home

filehome.ru

Private Person  (Proxy Registrant)

Domain Information

The domain filehome.ru is registered by proxy through RU-CENTER-RU and was originally registered in March of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Saint Petersburg, Saint Petersburg City within Russia which resides on the RIPE Network Coordination Centre network.
Registrar:
RU-CENTER-RU

Server location:
Saint Petersburg City, Russia (RU)

Create date:
Sunday, March 30, 2014

Expires date:
Thursday, March 30, 2017

ASN:
AS30968 INFOBOX-AS ZAO _National Telecommunications_,RU

Whois:
2 filehome.ru records

Scanner detections:
Detections  (56% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Optional.Kometa, Win32.Generic.Installer.Meta, Win32.Generic.Kometa.Meta, Win32.Generic.MailRu.Installer.Meta, PUP.Magicbit.Downloader.Installer.Meta (M), PUP.SmartYUG (M)
100.00%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h, Signed-Adware.RuKometa
44.44%

AVG
Generic, Kometa
33.33%

Bkav FE
W32.HfsAdware
33.33%

Baidu Antivirus
Adware.Win32.iBryte.RuMail, PUA.Win32.RuKometa
33.33%

Panda Antivirus
PUP/DownWare, Trj/Genetic.gen
33.33%

K7 AntiVirus
Adware
22.22%

ESET NOD32
Win32/RuKometa.I potentially unwanted (variant)
22.22%

Dr.Web
Trojan.LoadMoney.681
22.22%

Fortinet FortiGate
Riskware/RuKometa
22.22%

McAfee
Artemis!69A66A2311D2, Artemis!D2D70C39D58D
22.22%

Agnitum Outpost
Riskware.Agent
22.22%

IKARUS anti.virus
PUA.RuKometa, Win32.SuspectCrc
22.22%

ESET NOD32
Win32/RuKometa.A potentially unwanted application
11.11%

F-Secure
Gen:Variant.Jaiko.325
11.11%

The domain filehome.ru has been seen to resolve to the following 3 IP addresses.

104.27.137.116
February 28, 2016

104.27.136.116
February 28, 2016

109.120.162.68
109.120.162.68.addr.datapoint.ru
October 20, 2015

File downloads found at URLs served by filehome.ru.

1 / 68      (PUP)
http://filehome.ru/?ddownload=438  (ummyvideodownloader.exe)

0 / 68
http://filehome.ru/.../YoWindow.exe  (setup.exe)

0 / 68
http://filehome.ru/.../IE9-Win7-x64.exe  (c6c1c03b4ac8baee0edbf8f8728f3045)

0 / 68
http://filehome.ru/.../IE9-Win7-x86.exe  (0b8e3293de4d824532df001a2976ae14)

1 / 68      (PUP)
http://filehome.ru/.../Kometa.exe  (dd2bc1f0b8108d888457db96069f981b)

0 / 68
http://filehome.ru/.../Pandora Recovery.exe  (pandorarecovery.exe)

16 / 68    (PUP)
http://filehome.ru/?ddownload=442  (kometabrowser.exe)

5 / 68      (PUP)
http://filehome.ru/?ddownload=187  (amigo_adsetup_lp5iesm.exe)

0 / 68
http://filehome.ru/.../Photoscape.exe  (photoscape_v3.7.exe)

0 / 68
http://filehome.ru/.../Daemon Tools.exe  (dtliteinstaller.exe)

1 / 68      (Malware)
http://filehome.ru/.../Amigo.exe  (d818424f2a93713f01a24f7fb01fa254)

4 / 68      (PUP)
http://filehome.ru/?ddownload=442  (kometabrowser.exe)

14 / 68    (PUP)
http://filehome.ru/?ddownload=442  (kometa-browser.exe)

0 / 68
http://filehome.ru/.../IE9-Vista-x86.exe  (ie-redist.exe)

4 / 68      (PUP)
http://filehome.ru/?ddownload=187  (amigo.exe)

2 / 68      (Malware)
http://filehome.ru/?ddownload=187  (amigo_adsetup_lmuopsy.exe)

URL:
http://filehome.ru/

Google Analytics:
UA-34500393

Title:
“Программы для ПК”

Description:
“Скачать программы для ПК бесплатно. Бесплатный софт на ПК.”

SSL certificate subject:
CN=sni223699.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
cloudflare-nginx

softgallery.ru

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.