home

fileshare7520.depositfiles.org

SONGUL CORPORATION

Domain Information

Currently this domain has been known to host various forms of malware. The hosted servers are located in Steinsel, Luxembourg within Luxembourg which resides on the RIPE Network Coordination Centre network.
Registrar:
EuroDNS S.A.

Server location:
Luxembourg, Luxembourg (LU)

ASN:
AS5577 ROOT root SA,LU

Root domain:
depositfiles.org

Whois:
1 depositfiles.org record

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

MicroWorld eScan
Gen:Heur.Crifi.2
100.00%

K7 AntiVirus
Trojan
100.00%

Agnitum Outpost
HackTool.Crack
100.00%

Trend Micro House Call
TROJ_GEN.RCBH1K2
100.00%

Kaspersky
Trojan.Win32.Chifrax
100.00%

Bitdefender
Gen:Heur.Crifi.2
100.00%

NANO AntiVirus
Trojan.Win32.Crack.wovtt
100.00%

Sophos
Mal/Chifrax-A
100.00%

F-Secure
Gen:Heur.Crifi.2
100.00%

Trend Micro
TROJ_SPNR.0CCR12
100.00%

G Data
Gen:Heur.Crifi
100.00%

ESET NOD32
Win32/HackTool.Crack (variant)
100.00%

Rising Antivirus
Dropper.Win32.Droper.cdd
100.00%

Fortinet FortiGate
W32/Chifrax.A!tr
100.00%

The domain fileshare7520.depositfiles.org has been seen to resolve to the following 12 IP addresses.

94.242.227.203
ip-static-94-242-227-203.as5577.net
April 19, 2016

94.242.227.195
ip-static-94-242-227-195.as5577.net
April 19, 2016

94.242.227.191
ip-static-94-242-227-191.as5577.net
April 19, 2016

94.242.227.187
ip-static-94-242-227-187.as5577.net
April 19, 2016

94.242.227.167
ip-static-94-242-227-167.as5577.net
April 19, 2016

94.242.227.163
ip-static-94-242-227-163.as5577.net
April 19, 2016

94.242.227.147
ip-static-94-242-227-147.as5577.net
April 19, 2016

94.242.227.135
ip-static-94-242-227-135.as5577.net
April 19, 2016

94.242.236.65
ip-static-94-242-236-65.as5577.net
April 19, 2016

94.242.236.57
ip-static-94-242-236-57.as5577.net
April 19, 2016

94.242.236.45
ip-static-94-242-236-45.as5577.net
April 19, 2016

94.242.227.207
ip-static-94-242-227-207.as5577.net
April 19, 2016

File downloads found at URLs served by fileshare7520.depositfiles.org.

14 / 68    (Malware)
http://fileshare7520.depositfiles.org/auth-1370927109cf4ddb73951a54e88c2ba9-186.122.44.119-505412539-112516880-guest/.../Setup.exe  (limbo.exe)

The following 5 files have been seen to comunicate with fileshare7520.depositfiles.org in live environments.

TCP » 94.242.227.135:80
online-guardian-v2.0.9.exe

TCP » 94.242.227.203:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 94.242.236.65:80
online-guardian-v2.0.9.exe

TCP » 94.242.236.57:80
online-guardian-v2.0.9.exe

TCP » 94.242.227.147:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 94.242.227.191:80
online-guardian-v2.0.9.exe

TCP » 94.242.236.45:80
online-guardian-v2.0.9.exe

TCP » 94.242.227.167:80
online-guardian-v2.0.9.exe

TCP » 94.242.227.203:80
onlineguardian-v2.exe

TCP » 94.242.227.163:80
online-guardian-v2.0.9.exe

TCP » 94.242.227.187:80
onlineguardian-v2.exe

TCP » 94.242.227.187:80
online-guardian-v2.0.9.exe

TCP » 94.242.227.195:80
online-guardian-v2.0.9.exe

TCP » 94.242.227.203:80
online-guardian-v2.0.9.exe

TCP » 94.242.227.207:80
online-guardian-v2.0.9.exe

TCP » 94.242.227.135:80
onlineguardian-v2.exe

TCP » 94.242.236.57:80
online-guardian-v2.exe

TCP » 94.242.227.167:443
online-guardian-v2.0.9.exe

TCP » 94.242.227.203:80
online-guardian-v2.exe

TCP » 94.242.227.203:443
online-guardian-v2.0.9.exe

 
Latest 20 of 27 files

URL:
http://fileshare7520.depositfiles.org/

Title:
“DepositFiles”

Description:
“DepositFiles provides you with a legitimate technical solution, which enables you to upload, store, access and download text, software, scripts, images, sounds, videos, animations and any other materials in form of one or several electronic fil...”

Web server:
nginx

depositfiles.com

dfiles.eu

dfiles.ru

gavitex.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.