home

fileshare7090.depositfiles.org

SONGUL CORPORATION

Domain Information

Currently this domain has been known to host various forms of malware. The hosted servers are located in Steinsel, Luxembourg within Luxembourg which resides on the RIPE Network Coordination Centre network.
Registrar:
EuroDNS S.A.

Server location:
Luxembourg, Luxembourg (LU)

ASN:
AS5577 ROOT root SA,LU

Root domain:
depositfiles.org

Whois:
1 depositfiles.org record

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

Bkav FE
W32.Clod5f1.Trojan
100.00%

McAfee
Artemis!09337AC44479
100.00%

Norman
Suspicious_Gen2.IMZJU
100.00%

Trend Micro House Call
TROJ_SPNR.0CHH12
100.00%

Sophos
Mal/Behav-328
100.00%

Trend Micro
TROJ_SPNR.0CHH12
100.00%

Avira AntiVirus
TR/Agent.kqz.6
100.00%

The domain fileshare7090.depositfiles.org has been seen to resolve to the following 12 IP addresses.

94.242.236.65
ip-static-94-242-236-65.as5577.net
February 9, 2016

94.242.236.61
ip-static-94-242-236-61.as5577.net
February 9, 2016

94.242.236.49
ip-static-94-242-236-49.as5577.net
February 9, 2016

94.242.236.45
ip-static-94-242-236-45.as5577.net
February 9, 2016

94.242.227.207
ip-static-94-242-227-207.as5577.net
February 9, 2016

94.242.227.179
ip-static-94-242-227-179.as5577.net
February 9, 2016

94.242.227.163
ip-static-94-242-227-163.as5577.net
February 9, 2016

94.242.227.159
ip-static-94-242-227-159.as5577.net
February 9, 2016

94.242.227.151
ip-static-94-242-227-151.as5577.net
February 9, 2016

94.242.227.143
ip-static-94-242-227-143.as5577.net
February 9, 2016

94.242.227.135
ip-static-94-242-227-135.as5577.net
February 9, 2016

94.242.236.69
ip-static-94-242-236-69.as5577.net
February 9, 2016

File downloads found at URLs served by fileshare7090.depositfiles.org.

7 / 68      (Malware)
http://fileshare7090.depositfiles.org/auth-1376260656020069b626c58b55dafa72-177.142.82.55-698898294-113660715-guest/.../setup-4.9.7.exe  (09337ac44479089736115afe3e395b28)

The following 5 files have been seen to comunicate with fileshare7090.depositfiles.org in live environments.

TCP » 94.242.227.135:80
online-guardian-v2.0.9.exe

TCP » 94.242.227.143:80
online-guardian-v2.0.9.exe

TCP » 94.242.236.65:80
online-guardian-v2.0.9.exe

TCP » 94.242.227.179:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 94.242.236.45:80
online-guardian-v2.0.9.exe

TCP » 94.242.236.69:80
online-guardian-v2.0.9.exe

TCP » 94.242.227.163:80
online-guardian-v2.0.9.exe

TCP » 94.242.227.207:80
online-guardian-v2.0.9.exe

TCP » 94.242.227.135:80
onlineguardian-v2.exe

TCP » 94.242.227.151:80
online-guardian-v2.0.9.exe

TCP » 94.242.236.61:80
online-guardian-v2.0.9.exe

TCP » 94.242.227.179:80
online-guardian-v2.0.9.exe

TCP » 94.242.227.151:80
online-guardian-v2.exe

TCP » 94.242.227.207:80
onlineguardian-v2.exe

TCP » 94.242.236.49:80
online-guardian-v2.0.9.exe

URL:
http://fileshare7090.depositfiles.org/

Title:
“DepositFiles”

Description:
“DepositFiles provides you with a legitimate technical solution, which enables you to upload, store, access and download text, software, scripts, images, sounds, videos, animations and any other materials in form of one or several electronic fil...”

Web server:
nginx

depositfiles.com

dfiles.eu

dfiles.ru

gavitex.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.