home

fileshare7180.dfiles.ru

Private Person  (Proxy Registrant)

Domain Information

The domain fileshare7180.dfiles.ru is registered by proxy through R01-RU and was originally registered in February of 2009. Currently this domain has been known to host various forms of malware. The hosted servers are located in Steinsel, Luxembourg within Luxembourg which resides on the RIPE Network Coordination Centre network.
Registrar:
R01-RU

Server location:
Luxembourg, Luxembourg (LU)

Create date:
Friday, February 20, 2009

Expires date:
Friday, February 20, 2015

ASN:
AS5577 ROOT root SA,LU

Root domain:
dfiles.ru

Whois:
1 dfiles.ru record

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

Bkav FE
W32.Clodb54.Trojan
100.00%

Quick Heal
Backdoor.Small.hvo.n5
100.00%

McAfee
Artemis!9A308397F1B5
100.00%

K7 AntiVirus
Backdoor
100.00%

F-Prot
W32/BackdoorX.DFNM
100.00%

Trend Micro House Call
TROJ_GEN.USEFB28
100.00%

Sophos
Mal/Generic-S
100.00%

VIPRE Antivirus
Trojan.Win32.Malware.a
100.00%

Trend Micro
TROJ_GEN.USEFB28
100.00%

Reason Heuristics
Unnamed.Threat.19
100.00%

The domain fileshare7180.dfiles.ru has been seen to resolve to the following 12 IP addresses.

94.242.227.191
ip-static-94-242-227-191.as5577.net
September 5, 2014

94.242.227.179
ip-static-94-242-227-179.as5577.net
September 5, 2014

94.242.227.163
ip-static-94-242-227-163.as5577.net
September 5, 2014

94.242.227.159
ip-static-94-242-227-159.as5577.net
September 5, 2014

94.242.227.151
ip-static-94-242-227-151.as5577.net
September 5, 2014

94.242.236.61
ip-static-94-242-236-61.as5577.net
September 5, 2014

94.242.236.49
ip-static-94-242-236-49.as5577.net
September 5, 2014

94.242.236.45
ip-static-94-242-236-45.as5577.net
September 5, 2014

94.242.236.41
ip-static-94-242-236-41.as5577.net
September 5, 2014

94.242.236.33
ip-static-94-242-236-33.as5577.net
September 5, 2014

94.242.227.199
ip-static-94-242-227-199.as5577.net
September 5, 2014

94.242.227.195
ip-static-94-242-227-195.as5577.net
September 5, 2014

File downloads found at URLs served by fileshare7180.dfiles.ru.

10 / 68    (Unwanted)
http://fileshare7180.dfiles.ru/auth-136172053061ef917fa6b7ac7809fdd2-178.88.40.93-95148417-48028567-guest/.../Fraps_2.9.8_Build_7777.exe  (fo-fr298.exe)

The following 4 files have been seen to comunicate with fileshare7180.dfiles.ru in live environments.

TCP » 94.242.227.199:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 94.242.227.179:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 94.242.227.191:80
online-guardian-v2.0.9.exe

TCP » 94.242.236.45:80
online-guardian-v2.0.9.exe

TCP » 94.242.227.163:80
online-guardian-v2.0.9.exe

TCP » 94.242.227.195:80
online-guardian-v2.0.9.exe

TCP » 94.242.236.33:80
online-guardian-v2.0.9.exe

TCP » 94.242.227.151:80
online-guardian-v2.0.9.exe

TCP » 94.242.227.199:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 94.242.236.61:80
online-guardian-v2.0.9.exe

TCP » 94.242.227.179:80
online-guardian-v2.0.9.exe

TCP » 94.242.227.151:80
online-guardian-v2.exe

TCP » 94.242.227.191:80
online-guardian-v2.exe

TCP » 94.242.227.199:80
online-guardian-v2.0.9.exe

TCP » 94.242.236.49:80
online-guardian-v2.0.9.exe

URL:
http://fileshare7180.dfiles.ru/

Title:
“DepositFiles”

Description:
“[[ state.current.data.description ]]”

SSL certificate subject:
CN=*.dfiles.ru, OU=PremiumSSL Wildcard, O=KALMET INVESTMENTS LIMITED, STREET=1312 Victoria, L=Mahe, S=Mahe, C=SC

SSL certificate issuer:
CN=COMODO High-Assurance Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
nginx

depositfiles.com

depositfiles.org

dfiles.eu

gavitex.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.