home

lp2.bongacams24.com

1&1 Internet Inc

Domain Information

The domain lp2.bongacams24.com registered by 1&1 Internet Inc was initially registered in July of 2014 through 1&1 INTERNET SE. Currently this domain has been known to host various forms of malware. The hosted servers are located in Frankfurt Am Main, Hessen within Germany which resides on the RIPE Network Coordination Centre network.
Registrar:
1&1 INTERNET SE

Server location:
Hessen, Germany (DE)

Create date:
Monday, July 14, 2014

Expires date:
Thursday, July 14, 2016

Updated date:
Thursday, March 17, 2016

ASN:
AS47846 SEDO-AS Sedo GmbH

Root domain:
bongacams24.com

Whois:
2 bongacams24.com records

Scanner detections:
Malware distribution  (88% detected)

Scan engine
Details
Detections

Reason Heuristics
Trojan.Downloader (M), Threat.Win.Reputation.IMP
97.78%

AegisLab AV Signature
DangerousObject.Multi.Gen
20.00%

Malwarebytes
Trojan.Dropper.Script
17.78%

Dr.Web
Trojan.Siggen6.55013
8.89%

ESET NOD32
Win32/BitCoinMiner.BY potentially unsafe application
2.22%

The domain lp2.bongacams24.com has been seen to resolve to the following 2 IP addresses.

91.195.241.121
redirect.domcollect.com
July 18, 2016

192.185.16.209
March 3, 2016

File downloads found at URLs served by lp2.bongacams24.com.

1 / 68      (Malware)
http://lp2.bongacams24.com/taskmgr.exe  (82d87f2d05ef7aa3fac8bab6a8586687)

1 / 68      (Malware)
http://lp2.bongacams24.com/WindowsDefender.exe  (56caec3868dd2f2b0ce62affc8b2cfca)

0 / 68
http://lp2.bongacams24.com/msvcr120.dll  (a35afc73f8c5f8868926a1463371e1c0)

0 / 68
http://lp2.bongacams24.com/userinit.exe  (5137d157f10369ba3b43a6e6811535fc)

0 / 68
http://lp2.bongacams24.com/winrshost.exe  (5aef8570b4374583a0d2ee34e571428c)

0 / 68
http://lp2.bongacams24.com/csrss.exe  (6dc849d6f1ebd1bc11187d30eba5bba7)

The following 6 files have been seen to comunicate with lp2.bongacams24.com in live environments.

TCP » 91.195.241.121:587
wrk.exe

TCP » 91.195.241.121:80
ekogb.exe (Holodedr incumbit dewani's pseudost by Symantec)

TCP » 91.195.241.121:587
w.exe

TCP » 91.195.241.121:80
SecurityUtilitySrv.exe (Application)

TCP » 91.195.241.121:80
SecurityUtilitySrv.exe (Application)

TCP » 91.195.241.121:80
cosa.exe

URL:
http://lp2.bongacams24.com/

Title:
“BongaCams24.com”

Web server:
nginx/1.8.1

callfor.info

goodbe.co

gooqler.com

blueslushy.com

halogenware.com

qavvps.com

spybotupdates.biz

update1-com.info

world-downloads.info

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.