home

www.javfiler.net

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain www.javfiler.net is registered by proxy through GO FRANCE DOMAINS, LLC and was originally registered in May of 2015. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Portland, Oregon within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the US West (Oregon) region datacenter.
Registrar:
GO FRANCE DOMAINS, LLC

Server location:
Oregon, United States (US)

Create date:
Friday, May 15, 2015

Expires date:
Sunday, May 15, 2016

Updated date:
Tuesday, May 19, 2015

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
javfiler.net

Whois:
2 javfiler.net records

Scanner detections:
Detections  (95% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.TuguuSL.K, PUP.Binaritpersonalcomputerperipheralequipment.K, PUP.Tuguu.TuguuSL.Bundler (M), PUP.Binaritp (M), PUP.Tuguu (M)
94.74%

McAfee
PUP-FJP!1F2E3FF39A4F, PUP-FAO!AD78B07EC1C0, CryptDomaIQ
31.58%

Malwarebytes
PUP.Optional.Domalq
31.58%

K7 AntiVirus
Unwanted-Program
31.58%

avast!
Win32:DomaIQ-CJ [PUP], DomaIQ-CO [PUP], Win32:DomaIQ-CK [PUP]
31.58%

Kaspersky
not-a-virus:AdWare.Win32.Lollipop
31.58%

Agnitum Outpost
PUA.Lollipop
31.58%

Sophos
Generic PUA FJ, DomainIQ pay-per install, PUA.DomainIQ pay-per install, PUA 'DomainIQ pay-per install'
31.58%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4150696, Threat.4783235
31.58%

Avira AntiVirus
APPL/DomaIQ.Gen
31.58%

IKARUS anti.virus
PUA.Tugus, AdWare.DomaIQ
31.58%

AVG
DomaIQ, Adware DomaIQ.DO
31.58%

MicroWorld eScan
Adware.Navipromo.CIP, Application.Bundler.Agent.A, Application.Bundler.DomaIQ.Q
31.58%

Bitdefender
Adware.Navipromo.CIP, Application.Bundler.Agent.A, Application.Bundler.DomaIQ.Q
31.58%

G Data
Adware.Navipromo.CIP, Application.Bundler.Agent, Application.Bundler.DomaIQ
31.58%

The domain www.javfiler.net has been seen to resolve to the following 11 IP addresses.

208.73.211.70
April 9, 2016

141.8.224.239
January 30, 2016

54.186.187.58
ec2-54-186-187-58.us-west-2.compute.amazonaws.com
November 2, 2014

54.213.71.128
ec2-54-213-71-128.us-west-2.compute.amazonaws.com
November 2, 2014

54.244.30.115
ec2-54-244-30-115.us-west-2.compute.amazonaws.com
July 10, 2014

54.186.83.158
ec2-54-186-83-158.us-west-2.compute.amazonaws.com
July 10, 2014

54.218.30.251
ec2-54-218-30-251.us-west-2.compute.amazonaws.com
May 14, 2014

54.201.9.67
ec2-54-201-9-67.us-west-2.compute.amazonaws.com
May 14, 2014

54.201.153.98
ec2-54-201-153-98.us-west-2.compute.amazonaws.com
May 14, 2014

54.201.189.9
ec2-54-201-189-9.us-west-2.compute.amazonaws.com
May 14, 2014

54.200.4.93
ec2-54-200-4-93.us-west-2.compute.amazonaws.com
May 14, 2014

File downloads found at URLs served by www.javfiler.net.

1 / 68      (Adware)
http://www.javfiler.net/.../New player.exe  (5417013ef40db9d7f4a232f791d7cec2)

1 / 68      (Adware)
http://www.javfiler.net/.../New player.exe  (e468b9ada9255d9e1e36e83f5770dbef)

1 / 68      (Adware)
http://www.javfiler.net/.../New player.exe  (c15ddb5644649fac29a1cbaa988e590c)

1 / 68      (Adware)
http://www.javfiler.net/.../New player.exe  (7c9d2be4320341800539f5d2b9522fc4)

1 / 68      (Adware)
http://www.javfiler.net/.../New player.exe  (3493ccbd94745f7c070a9b7812ab0ec2)

1 / 68      (Adware)
http://www.javfiler.net/.../New player.exe  (2a4187bbbbf969e2c4a2e0ec6883ef67)

1 / 68      (Adware)
http://www.javfiler.net/.../New player.exe  (226cd154578ca9e9412149830afeb584)

1 / 68      (Adware)
http://www.javfiler.net/.../New player.exe  (6e2b899fa53795d8d75fbc6d8762e2c4)

2 / 68      (false positives)
http://www.javfiler.net/.../New player.exe  (wrar420.exe)

1 / 68      (Adware)
http://www.javfiler.net/.../New player.exe  (b7eb081ae12051dd2d4276652c93dee6)

1 / 68      (Adware)
http://www.javfiler.net/.../New player.exe  (ad13b7edd968b314e83e117e9a98b7bf)

1 / 68      (Adware)
http://www.javfiler.net/.../New player.exe  (b8fc681b889f898c8f1ee2ba4e2d34e5)

32 / 68    (Adware)
http://www.javfiler.net/.../New player.exe  (22e7d12a0626d350ee01148265e88026)

29 / 68    (Adware)
http://www.javfiler.net/.../New player.exe  (d68bf74b25510e9ef161e5e7bf2f57ef)

30 / 68    (Adware)
http://www.javfiler.net/.../New player.exe  (d7c7f1916d4bcdb6bf1941d42baa6dd4)

1 / 68      (Adware)
http://www.javfiler.net/.../New player.exe  (5bc7d1c5b647436096944ced7fc33493)

29 / 68    (Adware)
http://www.javfiler.net/.../New player.exe  (5d2b30d89c82d0b7f3ebc3483acf240f)

21 / 68    (Adware)
http://www.javfiler.net/.../New player.exe  (ad78b07ec1c042c714e25a2a8dbdae77)

20 / 68    (Adware)
http://www.javfiler.net/.../New player.exe  (b8dca7a249c6b6b25477710780d22d59)

The following 9 files have been seen to comunicate with www.javfiler.net in live environments.

TCP » 54.201.153.98:80
rpdsvc.exe (RealPlayer Cloud Service (32-bit) by RealNetworks)

TCP » 54.201.153.98:80
rpdsvc.exe (RealPlayer Cloud Service (32-bit) by RealNetworks)

TCP » 141.8.224.239:80
dislike.crx

TCP » 141.8.224.239:443
droppad.crx

TCP » 208.73.211.70:80
videostream-elfana.crx

TCP » 208.73.211.70:443
droppad.crx

TCP » 208.73.211.70:443
droppad.crx

TCP » 54.186.187.58:80
WajamInternetEnhancer.exe (Wajam Internet Enhancer by Wajam Internet Technologies)

TCP » 54.200.4.93:80
lollipop.exe (Lollipop)

URL:
http://www.javfiler.net/

Title:
“javfiler.net”

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
Apache

Facebook:
Shares:  2

Statistics are for the previous month.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.