» songr.descargar.es
Overview
Analysis
IPs Addresses (3)
Downloads (6)
Network (5)

songr.descargar.es

Domain Information

Server location:

Madrid, Spain (ES)

ASN:

AS45037 HISPAWEB-NETWORK Propelin Consulting S.L.U.,ES

Root domain:

descargar.es

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.ISfreemium.d, PUP.Vittalia.100Blogs.Bundler (M), PUP.Vittalia.VittaliaInternetSL.Bundler (M), PUP.installCore.FreeSoft (M), PUP.installCore.WorldSet (M)

100.00%

Bkav FE

W32.Clod58a.Trojan

16.67%

McAfee

Artemis!B1229B360815

16.67%

Malwarebytes

PUP.Optional.Freemium.A

16.67%

Trend Micro House Call

TROJ_GEN.F47V1217

16.67%

SUPERAntiSpyware

PUP.InstallCore/Variant

16.67%

Sophos

Install Core Click run software

16.67%

Comodo Security

UnclassifiedMalware

16.67%

Dr.Web

Trojan.Packed.24524

16.67%

VIPRE Antivirus

InstallCore

16.67%

Avira AntiVirus

APPL/InstallCore.dff

16.67%

ESET NOD32

Win32/InstallCore.CX (variant)

16.67%

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

16.67%

herdProtect (fuzzy)

a variant of 7184cc76f5ffdde71c9c002dcc74781963685d01

16.67%

K7 AntiVirus

Unwanted-Program

16.67%

The domain songr.descargar.es has been seen to resolve to the following 3 IP addresses.

109.70.130.155

155.130.70.109.factoriadigital.com

June 19, 2016

185.47.13.82

February 13, 2016

185.57.173.188

February 13, 2016

File downloads found at URLs served by songr.descargar.es.

1 / 68 (Adware)

http://songr.descargar.es/down.php (installer_songr_spanish.exe)

1 / 68 (Adware)

http://songr.descargar.es/down.php (installer_songr_spanish.exe)

1 / 68 (Adware)

http://songr.descargar.es/down.php (installer_songr_spanish.exe)

1 / 68 (Adware)

http://songr.descargar.es/down.php (installer_songr_spanish.exe)

25 / 68 (Adware)

http://songr.descargar.es/down.php?p= (icreinstall_installer_songr_spanish.exe)

1 / 68 (Adware)

http://songr.descargar.es/down.php (installer_songr_spanish.exe)

The following 5 files have been seen to comunicate with songr.descargar.es in live environments.

TCP » 109.70.130.155:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 109.70.130.155:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 109.70.130.155:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 109.70.130.155:80

cyberclient.exe (CyberPlanet by Proyecto Redes)

TCP » 109.70.130.155:80

rlvknlg.exe (Relevant-Knowledge by TMRG)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.