» ollyfile.me
Overview
Analysis
IPs Addresses (3)
Downloads (13)
Website Detail

ollyfile.me

WhoisGuard, Inc. (Proxy Registrant)

Domain Information

The domain ollyfile.me is registered by proxy through NameCheap R216-ME (1068) and was originally registered in June of 2015. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Atlanta, Georgia within the United States which resides on the Namecheap, Inc. network.

Registrant:

WhoisGuard, Inc.

Registrar:

NameCheap R216-ME (1068)

Server location:

Georgia, United States (US)

Create date:

Sunday, June 28, 2015

Expires date:

Tuesday, June 28, 2016

Updated date:

Thursday, August 27, 2015

ASN:

AS22612 NAMECHEAP-NET - Namecheap, Inc., US

Whois:

1 ollyfile.me record

Google Safe Browsing:

unwanted

Scanner detections:

Detections (96% detected)

Scan engine

Details

Detections

Dr.Web

infected with Trojan.Fraudster.1620, infected with Trojan.Fraudster.1624, infected with Trojan.Fraudster.1960, Detection.Undefined

73.47%

McAfee

Trojan.Artemis!AC18A81AC080, Trojan.Artemis!BA258FC37E7D, Artemis!04A835251535, Trojan.Artemis!69D99242F5B9, Program.Artemis!511616296335, Trojan.Artemis!5B46443F5326, Trojan.Artemis!32D87A4B11DF, Trojan.Artemis!18DF06F75182

71.43%

Emsisoft Anti-Malware

Adware.Agent.PPG, Dropped:Adware.Agent.PPG, Trojan.Generic.15339704, Gen:Variant.Adware.Graftor.180946, Gen:Heur.Conjar

69.39%

Kaspersky

not-a-virus:NetTool.Win64.NetFilter

67.35%

AVG

Adware Generic6.TGA, Adware Generic7.JFC, Adware Generic7.DHA

65.31%

ESET NOD32

multiple threats

65.31%

VIPRE Antivirus

Threat.4150696, Trojan.Win32.Generic, Threat.4734384, Threat.5063666

61.22%

Norman

Adware.Agent.PPG, Dropped:Adware.Agent.PPG, Trojan.Generic.15339704, Gen:Variant.Adware.Graftor.180946, Gen:Heur.Conjar.1

61.22%

Clam AntiVirus

Win.Trojan.14501195, Win.Adware.Agent-59030, Win.Adware.Agent-59029

57.14%

F-Prot

W32/Adware.ALMA (exact, not disinfectable), W32/NetFilter-PUA.B (exact, not disinfectable)

51.02%

Sophos

PUA 'NetFilter' (of type Adware), NetFilter (PUA), Generic PUA EB (PUA)

44.90%

Lavasoft Ad-Aware

Trojan.Generic.15415857, Dropped:Adware.Agent.PPG, Trojan.Generic.14954074, Trojan.Generic.15446755

34.69%

Reason Heuristics

(M), PUP.YuBao (M)

26.53%

Microsoft Security Essentials

Worm:Win32/NeksMiner.A, Threat.Undefined

22.45%

F-Secure

Application:W32/Generic.70053c248f!Online, Riskware.Application.Generic.1487591, Trojan.Generic.15339704, Variant.Adware.Graftor

20.41%

The domain ollyfile.me has been seen to resolve to the following 3 IP addresses.

198.54.117.210

parkingpage.namecheap.com

July 21, 2016

82.221.105.13

February 26, 2016

82.221.105.12

February 1, 2016

File downloads found at URLs served by ollyfile.me.

0 / 68

http://ollyfile.me/ids/.../getFile?lnk=RG93bmxvYWQgUGMgRGlhYmxvIDEgKyBDcmFjayArIFRyYWR1Y2FvIENvbXBsZXRvIEZ1bGx8aHR0cDovL3d3dy5jYXN0b3Jkb3dubG9hZHMuaW5mby9kb3dubG9hZC1wYy1kaWFibG8tMS1jcmFjay10cmFkdWNhby1jb21wbGV0by1mdWxsLTIzNTcyLmh0bWw=&dec=1 (download-pc-diablo-1-crack-traducao-completo-full.zip)

2 / 68 (Malware)

http://ollyfile.me/.../310714_mb.exe (cd5jdwe0sattqmwunj5xvwu_has.exe)

9 / 68 (PUP)

http://ollyfile.me/.../291014_nj.exe (cd5jdwe0sattqmwunj5xvwucd5jdwe0sattqmwunj5xvwucd5jdwe0sattqmwunj5xvwu_nj.exe)

8 / 68 (PUP)

http://ollyfile.me/.../280815_cr.exe (8492810cddfa62ef14709d71962e5387)

1 / 68 (Malware)

http://ollyfile.me/ids/.../getFile?lnk=Q2QgIElyb24gTWFpZGVuICBUaGUgQm9vayBPZiBTb3VscyAoMjAxNSl8aHR0cDovL3d3dy5iYWl4YXJtdXNpY2FzZWNkcy5jb20vY2QtaXJvbi1tYWlkZW4tdGhlLWJvb2stb2Ytc291bHMtMjAxNS8=&dec=1 (cd-iron-maiden-the-book-of-souls-2015.zip)

1 / 68 (Malware)

http://ollyfile.me/ids/id116/.../cmVsYXRlZHBvc3RzX2hpdD0xJnJlbGF0ZWRwb3N0c19vcmlnaW49MzU2NCZyZWxhdGVkcG9zdHNfcG9zaXRpb249NQ==&dec=1 (cd-cristiano-araujo-grandes-sucessos-vol12015.zip)

1 / 68 (Malware)

http://ollyfile.me/ids/.../getFile?lnk=QmFpeGFyIENyaWFuw6dhcyBEaWFudGUgZG8gVHJvbm8gMDQg4oCTIFZhbW9zIENvbXBhcnRpbGhhciDigJMgMjAwNSBNcDMgbXVzaWNhIGdvc3BlbCB8IFR1ZG8gRXZhbmdlbGljbyBHcmF0aXN8aHR0cDovL3d3dy50dWRvZXZhbmdlbGljb2dyYXRpcy5uZXQvY3JpYW5jYXMtZGlhbnRlLWRvLXRyb25vLTA0LXZhbW9zLWNvbXBhcnRpbGhhci0yMDA1&dec=1 (baixar-crianas-diante-do-trono-04-vamos-compartilhar-2005-mp3-musica-gospel.zip)

1 / 68 (Malware)

http://ollyfile.me/ids/id156/.../getFile?lnk=U2V2aWxsYSBYIEJhcmNlbG9uYSAgQW8gVml2b3xodHRwOi8vYW92aXZvYWdvcmEuY29tL2Fvdml2by9qb2dvcy1kby1iYXJjZWxvbmE=&dec=1 (sevilla-x-barcelona-ao-vivo.zip)

1 / 68 (Malware)

http://ollyfile.me/ids/.../getFile?lnk=RmlmYSBXb3JsZCBDdXAgQnJhemlsIDIwMTQgIFhib3gzNjAgUG9ydHVndWVzIEJyfGh0dHA6Ly9jbHViZWRvZG93bmxvYWQuaW5mby9iYWl4YXIvY29wYS1tdW5kby1maWZhLWJyYXNpbC0yMDE0&dec=1 (fifa-world-cup-brazil-2014-xbox360-portugues-br.zip)

1 / 68 (Malware)

http://ollyfile.me/ids/id156/.../getFile?lnk=U2FtcGFpbyBDb3JyZWEgWCBCb3RhZm9nbyAyMDE1ICBBbyBWaXZvfGh0dHA6Ly9hb3Zpdm9hZ29yYS5jb20vYW92aXZvL3NhbXBhaW8tY29ycmVhLWFvLXZpdm8=&dec=1 (sampaio-correa-x-botafogo-2015-ao-vivo.zip)

1 / 68 (Malware)

http://ollyfile.me/.../310714_br.exe (fofffoezoiliwl5vej8op4nvdxfofffoezoiliwl5vej8op4nvdxfofffoezoiliwl5vej8op4nvdx_br.exe)

1 / 68 (Malware)

http://ollyfile.me/ids/.../getFile?lnk=Q2hpcXVpdGl0YXMgLSBUdWRvIFR1ZG98aHR0cDovL211c2ljYXNwYXJhYmFpeGFyMTAuY29tL21wMy9jaGlxdWl0aXRhcy5odG1s&dec=1 (chiquititas-tudo-tudo.zip)

1 / 68 (PUP)

http://ollyfile.me/.../310714_a10.exe (fofffoezoiliwl5vej8op4nvdxfofffoezoiliwl5vej8op4nvdx_a10.exe)

URL:

http://ollyfile.me/

Title:

“Em manutencao”

Web server:

nginx/1.0.15 (PHP/5.6.13)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.