home

agwymg.dm2301.livefilestore.com

Microsoft Corporation

Domain Information

The domain agwymg.dm2301.livefilestore.com registered by Microsoft Corporation was initially registered in January of 2007 through CSC CORPORATE DOMAINS, INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Redmond, Washington within the United States which resides on the Microsoft Corporation network.
Registrar:
CSC CORPORATE DOMAINS, INC.

Server location:
Washington, United States (US)

Create date:
Tuesday, January 30, 2007

Expires date:
Monday, January 30, 2017

Updated date:
Tuesday, January 26, 2016

ASN:
AS8075 MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation,US

Root domain:
livefilestore.com

Whois:
1 livefilestore.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Bkav FE
W32.Clodf97.Trojan
100.00%

McAfee
Artemis!347C23328DF3
100.00%

Malwarebytes
HackTool.Wpakill
100.00%

K7 AntiVirus
Riskware
100.00%

F-Prot
W32/MalwareF.GUGF
100.00%

Trend Micro House Call
HKTL_WPAKILL
100.00%

Agnitum Outpost
HackTool.Wpakill
100.00%

Sophos
RemoveWAT
100.00%

Comodo Security
ApplicUnwnt.Win32.WPAkill.~A
100.00%

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
100.00%

Avira AntiVirus
SPR/Tool.WPAkill.B.7
100.00%

Trend Micro
HKTL_WPAKILL
100.00%

Emsisoft Anti-Malware
Trojan.GenericKD.1397145
100.00%

Microsoft Security Essentials
HackTool:Win32/Wpakill.B
100.00%

ViRobot
JS.A.Iframe.6663680
100.00%

The domain agwymg.dm2301.livefilestore.com has been seen to resolve to the following IP address.

204.79.197.213
a-0011.a-msedge.net
July 3, 2016

File downloads found at URLs served by agwymg.dm2301.livefilestore.com.

31 / 68    (PUP)
https://agwymg.dm2301.livefilestore.com/.../RemoveWAT.exe  (wat_remover_by_digipassion.com.exe)

The following 100 files have been seen to comunicate with agwymg.dm2301.livefilestore.com in live environments.

TCP » 204.79.197.213:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 204.79.197.213:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 204.79.197.213:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 204.79.197.213:443
Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

TCP » 204.79.197.213:443
Client.exe

TCP » 204.79.197.213:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 204.79.197.213:443
beaglebrowser.exe (BeagleBrowser by The BeagleBrowser Authors)

TCP » 204.79.197.213:443
client.exe (ClientWrapper)

TCP » 204.79.197.213:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 204.79.197.213:443
AdxEngine.exe (MPC AdCleaner by DotC United Inc)

TCP » 204.79.197.213:443
vosteran.exe

TCP » 204.79.197.213:443
Client.exe

TCP » 204.79.197.213:443
citrio.exe (Citrio by CatalinaGroup)

TCP » 204.79.197.213:443
Client.exe

TCP » 204.79.197.213:443
injector.txt (Windows by Microsoft)

TCP » 204.79.197.213:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 204.79.197.213:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 204.79.197.213:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 204.79.197.213:443
runtime.exe (Windows by Microsoft)

TCP » 204.79.197.213:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

 
Latest 20 of 113 files

URL:
http://agwymg.dm2301.livefilestore.com/

SSL certificate subject:
CN=storage.live.com, OU=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=WA, C=US

SSL certificate issuer:
CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Web server:
Microsoft-IIS/8.5

1drv.com

1drv.ms

live.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.