home

storage-eu-13.sharefile.com

ShareFile

Domain Information

The domain storage-eu-13.sharefile.com registered by ShareFile was initially registered in June of 2001 through REGISTER.COM, INC.. Currently this domain has been known to host various forms of malware. The hosted servers are located in Seattle, Washington within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the EU (Ireland) region datacenter.
Registrar:
REGISTER.COM, INC.

Server location:
Washington, United States (US)

Create date:
Sunday, June 24, 2001

Expires date:
Monday, June 24, 2019

Updated date:
Friday, March 13, 2015

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
sharefile.com

Whois:
1 sharefile.com record

Scanner detections:
Malware distribution  (60% detected)

Scan engine
Details
Detections

ESET NOD32
MSIL/TrojanDownloader.Agent.BJL trojan, MSIL/TrojanDownloader.Banload.FX trojan
60.00%

Kaspersky
UDS:DangerousObject.Multi.Generic, Trojan-Dropper.Win32.Dapato
40.00%

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen, HEUR/QVM03.0.Malware.Gen
40.00%

Reason Heuristics
Threat.Downloader.KY, PUP.OLX (M)
40.00%

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
20.00%

ESET NOD32
MSIL/Kryptik.ETR (variant)
20.00%

Dr.Web
Trojan.DownLoader18.44955
20.00%

Sophos
Mal/Generic-S
20.00%

Avira AntiVirus
TR/Dropper.MSIL.242868
20.00%

Microsoft Security Essentials
TrojanSpy:MSIL/Omaneat.B
20.00%

IKARUS anti.virus
Trojan.MSIL.Crypt
20.00%

Fortinet FortiGate
PossibleThreat.P0
20.00%

AVG
Atros2
20.00%

The domain storage-eu-13.sharefile.com has been seen to resolve to the following IP address.

54.72.186.137
ec2-54-72-186-137.eu-west-1.compute.amazonaws.com
February 17, 2016

File downloads found at URLs served by storage-eu-13.sharefile.com.

11 / 68    (Malware)
https://storage-eu-13.sharefile.com/.../abXq0Za5Q8ATsnBgl8ZOsci7d qEigM8M=  (sysmon.exe)

1 / 68      (inconclusive)
https://storage-eu-13.sharefile.com/.../MfCaDj8O64c9Dg0xwNSSVfY2TN4=  (flashplayer24.exe)

3 / 68      (Malware)
https://storage-eu-13.sharefile.com/download.ashx?dt=dteaa221ff3ecd451caa471c5304341e2d&h=Mu3U3AsBmo jHJBzkhtlvkFv4nKneQSfYP8DNX1wviU=  (flashplayer_21.2.1.exe)

2 / 68      (PUP)
https://storage-eu-13.sharefile.com/.../MfCaDj8O64c9Dg0xwNSSVfY2TN4=  (flashplayer24.exe)

1 / 68      (inconclusive)
https://storage-eu-13.sharefile.com/download.ashx?dt=dt28aef6b457ba41ffa1838db8428c9133&h=VnzEapRsKFcRJ7pneS85U8pkUCnK85qrQCLrKnbjkqA=  (flashplayer23.exe)

URL:
http://storage-eu-13.sharefile.com/

Title:
“ShareFile Storage Server”

Network:
Amazon Web Services (AWS), running an EC2 instance

SSL certificate subject:
CN=*.sharefile.com, OU=ShareFile, O="ShareFile, LLC", L=Raleigh, S=NC, C=US

SSL certificate issuer:
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US

Web server:
Microsoft-IIS/7.5

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.