75.126.20.73

75.126.20.73-static.reverse.softlayer.com

IP Address Information

The Internet Service Provider (ISP) that owns the network address of 75.126.20.73 is SoftLayer Technologies Inc. and located in Texas within the United States. The IP Address resolves to the DNS record of 75.126.20.73-static.reverse.softlayer.com. Currently there are 7 domain names that utilize this address. The primary domain hosted by this IP is lfiles3.brothersoft.com along with 6 other domains which are known adware distribution web sites.
Scanner detections:
Detections  (56% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Optional.Task.KORAMGAMESLIMITED.U, PUP.Optional.Installer.KORAMGAMESLIMITED.O, PUP.Optional.Installer.KORAMGAMESLIMITED.L, PUP.GRETECH.GretechC.Installer.Meta (L), PUP.Optional.Installer.HH, Win32.Generic.KORAMGAMES.Installer.Meta, PUP.InstallCore.RE.Installer (M), PUP.InstallCore.RE11 (M), PUP.Conduit.Bundler (M), PUP.Conduit.Installer (M)
68.57%

ESET NOD32
Win32/OpenCandy, Win32/Bundled.Toolbar.Google, Win32/Toolbar.Conduit (variant), Win32/BSDownloader (variant), Win32/InstallCore.UE (variant)
45.71%

K7 AntiVirus
Unwanted-Program
28.57%

K7 Gateway Antivirus
Unwanted-Program
28.57%

Trend Micro House Call
ADW_OPENCANDY, TROJ_GEN.F47V0911, Suspicious_GEN.F47V0908, Suspicious_GEN.F47V0616, Suspicious_GEN.F47V0816
28.57%

Kaspersky
not-a-virus:NetTool.Win32.GushUnleashed, HEUR:Trojan-DDoS.Win32.OrboDDoS
20.00%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4786140, Threat.4150696, Brothersoft Downloader
20.00%

AVG
OpenCandy, Generic, Adware BundleApp
20.00%

Dr.Web
DDoS.Siggen.539, Adware.OpenCandy.51, Trojan.InstallCore.38, Trojan.MulDrop5.38502, Detection.Undefined
17.14%

Baidu Antivirus
HackTool.Win32.GushUnleashed, Unnamed.Threat, Adware.Win32.OpenCandy, Adware.Win32.InstallCore
17.14%

The following domains resolved to the IP address 75.126.20.73.

File URLs download from 75.126.20.73.

1 / 68      (PUP)

0 / 68

1 / 68      (inconclusive)

0 / 68

0 / 68
http://files.brothersoft.com/dvd_video/.../tvc371.exe  (31fdff0b9721bf11c567ea490cd0aae6)

1 / 68      (Adware)
http://lfiles3.brothersoft.com/games/.../Transformers_Demo_US.exe  (icreinstall_installer_for_transformers_the_game.exe)

14 / 68    (PUP)
http://files.brothersoft.com/internet/.../VDownloaderInstaller.exe  (cdcec59944a8a24cf56eded072cb6425844f45b7d799e0d95db23f960a0174aa)

1 / 68      (Adware)
http://lfiles3.brothersoft.com/games/new/sports/.../fifa05_pc_dl_demo_003.exe  (icreinstall_installer_for_fifa_soccer_2005.exe)

1 / 68      (PUP)
http://lfiles3.brothersoft.com/games/new/shooting_games/.../avp2mpdemo2.exe  (installer_for_aliens_vs_predator_2_multiplayer.exe)

1 / 68      (Adware)
http://lfiles3.brothersoft.com/games/new/sports/.../pes2010_pc_demo_setup.exe  (icreinstall_installer_for_pes_2010_pro_evolution_soccer_2010.exe)

1 / 68      (PUP)

13 / 68    (PUP)
http://files.brothersoft.com/photograph_graphics/.../XnView-win-small.exe  (0b769db8f5a68116bd7a180f9c0bffd1aaace61014e9fda16ecdf03934b926da)

10 / 68    (PUP)

0 / 68
http://lfiles3.brothersoft.com/business/.../X12-30263.exe  (5b19faf2386ac8f9730deb82a4b93780)

5 / 68      (PUP)

1 / 68      (Malware)
http://lfiles3.brothersoft.com/games/new/rpg/.../h3demo.exe  (installer_for_heroes_of_might_and_magic_iii.exe)

1 / 68      (Malware)

1 / 68      (Malware)

8 / 68      (PUP)
http://files.brothersoft.com/utilities/.../ms-dos.exe  (brothersoft_downloader_for_ms_dos.exe)

15 / 68    (PUP)
http://files.brothersoft.com/internet/.../OrbitDM.exe  (601c231b9179e8a26c32b7ea768ff9fa)

15 / 68    (PUP)

1 / 68      (PUP)

9 / 68      (PUP)
http://files.brothersoft.com/security/.../spybotsd-2.1.21-SR2.exe  (icreinstall_brothersoft_downloader_for_spybot_search_destroy.exe)

1 / 68      (inconclusive)
http://files.brothersoft.com/business/.../ctimer.exe  (ebd2a7d3ad4924f4c8da98c5e5d68f3b)

1 / 68

 
Latest 30 of 516 download URLs

The following 10 files have been seen to comunicate with this IP address in live environments.

The geographical location of this IP address.

Country:
United States (US)

Region:
Texas

City:
Dallas

Coordinates:
32.9395, -96.8387

The ARIN network assigned organization for IP address 75.126.20.73.

Org name:
SoftLayer Technologies Inc.

Org identifier:
SOFTL

Org country:
United States (US)

Org region:
Texas

Org city:
Dallas

Org address:
4849 Alpha Rd.

ARIN WHOIS:
NetRange: 75.126.0.0 - 75.126.255.255
CIDR: 75.126.0.0/16
OriginAS: AS36351
NetName: SOFTLAYER-4-3
NetHandle: NET-75-126-0-0-1
Parent: NET-75-0-0-0-0
NetType: Direct Allocation
RegDate: 2006-05-12
Updated: 2013-07-12
Ref: http://whois.arin.net/rest/net/NET-75-126-0-0-1

OrgName: SoftLayer Technologies Inc.
OrgId: SOFTL
Address: 4849 Alpha Rd.
City: Dallas
StateProv: TX
PostalCode: 75244
Country: US
RegDate: 2005-10-26
Updated: 2013-02-20
Ref: http://whois.arin.net/rest/org/SOFTL

ReferralServer: rwhois://rwhois.softlayer.com:4321

OrgTechHandle: IPADM258-ARIN
OrgTechName: IP Admin
OrgTechPhone: +1-214-442-0600
OrgTechEmail: ipadmin@softlayer.com
OrgTechRef: http://whois.arin.net/rest/poc/IPADM258-ARIN

OrgAbuseHandle: ABUSE1025-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-214-442-0601
OrgAbuseEmail: abuse@softlayer.com
OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE1025-ARIN

RNOCHandle: IPADM258-ARIN
RNOCName: IP Admin
RNOCPhone: +1-214-442-0600
RNOCEmail: ipadmin@softlayer.com
RNOCRef: http://whois.arin.net/rest/poc/IPADM258-ARIN

RTechHandle: IPADM258-ARIN
RTechName: IP Admin
RTechPhone: +1-214-442-0600
RTechEmail: ipadmin@softlayer.com
RTechRef: http://whois.arin.net/rest/poc/IPADM258-ARIN

RAbuseHandle: ABUSE1025-ARIN
RAbuseName: Abuse
RAbusePhone: +1-214-442-0601
RAbuseEmail: abuse@softlayer.com
RAbuseRef: http://whois.arin.net/rest/poc/ABUSE1025-ARIN


Autonomous System Assignment
ASNumber:
36351

ASName:
SOFTLAYER - SoftLayer Technologies Inc.

ASHandle:
AS36351

Remove Malware from 75.126.20.73 - Powered by Reason Core Security