home

qs7fuq.by3301.livefilestore.com

Microsoft Corporation

Domain Information

The domain qs7fuq.by3301.livefilestore.com registered by Microsoft Corporation was initially registered in January of 2007 through CSC CORPORATE DOMAINS, INC.. Currently this domain has been known to host various forms of malware. The hosted servers are located in Redmond, Washington within the United States which resides on the Microsoft Corp network.
Registrar:
CSC CORPORATE DOMAINS, INC.

Server location:
Washington, United States (US)

Create date:
Tuesday, January 30, 2007

Expires date:
Saturday, January 30, 2016

Updated date:
Tuesday, January 27, 2015

ASN:
AS8075 MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation

Root domain:
livefilestore.com

Whois:
2 livefilestore.com records

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

MicroWorld eScan
Application.Generic.749632
100.00%

Quick Heal
Trojan.Generic.g5
100.00%

McAfee
Artemis!566308D6EA42
100.00%

Norman
Suspicious_Gen4.GZASJ
100.00%

Trend Micro House Call
Suspicious_GEN.F47V0905
100.00%

Kaspersky
HEUR:Trojan.Win32.Generic
100.00%

Bitdefender
Application.Generic.749632
100.00%

Lavasoft Ad-Aware
Application.Generic.749632
100.00%

Sophos
Generic PUA HF
100.00%

Comodo Security
UnclassifiedMalware
100.00%

F-Secure
Application.Generic.749632
100.00%

G Data
Application.Generic.749632
100.00%

Baidu Antivirus
Trojan.MSIL.Agent
100.00%

ESET NOD32
Win32/Somoto
100.00%

Rising Antivirus
PE:Trojan.Win32.Generic.17433B4A!390282058
100.00%

The domain qs7fuq.by3301.livefilestore.com has been seen to resolve to the following 2 IP addresses.

134.170.108.72
December 1, 2014

134.170.108.96
October 20, 2014

File downloads found at URLs served by qs7fuq.by3301.livefilestore.com.

16 / 68    (Malware)
https://qs7fuq.by3301.livefilestore.com/.../psemu3.exe  (566308d6ea424e35f7ad74eb16b6c559)

16 / 68    (Malware)
https://qs7fuq.by3301.livefilestore.com/.../psemu3.exe  (566308d6ea424e35f7ad74eb16b6c559)

16 / 68    (Malware)
https://qs7fuq.by3301.livefilestore.com/.../psemu3.exe  (566308d6ea424e35f7ad74eb16b6c559)

16 / 68    (Malware)
https://qs7fuq.by3301.livefilestore.com/.../psemu3.exe  (566308d6ea424e35f7ad74eb16b6c559)

16 / 68    (Malware)
https://qs7fuq.by3301.livefilestore.com/.../psemu3.exe  (566308d6ea424e35f7ad74eb16b6c559)

16 / 68    (Malware)
https://qs7fuq.by3301.livefilestore.com/.../psemu3.exe  (566308d6ea424e35f7ad74eb16b6c559)

16 / 68    (Malware)
https://qs7fuq.by3301.livefilestore.com/.../psemu3.exe  (566308d6ea424e35f7ad74eb16b6c559)

The following 20 files have been seen to comunicate with qs7fuq.by3301.livefilestore.com in live environments.

TCP » 134.170.108.96:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 134.170.108.72:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 134.170.108.96:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 134.170.108.72:443
browser.exe (speed browser by Fast Applications)

TCP » 134.170.108.96:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 134.170.108.72:443
webbrowser.exe (CrossBrowser by The CrossBrowser Authors)

TCP » 134.170.108.72:443
browser.exe (speed browser by Smart Applications)

TCP » 134.170.108.72:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 134.170.108.96:443
client.exe

TCP » 134.170.108.72:443
client.exe (ClientWrapper)

TCP » 134.170.108.72:443
1stbrowser.exe (1stBrowser by The 1stBrowser Authors)

TCP » 134.170.108.96:443
browser.exe (speed browser by Smart Applications)

TCP » 134.170.108.96:443
browser.exe (Browser)

TCP » 134.170.108.72:443
client.exe

TCP » 134.170.108.72:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 134.170.108.72:443
0da27065a62811841014985a6061372a.exe

TCP » 134.170.108.72:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 134.170.108.72:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 134.170.108.72:443
b1491282514de8f5858751db761c64a3.exe

TCP » 134.170.108.96:443
OneDrive.exe (Microsoft OneDrive by Microsoft)

 
Latest 20 of 28 files

URL:
http://qs7fuq.by3301.livefilestore.com/

SSL certificate subject:
CN=storage.live.com, OU=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=WA, C=US

SSL certificate issuer:
CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Web server:
Microsoft-HTTPAPI/2.0

live.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.