home

ddtony.free.fr

FREE SAS  (Proxy Registrant)

Domain Information

The domain ddtony.free.fr is registered by proxy through ONLINE SAS. Currently this domain has been known to host various forms of malware. The hosted servers are located in Bezons, Ile-De-France within France which resides on the RIPE Network Coordination Centre network.
Registrar:
ONLINE SAS

Server location:
Ile-De-France, France (FR)

ASN:
AS12322 PROXAD Free SAS

Root domain:
free.fr

Whois:
1 free.fr record

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

Total Defense
Win32/Krademok.A
100.00%

nProtect
Backdoor/W32.Finlosky.761856
100.00%

Quick Heal
Backdoor.Finlosky.B4
100.00%

McAfee
Generic BackDoor.xa
100.00%

Malwarebytes
Backdoor.Agent.DCRSAGen
100.00%

K7 AntiVirus
Backdoor
100.00%

K7 Gateway Antivirus
Backdoor
100.00%

The Hacker
Backdoor/Finlosky.b
100.00%

NANO AntiVirus
Trojan.Win32.Finlosky.rqwlv
100.00%

F-Prot
W32/Downloader.C.gen
100.00%

Norman
Delf.GFRN
100.00%

Trend Micro House Call
TROJ_FYNLOSKI_0000000.TOMA
100.00%

avast!
Win32:Flooder-GR [Trj]
100.00%

Kaspersky
Backdoor.Win32.DarkKomet
100.00%

Bitdefender
Backdoor.SpyBot.DMW
100.00%

The domain ddtony.free.fr has been seen to resolve to the following IP address.

212.27.63.109
perso109-g5.free.fr
November 19, 2013

File downloads found at URLs served by ddtony.free.fr.

42 / 68    (Malware)
http://ddtony.free.fr/fb.exe  (MSRSAAP.EXE)

The following 2 files have been seen to comunicate with ddtony.free.fr in live environments.

TCP » 212.27.63.109:80
onlineguardian-v2.exe

TCP » 212.27.63.109:80
online-guardian-v2.0.9.exe

URL:
http://ddtony.free.fr/

Title:
“Index of /”

Web server:
Apache/ProXad [Apr 20 2012 15:06:05]

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.