home

fgwtma.dm2304.livefilestore.com

Microsoft Corporation

Domain Information

The domain fgwtma.dm2304.livefilestore.com registered by Microsoft Corporation was initially registered in January of 2007 through CSC CORPORATE DOMAINS, INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Redmond, Washington within the United States which resides on the Microsoft Corp network.
Registrar:
CSC CORPORATE DOMAINS, INC.

Server location:
Washington, United States (US)

Create date:
Tuesday, January 30, 2007

Expires date:
Saturday, January 30, 2016

Updated date:
Tuesday, January 27, 2015

Root domain:
livefilestore.com

Whois:
1 livefilestore.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

MicroWorld eScan
Dropped:Application.Bundler.Outbrowse.L
100.00%

Quick Heal
AdWare.OutBrowse.r5 (Not a Virus)
100.00%

McAfee
Artemis!BDB750B84674, Artemis!F3240FD26F0C
100.00%

Malwarebytes
PUP.Optional.Amonetize, PUP.Optional.OutBrowse
100.00%

VIPRE Antivirus
OutBrowse
100.00%

K7 AntiVirus
Unwanted-Program , Trojan
100.00%

NANO AntiVirus
Riskware.Win32.Amonetize.dkinix, Riskware.Win32.OutBrowse.degmpi
100.00%

F-Prot
Trojan!5d82
100.00%

Trend Micro House Call
Suspici.15769D94, TROJ_GE.CAF89FE7
100.00%

avast!
NSIS:OutBrowse-E [PUP]
100.00%

Kaspersky
not-a-virus:AdWare.Win32.OutBrowse
100.00%

Bitdefender
Dropped:Application.Bundler.Outbrowse.L
100.00%

Agnitum Outpost
PUA.Amonetize, PUA.OutBrowse
100.00%

Lavasoft Ad-Aware
Dropped:Application.Bundler.Outbrowse.L
100.00%

Dr.Web
Adware.Downware.7972, Trojan.Amonetize.341
100.00%

The domain fgwtma.dm2304.livefilestore.com has been seen to resolve to the following 2 IP addresses.

134.170.109.224
May 4, 2015

134.170.109.152
May 4, 2015

File downloads found at URLs served by fgwtma.dm2304.livefilestore.com.

25 / 68    (PUP)
https://fgwtma.dm2304.livefilestore.com/.../kms windows 8 & 8.1 activator.exe  (bdb750b846744bba6b25128074172d41)

29 / 68    (PUP)
https://fgwtma.dm2304.livefilestore.com/.../kms windows 8 & 8.1 activator.exe  (f3240fd26f0c93d84c16ffe4c847f9c0)

The following file have been seen to comunicate with fgwtma.dm2304.livefilestore.com in live environments.

TCP » 134.170.109.152:443
internetenhancer.exe (MUZYXQ)

URL:
http://fgwtma.dm2304.livefilestore.com/

SSL certificate subject:
CN=storage.live.com, OU=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=WA, C=US

SSL certificate issuer:
CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Web server:
Microsoft-HTTPAPI/2.0

live.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.