home

fileshare2010.depositfiles.com

SONGUL CORPORATION

Domain Information

The domain fileshare2010.depositfiles.com registered by SONGUL CORPORATION was initially registered in November of 2005 through EURODNS S.A. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Steinsel, Luxembourg within Luxembourg which resides on the RIPE Network Coordination Centre network.
Registrar:
EURODNS S.A

Server location:
Luxembourg, Luxembourg (LU)

Create date:
Saturday, November 5, 2005

Expires date:
Sunday, November 5, 2017

Updated date:
Monday, July 28, 2014

ASN:
AS5577 ROOT root SA,LU

Root domain:
depositfiles.com

Whois:
1 depositfiles.com record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Sophos
CheatEngine
100.00%

ESET NOD32
Win32/OpenCandy
100.00%

Bkav FE
W32.Clod6d7.Trojan
100.00%

K7 AntiVirus
Unwanted-Program
100.00%

Baidu Antivirus
Trojan.Win32.Agent
100.00%

avast!
Win32:Rootkit-gen [Rtk]
100.00%

The domain fileshare2010.depositfiles.com has been seen to resolve to the following 12 IP addresses.

94.242.236.61
ip-static-94-242-236-61.as5577.net
April 4, 2016

94.242.236.49
ip-static-94-242-236-49.as5577.net
April 4, 2016

94.242.236.45
ip-static-94-242-236-45.as5577.net
April 4, 2016

94.242.236.41
ip-static-94-242-236-41.as5577.net
April 4, 2016

94.242.227.187
ip-static-94-242-227-187.as5577.net
April 4, 2016

94.242.227.171
ip-static-94-242-227-171.as5577.net
April 4, 2016

94.242.227.163
ip-static-94-242-227-163.as5577.net
April 4, 2016

94.242.227.155
ip-static-94-242-227-155.as5577.net
April 4, 2016

94.242.227.147
ip-static-94-242-227-147.as5577.net
April 4, 2016

94.242.227.143
ip-static-94-242-227-143.as5577.net
April 4, 2016

94.242.236.73
ip-static-94-242-236-73.server.lu
April 4, 2016

94.242.236.65
ip-static-94-242-236-65.as5577.net
April 4, 2016

File downloads found at URLs served by fileshare2010.depositfiles.com.

6 / 68      (PUP)
http://fileshare2010.depositfiles.com/auth-1397081501add7c782003c4db1d8602b-173.218.254.174-1409859939-146817026-guest/.../CheatEngine62.exe  (c5d6710acf98584c151c213530bc7032)

The following 4 files have been seen to comunicate with fileshare2010.depositfiles.com in live environments.

TCP » 94.242.227.155:80
onlineguardian-v2.exe

TCP » 94.242.227.143:80
online-guardian-v2.0.9.exe

TCP » 94.242.236.65:80
online-guardian-v2.0.9.exe

TCP » 94.242.227.147:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 94.242.227.155:80
onlineguardian-v2.exe

TCP » 94.242.236.45:80
online-guardian-v2.0.9.exe

TCP » 94.242.236.73:80
online-guardian-v2.0.9.exe

TCP » 94.242.227.163:80
online-guardian-v2.0.9.exe

TCP » 94.242.227.187:80
onlineguardian-v2.exe

TCP » 94.242.227.187:80
online-guardian-v2.0.9.exe

TCP » 94.242.236.61:80
online-guardian-v2.0.9.exe

TCP » 94.242.236.73:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 94.242.227.147:443
online-guardian-v2.0.9.exe

TCP » 94.242.227.147:80
online-guardian-v2.0.9.exe

TCP » 94.242.227.155:443
online-guardian-v2.0.9.exe

TCP » 94.242.227.171:80
online-guardian-v2.0.9.exe

TCP » 94.242.236.49:80
online-guardian-v2.0.9.exe

URL:
http://fileshare2010.depositfiles.com/

Title:
“DepositFiles”

Description:
“DepositFiles provides you with a legitimate technical solution, which enables you to upload, store, access and download text, software, scripts, images, sounds, videos, animations and any other materials in form of one or several electronic fil...”

Web server:
nginx

depositfiles.org

dfiles.eu

dfiles.ru

gavitex.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.