home

mn4sfw-sn3301.files.1drv.com

Microsoft Corporation

Domain Information

The domain mn4sfw-sn3301.files.1drv.com registered by Microsoft Corporation was initially registered in August of 2013 through MARKMONITOR INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Redmond, Washington within the United States which resides on the Microsoft Corp network.
Registrar:
MARKMONITOR INC.

Server location:
Washington, United States (US)

Create date:
Monday, August 5, 2013

Expires date:
Wednesday, August 5, 2015

Updated date:
Tuesday, November 4, 2014

ASN:
AS8075 MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation,US

Root domain:
1drv.com

Whois:
1 1drv.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

nProtect
Trojan-Clicker/W32.OutBrowse.569536
100.00%

Quick Heal
AdWare.OutBrowse.r5 (Not a Virus)
100.00%

McAfee
Artemis!4F1ACF654CFE
100.00%

Malwarebytes
PUP.Optional.OutBrowse
100.00%

VIPRE Antivirus
OutBrowse
100.00%

K7 AntiVirus
Trojan
100.00%

Agnitum Outpost
PUA.OutBrowse
100.00%

Trend Micro House Call
TROJ_GEN.R047C0PI914
100.00%

avast!
Win32:Adware-gen [Adw]
100.00%

Kaspersky
not-a-virus:AdWare.Win32.OutBrowse
100.00%

Sophos
Generic PUA NE
100.00%

Dr.Web
Trojan.Packed.28499
100.00%

Trend Micro
TROJ_GEN.R047C0PI914
100.00%

Avira AntiVirus
Rkit/Agent.569536
100.00%

G Data
Win32.Trojan.Agent.020U3G
100.00%

The domain mn4sfw-sn3301.files.1drv.com has been seen to resolve to the following 2 IP addresses.

134.170.120.96
sn3301-g.1drv.com
December 19, 2014

134.170.120.72
sn3301-e.1drv.com
December 2, 2014

File downloads found at URLs served by mn4sfw-sn3301.files.1drv.com.

24 / 68    (Adware)
https://mn4sfw-sn3301.files.1drv.com/.../3db.exe  (4f1acf654cfe560c70c19ad104fff419)

24 / 68    (Adware)
https://mn4sfw-sn3301.files.1drv.com/.../3db.exe  (4f1acf654cfe560c70c19ad104fff419)

24 / 68    (Adware)
https://mn4sfw-sn3301.files.1drv.com/.../3db.exe  (4f1acf654cfe560c70c19ad104fff419)

24 / 68    (Adware)
https://mn4sfw-sn3301.files.1drv.com/.../3db.exe  (4f1acf654cfe560c70c19ad104fff419)

The following 4 files have been seen to comunicate with mn4sfw-sn3301.files.1drv.com in live environments.

TCP » 134.170.120.72:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 134.170.120.96:443
injector.txt (Windows by Microsoft)

TCP » 134.170.120.96:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 134.170.120.96:443
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

URL:
http://mn4sfw-sn3301.files.1drv.com/

SSL certificate subject:
CN=storage.live.com, OU=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=WA, C=US

SSL certificate issuer:
CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Web server:
Microsoft-HTTPAPI/2.0

live.com

livefilestore.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.