Help RSS API Feed Maltego Contact                        

Domain > ayh2m57ruxjtwyd5.stopmigrationss.com

More information on this domain is in AlienVault OTX

Is this malicious?

Reports
http://malware-traffic-analysis.net/2015/11/12/ind...    
http://research.zscaler.com/2015/11/chinese-govern...    
http://www.malware-traffic-analysis.net/2015/11/12...    
http://www.malware-traffic-analysis.net/2015/11/15...    
https://otx.alienvault.com/pulse/563909554637f2388...    
https://otx.alienvault.com/pulse/5644e3154637f2388...    
https://otx.alienvault.com/pulse/564655f667db8c7a1...    
https://otx.alienvault.com/pulse/564a34514637f2388...    
https://otx.alienvault.com/pulse/564a480167db8c7a1...    

Files that talk to ayh2m57ruxjtwyd5.stopmigrationss.com
MD5A/V
03b7c26963fec36ae38738f7842c8bd6
4d169e71d3a551c5150a77bf38d92be4
f78b3293a828421db9c8d66579dd5379
e7d1d86a3b3eef70d4eff0fbf94d7cab[Mal/Zbot-UE] [Trojan:Win32/Bulta!rfn] [Trojan/Win32.Miuref]
cf36d4069d1b6698a4d3f76408483fc2
7074bedbed364bcc149cf0a7a7720f5a[Trojan.Script.Nobelman.gcvl] [a.privacy.transfer.l]
a50c0c2dd3732652f3fade6654180b8d
8cf507b8b9573d411e66af85d294f94c
cd87d67834ae47dc9608527614eb8ed4[W2KM_BA.E9DB3294] [Trojan.Script.Nobelman.gcvl] [W97M.DownLoader.621]
ac7a566d4ad8823df4fd9801ba09a8c1
4c5b11cac9f9b7a69f3d98313c396faf[BehavesLike.Win32.PackedAP.dm]
6855a67de0b3d4281dd1bd941d4428c3
f082c45c0193c605db0bfd916a5bbc9e
e0c0ab52f004b7af4b2cf4b3e9c2aefb
171feadc4509ae42f2b52418caf4c289
a5c1548cc5c8899493ee1f1c62692e29[Trojan.Script.Nobelman.gcvl] [HEUR.VBA.Trojan]
fa514b1b5f29954f9727a8042ae69cbe
d549e5b845d5d4e3929d4e9353ec19e1
68cb32d4dd821d50099275870596ca25[Trojan.Script.Nobelman.gcvl] [HEUR.VBA.Trojan]
d50184f2eda87619a1c82a43c475bba8

Whois
PropertyValue
Email intaresoter1980@mail.ru
NameServer B.NS14.NET
Created 2015-09-07 00:00:00
Changed 2015-12-21 00:00:00
Expires 2016-09-07 00:00:00
Registrar TLD REGISTRAR SOLUTI