downloader]
41dd462f798eb3ea3bd3f54002974413
044068c877a26f1abd4481ecb14acd42	[W2KM_HP.9DF081F9] [Trojan.Script.MLW.ebktdw] [W2KM_HP.9DF081F9] [PP97M/Downldr] [HEUR.VBA.Trojan.d] [W97M/Downloader]
543b0407baa626a0d0e1a4efd5d21305	[W97M.Downloader.BIB] [W97M.Downloader.BIB] [W97M.Downloader.BIB] [W97M.Downloader] [W2KM_HP.9DF081F9] [Trojan.Script.MLW.ebktdw] [W97M.Downloader.BIB] [Troj/DocDl-CCT] [W97M.Downloader.BIB] [W97M.DownLoader.976] [W2KM_HP.9DF081F9] [PP97M/Downldr] [TrojanDownloader:O97M/Donoff.BG] [W97M.Downloader.BIB] [W97M.Downloader.BIB] [W97M/Downloader] [W97M/Downloader.bbm]
58402772e941365e9bacdd06af8806f5

DNS Resolutions

Date	IP Address
2019-07-26	89.111.178.14 (ClassC)
2019-09-05	195.208.1.104 (ClassC)
2019-12-01	194.85.61.76 (ClassC)
2019-12-01	109.70.26.37 (ClassC)
2019-12-25	144.76.80.202 (ClassC)
2025-05-27	172.67.223.152 (ClassC)
2025-06-03	104.21.51.65 (ClassC)
2025-07-17	104.21.7.81 (ClassC)
2025-08-22	172.67.135.228 (ClassC)

Port 80

HTTP/1.1 200 OKServer: openresty/1.13.6.2Date: Thu, 15 Aug 2019 08:55:30 GMTContent-Type: text/htmlContent-Length: 4913Connection: keep-aliveVary: Accept-EncodingAccept-Ranges: bytes

!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd>html xmlnshttp://www.w3.org/1999/xhtml>head>meta http-equivContent-Type contenttext/html; charsetwindows-1251 />title>��� "��� ��������"/title>style typetext/css>body,td,th {	font-family: Verdana, Geneva, sans-serif;	font-size: 12px;	color: #000;}body {	margin-left: 0px;	margin-top: 0px;	margin-right: 0px;	margin-bottom: 0px;}a {	font-family: Verdana, Geneva, sans-serif;	font-size: 12px;	color: #666;}a:visited {	color: #666;}a:hover {	color: #333;}a:active {	color: #666;}.font_under {	color: #666;}/style>/head>body leftmargin0 topmargin0 marginwidth0 marginheight0>table width100% border0 cellspacing0 cellpadding0>  tr>    td aligncenter valigntop>table width800 border0 cellspacing0 cellpadding0>      tr>        td>table width100% border0 cellspacing0 cellpadding0>          tr>            td width400 height100 backgroundlogo1.jpg> /td>            td width400 height100 backgroundlogo2.jpg> /td>          /tr>        /table>/td>      /tr>      tr>        td width800 height200 backgroundlogo3.jpg> /td>      /tr>      tr>        td height150 aligncenter valignmiddle>table width100% border0 cellspacing0 cellpadding3>          tr>            td width20% height50 aligncenter valignmiddle bgcolor#66FFCC>strong>������� ��������/strong>/td>            td width20% height50 aligncenter valignmiddle>a href./polymach.htm>��������������� ������������/a>/td>            td width20% height50 aligncenter valignmiddle>a href./rolsmach.htm>������������ ������������/a>/td>            td width20% height50 aligncenter valignmiddle>a href./texmach.htm>����������� ������������/a>/td>            td width20% height50 aligncenter valignmiddle>a href./contact.htm>��������/a>/td>          /tr>          tr>            td width20% height50 aligncenter valignmiddle> /td>            td width20% height50 aligncenter valignmiddle>a href./specmach.htm>����������� ������������/a>/td>            td width20% hei

View on OTX | View on ThreatMiner

Data with thanks to AlienVault OTX, VirusTotal, Malwr and others. [Sitemap]

Domain > avp-mech.ru

Is this malicious?

Reports

Files that talk to avp-mech.ru

DNS Resolutions

Port 80