home

www.dllspy.com

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain www.dllspy.com is registered by proxy through ENOM, INC. and was originally registered in September of 2015. The hosted servers are located in Scottsdale, Arizona within the United States which resides on the GoDaddy.com, LLC network.
Registrar:
ENOM, INC.

Server location:
Arizona, United States (US)

Create date:
Thursday, September 10, 2015

Expires date:
Sunday, September 10, 2017

Updated date:
Tuesday, January 19, 2016

ASN:
AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC,US

Root domain:
dllspy.com

Whois:
2 dllspy.com records

The domain www.dllspy.com has been seen to resolve to the following 3 IP addresses.

104.27.176.181
December 5, 2015

104.27.177.181
December 5, 2015

107.180.43.74
ip-107-180-43-74.ip.secureserver.net
October 1, 2015

File downloads found at URLs served by www.dllspy.com.

0 / 68
http://www.dllspy.com/wp-content/uploads/2015/.../amtlib.dll_.zip  (92b9e19c81adb417c86c961b2195e916)

0 / 68
http://www.dllspy.com/wp-content/uploads//DLLFOUND/.../sdkencryptedappticket.dll.zip  (df5ebd9704825fffb440187712fe9189)

0 / 68
http://www.dllspy.com/wp-content/uploads//DLLFOUND/.../deformerdlly.dll.zip  (d2f2e7995b88c7baa4a8f57a9ecfc15c)

0 / 68
http://www.dllspy.com/wp-content/uploads//DLLFOUND/.../HP1006D.DLL.zip  (fe2476b3b391fee3f5d4b92ef98e0c9e)

0 / 68
http://www.dllspy.com/wp-content/uploads/2015/.../D3DCompiler_43.dll_.zip  (7056e2593856095454b3c526b847f258)

0 / 68
http://www.dllspy.com/wp-content/uploads//DLLFOUND/.../vfobju.dll.zip  (81a3b747b0155ce47d77a45ca2a066c4)

1 / 68      (Malware)
http://www.dllspy.com/wp-content/uploads/2015/.../3DMGAME.dll_.zip  (rebuilt.difxapi.dll)

0 / 68
http://www.dllspy.com/wp-content/uploads//DLLFOUND/.../atiuxp64.dll.zip  (0b752e4df121c9abb7bfc1c5cc01b2a4)

0 / 68
http://www.dllspy.com/wp-content/uploads//DLLFOUND/.../atiu9p64.dll.zip  (940b8f0db2d9caedd7b20ca27ea6f2f2)

0 / 68
http://www.dllspy.com/wp-content/uploads//DllFileOthers/.../GFSDK_ShadowLib.win64.dll.zip  (ab4e83581fe27935d7c5839b38b61f10)

0 / 68
http://www.dllspy.com/wp-content/uploads/2015/.../msvcp110.dll_.zip  (msvcp110.dll.zip)

1 / 68      (Malware)
http://www.dllspy.com/wp-content/uploads//DllFileOthers/.../GFSDK_ShadowLib.win64.dll.zip  (rebuilt.difxapi.dll)

0 / 68
http://www.dllspy.com/wp-content/uploads//DLLFOUND/.../libusbmuxd.dll.zip  (e5fb38f1deb39557d8737a52435abc37)

0 / 68
http://www.dllspy.com/wp-content/uploads//DLLFOUND/.../PhysXExtensions64.dll.zip  (3d7edec7d4817c388122421fcdac4715)

0 / 68
http://www.dllspy.com/wp-content/uploads//DLLFOUND/.../steam_api64.dll.zip  (47574230692c8b76f074c1155252978f)

0 / 68
http://www.dllspy.com/wp-content/uploads//DllFileOthers/.../msvcp140.dll.zip  (fafa9d654d0dece71a392d085eec5fd2)

0 / 68
http://www.dllspy.com/wp-content/uploads//DLLFOUND/.../System.ServiceModel.Internals.dll.zip  (e77a12e31e0b2ee4b065531da6c9d2d8)

0 / 68
http://www.dllspy.com/wp-content/uploads//DllFileOthers/.../DuiLib.dll.zip  (3c44c30d8d3969906734ae42bda84ecb)

0 / 68
http://www.dllspy.com/wp-content/uploads//DLLFOUND/.../hpr.dll.zip  (3dc9d8d0f17b1231da001277fe73658d)

0 / 68
http://www.dllspy.com/wp-content/uploads//DLLFOUND/.../TaskKeyHook.dll.zip  (da03c02991080cc0f6234f341f090192)

0 / 68
http://www.dllspy.com/wp-content/uploads//DLLFOUND/.../iusb3mon.dll.zip  (2f8336eb7530c52e7fbb571d5965b180)

0 / 68
http://www.dllspy.com/wp-content/uploads//DLLFOUND/.../twitchsdk_32_release.dll.zip  (ccaadd5e324bd1a5f0e1ebc26ff350a1)

0 / 68
http://www.dllspy.com/wp-content/uploads/2015/.../bink2w64.dll_.zip  (bink2w64.dll.zip)

0 / 68
http://www.dllspy.com/wp-content/uploads/.../AdvrCntr6.zip  (92d24f4ec5cfbabb07a32c5f82238b31)

0 / 68
http://www.dllspy.com/wp-content/uploads//DLLFOUND/.../System.Windows.Controls.Pivot.dll.zip  (6db47e93b9999bd451a6aa3737d65c74)

5 / 68      (PUP)
http://www.dllspy.com/wp-content/uploads/2015/.../amtlib.dll_.zip  (fa22222ee73fc705df22940d4dfbe1a1)

3 / 68      (inconclusive)
http://www.dllspy.com/wp-content/uploads/2015/.../3DMGAME.dll_.zip  (d1d4cabda08171eb39bf1248bc96007e)

The following 6 files have been seen to comunicate with www.dllspy.com in live environments.

TCP » 107.180.43.74:80
online-guardian-v2.0.9.exe

TCP » 107.180.43.74:80
produpd.exe (produpd.exe by Vested Development, Inc)

TCP » 107.180.43.74:80
online-guardian-v2.0.9.exe

TCP » 107.180.43.74:80
onlineguardian-v2.exe

TCP » 107.180.43.74:80
produpd.exe (produpd.exe by Vested Development, Inc)

TCP » 107.180.43.74:80
UCBrowser.exe (UC Browser by UCWeb)

URL:
http://www.dllspy.com/

Title:
“Download free dll files”

SSL certificate subject:
CN=sni175736.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
cloudflare-nginx (PHP/5.6.9)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.