fileshare9010.dfiles.ru
Private Person (Proxy Registrant)
Domain Information
The domain fileshare9010.dfiles.ru is registered by proxy through R01-REG-RIPN and was originally registered in February of 2009. Currently this domain has been known to host various forms of malware. The hosted servers are located in Steinsel, Luxembourg within Luxembourg which resides on the RIPE Network Coordination Centre network.
Registrant:
Private Person
Server location:
Luxembourg, Luxembourg (LU)
Create date:
Friday, February 20, 2009
Expires date:
Friday, February 20, 2015
ASN:
AS5577 ROOT root SA,LU
Scanner detections:
Malware distribution (100% detected)
Scan engine
Details
Detections
nProtect
Trojan-Downloader/W32.Agent.2178419
100.00%
McAfee
Artemis!9AD5E1AF79A6
100.00%
SUPERAntiSpyware
Trojan.Agent/Gen
100.00%
Norman
Smalldoor.QJTU
100.00%
Trend Micro House Call
TROJ_SPNR.0BJQ13
100.00%
Clam AntiVirus
Win.Trojan.Downloader-2669
100.00%
Agnitum Outpost
Trojan.DL.Agent
100.00%
ViRobot
Trojan.Win32.A.Zbot.2178419
100.00%
Rising Antivirus
PE:Trojan.Win32.Generic.12629311!308450065
100.00%
Comodo Security
UnclassifiedMalware
100.00%
VIPRE Antivirus
Trojan.Win32.Generic
100.00%
Trend Micro
TROJ_SPNR.0BJQ13
100.00%
Sophos
Mal/Generic-S
100.00%
Vba32 AntiVirus
TrojanDownloader.Agent
100.00%
Baidu Antivirus
Trojan.Win32.Downloader
100.00%
The domain fileshare9010.dfiles.ru has been seen to resolve to the following 7 IP addresses.
ip-static-94-242-236-93.as5577.net
August 23, 2014
ip-static-94-242-236-65.as5577.net
August 23, 2014
ip-static-94-242-236-57.as5577.net
August 23, 2014
ip-static-94-242-236-41.as5577.net
August 23, 2014
ip-static-94-242-227-207.as5577.net
August 23, 2014
ip-static-94-242-227-199.as5577.net
August 23, 2014
ip-static-94-242-227-167.as5577.net
August 23, 2014
File downloads found at URLs served by fileshare9010.dfiles.ru.
The following 6 files have been seen to comunicate with fileshare9010.dfiles.ru in live environments.
URL:
http://fileshare9010.dfiles.ru/
SSL certificate subject:
CN=*.dfiles.ru, OU=PremiumSSL Wildcard, O=KALMET INVESTMENTS LIMITED, STREET=1312 Victoria, L=Mahe, S=Mahe, C=SC
SSL certificate issuer:
CN=COMODO High-Assurance Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
Related Domains