home

lp1.bongacams24.com

1&1 Internet Inc

Domain Information

The domain lp1.bongacams24.com registered by 1&1 Internet Inc was initially registered in July of 2014 through 1&1 INTERNET SE. Currently this domain has been known to host various forms of malware. The hosted servers are located in Hollywood, Florida within the United States which resides on the Prolexic Technologies, Inc. network.
Registrar:
1&1 INTERNET SE

Server location:
Florida, United States (US)

Create date:
Monday, July 14, 2014

Expires date:
Thursday, July 14, 2016

Updated date:
Thursday, March 17, 2016

ASN:
AS32787 PROLEXIC-TECHNOLOGIES-DDOS-MITIGATION-NETWORK - Prolexic Technologies, Inc.

Root domain:
bongacams24.com

Whois:
2 bongacams24.com records

Scanner detections:
Malware distribution  (94% detected)

Scan engine
Details
Detections

Reason Heuristics
Trojan.Downloader (M)
97.78%

AegisLab AV Signature
DangerousObject.Multi.Gen
33.33%

Dr.Web
Trojan.Coinbit.43, Trojan.Siggen6.55013
26.67%

Malwarebytes
Riskware.BitcoinMiner, Trojan.Dropper.Script
26.67%

Zillya! Antivirus
Tool.BitCoinMiner.Win64.3, Adware.OutBrowse.Win32.80053
11.11%

AVG
BitCoinMiner.D, Generic36
11.11%

IKARUS anti.virus
not-a-virus:RiskTool.BitCoinMiner, Backdoor.Win32.Wencho
4.44%

McAfee
RDN/Generic PUP.x!cmq
2.22%

K7 AntiVirus
Trojan
2.22%

ESET NOD32
Win64/BitCoinMiner.U potentially unsafe (variant)
2.22%

avast!
Win64:Rootkit-gen [Rtk]
2.22%

Clam AntiVirus
Win.Trojan.Bitcoinminer-81
2.22%

Kaspersky
not-a-virus:RiskTool.Win64.BitCoinMiner
2.22%

Sophos
Internet Download Manager - Miner (PUA)
2.22%

G Data
Win64.Riskware.BitCoinMiner
2.22%

The domain lp1.bongacams24.com has been seen to resolve to the following 2 IP addresses.

72.52.4.90
unknown.prolexic.com
July 24, 2016

192.185.16.209
February 27, 2016

File downloads found at URLs served by lp1.bongacams24.com.

0 / 68
http://lp1.bongacams24.com/taskmgr.exe  (0cd57ae2c9c2f8f4a2a4aa0270ab718c)

0 / 68
http://lp1.bongacams24.com/csrss.exe  (3e7e505886720a3ce8152cb66a1195e6)

The following 244 files have been seen to comunicate with lp1.bongacams24.com in live environments.

TCP » 72.52.4.90:80
tbhcn.exe (tcbhn by Blabbers Communications)

TCP » 72.52.4.90:80
tbhcn.exe (tcbhn by Blabbers Communications)

TCP » 72.52.4.90:80
globalupdate.exe (globalUpdate Update by globalUpdate)

TCP » 72.52.4.90:80
kometa.exe (Kometa by @COMPANY_FULLNAME@)

TCP » 72.52.4.90:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 72.52.4.90:80
dailybee.exe

TCP » 72.52.4.90:80
pricehorse.exe (by Pay By Ads)

TCP » 72.52.4.90:80
1799877.exe

TCP » 72.52.4.90:80
tbhcn.exe (tcbhn by Blabbers Communications)

TCP » 72.52.4.90:80
bfa0d68f.exe (Client Server Runtime Process by Microsoft)

TCP » 72.52.4.90:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 72.52.4.90:80
tasksgr.exe (Process Service Windows by Windows Development)

TCP » 72.52.4.90:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 72.52.4.90:80
CureTraffic.exe (CureTraffic by Vitbian telecom S.L)

TCP » 72.52.4.90:80
online-guardian-v2.0.9.exe

TCP » 72.52.4.90:80
playnowradio.exe (Play now radio by Pay By Ads)

TCP » 72.52.4.90:80
TornTVApp.exe (TornTVApp by TornTV.com)

TCP » 72.52.4.90:80
sys.exe

TCP » 72.52.4.90:80
bestu.exe

TCP » 72.52.4.90:80
fsd814a.exe (Installer)

 
Latest 20 of 250 files

URL:
http://lp1.bongacams24.com/

Title:
“Loading. Please wait...”

Web server:
nginx/1.8.1

callfor.info

goodbe.co

gooqler.com

4shared.net

clipartbest.co

downloadinator.com

eazypaperdownloads.com

eocfiles.com

fileextensionxls.net

filemirchi.info

generaldownload.com

generallydownload.com

itlbg.net

jambolinks.com

knights-of-honor-monument.com

shrinery.net

subpelis.info

tunesynchomestream.com

update-com.info

world-downloads.info

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.