ds123.files-fast.net

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain ds123.files-fast.net is registered by proxy through GODADDY.COM, LLC and was originally registered in June of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Scottsdale, Arizona within the United States which resides on the GoDaddy.com, LLC network.
Remove Malware from ds123.files-fast.net - Powered by Reason Core Security
Registrar:
GODADDY.COM, LLC

Server location:
Arizona, United States (US)

Create date:
Tuesday, June 03, 2014

Expires date:
Friday, June 03, 2016

Updated date:
Thursday, June 04, 2015

ASN:
AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC,US

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.MaxigetLimited.N, PUP.MaxigetLimited.d, PUP.MaxigetLimited.X, PUP.MaxigetLimited.W, PUP.MaxigetLimited.c, PUP.MaxigetLimited.i, PUP.MaxigetLimited.h, PUP.MaxigetLimited.a, PUP.MaxigetLimited.f, PUP.MaxigetLimited.m, PUP.MaxigetLimited.k, PUP.MaxigetLimited.FF, PUP.MaxigetLimited.e, PUP.Installer.MaxigetLimited.i, PUP.New IT Limited, PUP.New IT Limited.Bundler, PUP.New IT Limited.Maxiget, PUP.New IT Limited.Maxiget.Bundler (M), PUP.New IT Limited.Maxiget (M)
100.00%

AVG
Generic, Win32/DH{gRKBE4EPICIlV2M}
84.00%

ESET NOD32
Win32/4Shared.U potentially unwanted application, Win32/4Shared.W potentially unwanted application
80.00%

VIPRE Antivirus
Threat.4150696, Threat.4791953
80.00%

Sophos
4Share Downloader, PUA '4Share Downloader'
76.00%

Agnitum Outpost
PUA.4Shared
64.00%

Dr.Web
Adware.Downware.4322, Win32.HLLW.Autoruner1.33500, Adware.Downware.1751, Adware.Downware.11006
52.00%

K7 Gateway Antivirus
Unwanted-Program , Trojan , Adware
52.00%

Avira AntiVirus
APPL/Downloader.Gen, PUA/4Shared.Gen, TR/Starter.Y
52.00%

G Data
Win32.Application.4shared, Application.Generic.1231443, Application.Generic.1197967
52.00%

McAfee
Obfosha, PUP-FIW, Program.PUP-FIW, PUP-FNX, Program.PUP-FNX
48.00%

K7 AntiVirus
Unwanted-Program , Adware
44.00%

NANO AntiVirus
Riskware.Win32.Downware.degipb, Trojan.Win32.Autoruner1.dcjmyy
40.00%

McAfee Web Gateway
BehavesLike.Win32.Dropper.fh, PUP-FIW, BehavesLike.Win32.Downloader.gh
40.00%

IKARUS anti.virus
PUA.4Shared, PUA.4Shared.U, Trojan.Win32.Badur
40.00%

The domain ds123.files-fast.net has been seen to resolve to the following 4 IP addresses.

ip-50-63-202-39.ip.secureserver.net
June 30, 2015

hosted-by.leaseweb.com
October 20, 2014

June 9, 2014

June 9, 2014

File downloads found at URLs served by ds123.files-fast.net.

1 / 68      (Adware)

1 / 68      (Adware)

8 / 68      (Adware)

30 / 68    (Adware)

30 / 68    (Adware)

21 / 68    (Adware)

19 / 68    (Adware)

12 / 68    (Adware)

4 / 68      (Adware)

20 / 68    (Adware)

19 / 68    (Adware)

1 / 68      (Adware)

17 / 68    (Adware)

19 / 68    (Adware)
https://ds123.files-fast.net/.../ZZSeries - Dani Daniels ...] NEW March 25, 2014.exe  (zzseries - dani daniels...] new march 25, 2014.exe)

17 / 68    (Adware)

8 / 68      (Adware)

13 / 68    (Adware)

13 / 68    (Adware)

8 / 68      (Adware)

5 / 68      (Adware)

5 / 68      (Adware)

5 / 68      (Adware)

2 / 68      (Adware)

2 / 68      (Adware)

16 / 68    (Adware)
https://ds123.files-fast.net/.../ProgDVB7.05Pro.exe  (cd56372a5f124273121493c38ad0c8c3)

The following file have been seen to comunicate with ds123.files-fast.net in live environments.

URL:
http://ds123.files-fast.net/

Web server:
Microsoft-IIS/7.5 (ASP.NET) (Version: 4.0.30319)

Remove Malware from ds123.files-fast.net - Powered by Reason Core Security