» storage-eu-8.sharefile.com
Overview
Analysis
IPs Addresses (1)
Downloads (3)
Website Detail

storage-eu-8.sharefile.com

ShareFile

Domain Information

The domain storage-eu-8.sharefile.com registered by ShareFile was initially registered in June of 2001 through REGISTER.COM, INC.. Currently this domain has been known to host various forms of malware. The hosted servers are located in Dublin, Dublin City within Ireland which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the EU (Ireland) region datacenter.

Registrant:

ShareFile

Registrar:

Server location:

Dublin City, Ireland (IE)

Create date:

Sunday, June 24, 2001

Expires date:

Monday, June 24, 2019

Updated date:

Friday, March 13, 2015

Root domain:

sharefile.com

Whois:

1 sharefile.com record

Scanner detections:

Malware distribution (100% detected)

Scan engine

Details

Detections

VIPRE Antivirus

Threat.4657539, Trojan.Win32.Generic

100.00%

Emsisoft Anti-Malware

Gen:Variant.Symmi.37344, Gen:Variant.Strictor.99853, Trojan.GenericKD.2903167

100.00%

MicroWorld eScan

Gen:Variant.Symmi.37344, Gen:Variant.Strictor.99853, Trojan.GenericKD.2903167

100.00%

Bitdefender

Gen:Variant.Symmi.37344, Gen:Variant.Strictor.99853, Trojan.GenericKD.2903167

100.00%

Arcabit

Trojan.Symmi.D91E0, Trojan.Strictor.D1860D, Trojan.Generic.D2C4C7F

100.00%

G Data

Gen:Variant.Symmi.37344, Gen:Variant.Strictor.99853, Trojan.GenericKD.2903167

100.00%

Kaspersky

HEUR:Trojan.Win32.Generic, Trojan-Banker.Win32.Banbra

66.67%

Fortinet FortiGate

W32/Banload.WTN!tr.dldr, PossibleThreat.P0

66.67%

Baidu Antivirus

Trojan.Win32.Banload, Adware.Win32.iBryte

66.67%

Qihoo 360 Security

HEUR/QVM11.1.Malware.Gen, HEUR/QVM18.1.Malware.Gen

66.67%

K7 AntiVirus

Riskware , Trojan

66.67%

avast!

Win32:Malware-gen

66.67%

Lavasoft Ad-Aware

Gen:Variant.Strictor.99853, Trojan.GenericKD.2903167

66.67%

F-Secure

Gen:Variant.Strictor.99853, Trojan.GenericKD.2903167

66.67%

Trend Micro

TROJ_GEN.R00XC0EKT15, TROJ_GEN.R011C0OL615

66.67%

The domain storage-eu-8.sharefile.com has been seen to resolve to the following IP address.

54.77.81.19

ec2-54-77-81-19.eu-west-1.compute.amazonaws.com

January 31, 2016

File downloads found at URLs served by storage-eu-8.sharefile.com.

16 / 68 (PUP)

https://storage-eu-8.sharefile.com/download.ashx?dt=dt2ba2b7ee03d8402898bbbc7c50b26f99&h=ugKNIhYfvcXGVGDUnhMAyN1HVd7Oh4si5UaFLPGM5RI= (flashplayer_21.0.9.exe)

15 / 68 (Malware)

https://storage-eu-8.sharefile.com/download.ashx?dt=dtdbba4d88ae4546b9b6ff683f97277315&h=icgJI7VS0VjoVzNw42p3WufmfiKzs4790tA2BSTVeB8= (flashplayer_23.0.0.exe)

18 / 68 (Malware)

https://storage-eu-8.sharefile.com/download.ashx?dt=dtb060af55b5674d8f82f8c923e99c69d7&h=Z04VpCzVN g18U3oPF0glWHufllLdo3PsjJdle0Kauw= (flashplayer_21.0.9.exe)

URL:

http://storage-eu-8.sharefile.com/

Title:

“ShareFile Storage Server”

Network:

Amazon Web Services (AWS), running an EC2 instance

SSL certificate subject:

CN=*.sharefile.com, OU=ShareFile, O="ShareFile, LLC", L=Raleigh, S=NC, C=US

SSL certificate issuer:

CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US

Web server:

Microsoft-IIS/7.5

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.