dlh.softportal.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain dlh.softportal.com is registered by proxy through GODADDY.COM, LLC and was originally registered in May of 2001. Currently this domain has been known to host various forms of malware. The hosted servers are located in Nuremberg, Bayern within Germany which resides on the RIPE Network Coordination Centre network.
Registrar:
GODADDY.COM, LLC

Server location:
Bayern, Germany (DE)

Create date:
Friday, May 18, 2001

Expires date:
Friday, March 01, 2019

Updated date:
Thursday, July 10, 2014

ASN:
AS24940 HETZNER-AS Hetzner Online GmbH,DE

Root domain:

Scanner detections:
Malware distribution  (59% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Optional.MailRu.J, PUP.Installer.ColeWilliams.AA, Win32.Generic
100.00%

ESET NOD32
Win32/HotDownloads (variant), Win32/Toolbar.Widgi (variant)
30.00%

McAfee
Artemis!C5820AC896EE, Artemis!076BB3ABCB92
20.00%

Dr.Web
Adware.Downware.256, Adware.Downware.316
20.00%

McAfee Web Gateway
Artemis!C5820AC896EE, Artemis!076BB3ABCB92
20.00%

Jiangmin
Downloader.LMN.b, Downloader.LMN.i
20.00%

Antiy Labs AVL
Downloader/Win32.LMN.gen, PSWTool/Win32.NetPass.gen
20.00%

Rising Antivirus
Trojan.RuMail!4986
20.00%

IKARUS anti.virus
AdWare.Win32.HotDownloads, not-a-virus:Downloader.Win32.LMN
20.00%

Fortinet FortiGate
Riskware/HotDownloads.AB, W32/HotDownloads
20.00%

Trend Micro House Call
TROJ_GEN.RCBH1KC
10.00%

Kaspersky
not-a-virus:HEUR:Downloader.Win32.LMN
10.00%

Comodo Security
UnclassifiedMalware
10.00%

VIPRE Antivirus
Trojan.Win32.Generic
10.00%

Avira AntiVirus
APPL/SoftContainer.Gen5
10.00%

The domain dlh.softportal.com has been seen to resolve to the following 2 IP addresses.

www.softportal.com
November 19, 2015

December 31, 2013

File downloads found at URLs served by dlh.softportal.com.

1 / 68      (Malware)
http://dlh.softportal.com/b5/6/4/.../idman610.exe  (bad71065ecbc6afed7c3e69af67f52ed)

0 / 68

1 / 68      (Malware)

1 / 68      (Malware)

0 / 68
http://dlh.softportal.com/b7/1/6/.../winzip165.exe  (ec5a51c91a07976bbb2abeff3cc41b07)

0 / 68
http://dlh.softportal.com/b5/2/2/.../astron_install.exe  (b8d6a3310e1332d78343518b95291ee8)

1 / 68      (Malware)
http://dlh.softportal.com/b5/8/6/.../mp3DC213.exe  (65950bc0ec1b6ba8cd8ae58db91f01c7)

0 / 68
http://dlh.softportal.com/b2/1/4/.../avg_isct_x86_all_2013_2890a6006.exe  (avg_isct_x86_all_2013_2890a6006_phoenix-htc.exe)

0 / 68
http://dlh.softportal.com/b6/5/7/.../JAD8017_BASIC.exe  (4fed3d3b5e352e7210f08e5a1f84d19d)

1 / 68      (Malware)

1 / 68      (Malware)
http://dlh.softportal.com/b7/9/8/.../DTLite4402-0131.exe  (5ec1d77403dff71bdbbd59fa5a2831ec)

1 / 68      (Malware)
http://dlh.softportal.com/b7/8/3/.../tcm80x32_64.exe  (eec3164162da6df4efab84ef8bc3e28e)

3 / 68      (PUP)

16 / 68    (PUP)
http://dlh.softportal.com/b5/0/2/.../wrar411ru.exe  (076bb3abcb920572fec8af44e1483bf4)

11 / 68    (PUP)
http://dlh.softportal.com/b1/6/7/.../chemax132.exe  (c5820ac896ee32cb8503f85b61fe75bc)

The following file have been seen to comunicate with dlh.softportal.com in live environments.

URL:
http://dlh.softportal.com/

Google Analytics:
UA-21410459

Title:
“ Windows, Android, Mac”

Description:
“ - ”

Web server:
Apache/2.2.15 (CentOS) (PHP/5.3.3)