home

dfd.windowmediaconverter.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain dfd.windowmediaconverter.com is registered by proxy through GODADDY.COM, LLC and was originally registered in January of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Cambridge, Massachusetts within the United States which resides on the Akamai Technologies, Inc. network.
Registrar:
GODADDY.COM, LLC

Server location:
Massachusetts, United States (US)

Create date:
Sunday, January 6, 2013

Expires date:
Friday, January 6, 2017

Updated date:
Monday, January 18, 2016

ASN:
AS20940 AKAMAI-ASN1 Akamai International B.V.

Root domain:
windowmediaconverter.com

Whois:
3 windowmediaconverter.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.Bundlore.F, PUP.Installer.LionSeaSoftwarecoltd.F, PUP.Bundlore.Bundler (M)
100.00%

Dr.Web
Adware.Downware.925, Adware.Downware.830
83.33%

VIPRE Antivirus
Bundlore
83.33%

Malwarebytes
PUP.Optional.Bundlore, PUP.Optional.Bundlore.A
83.33%

Fortinet FortiGate
Adware/WebCake, W32/Adload.NMV!tr.dldr
83.33%

Trend Micro House Call
TROJ_GEN.F47V0507, TROJ_GEN.F47V0406
83.33%

Norman
Agent.ASCUC, Bundlore.CERT
50.00%

ESET NOD32
Win32/Toolbar.Conduit, Win32/TrojanDownloader.Adload.NMV
50.00%

ESET NOD32
Win32/Toolbar.Conduit potentially unwanted application
33.33%

AVG
Adware AdInstaller.Bundlor
33.33%

Sophos
Bundlore
33.33%

avast!
Win32:Bundlore-A [PUP]
16.67%

Bkav FE
W32.Clod357.Trojan
16.67%

McAfee
Artemis!D0AA0A857FBF
16.67%

The domain dfd.windowmediaconverter.com has been seen to resolve to the following 10 IP addresses.

23.62.6.184
a23-62-6-184.deploy.static.akamaitechnologies.com
February 10, 2016

23.62.6.168
a23-62-6-168.deploy.static.akamaitechnologies.com
February 10, 2016

23.3.13.241
a23-3-13-241.deploy.static.akamaitechnologies.com
August 11, 2015

23.3.13.242
a23-3-13-242.deploy.static.akamaitechnologies.com
September 4, 2014

23.3.13.227
a23-3-13-227.deploy.static.akamaitechnologies.com
September 4, 2014

23.67.250.136
a23-67-250-136.deploy.static.akamaitechnologies.com
April 11, 2014

23.67.250.145
a23-67-250-145.deploy.static.akamaitechnologies.com
April 11, 2014

23.67.242.34
a23-67-242-34.deploy.static.akamaitechnologies.com
March 15, 2014

23.67.242.67
a23-67-242-67.deploy.static.akamaitechnologies.com
February 7, 2014

23.67.242.40
a23-67-242-40.deploy.static.akamaitechnologies.com
February 7, 2014

File downloads found at URLs served by dfd.windowmediaconverter.com.

10 / 68    (Adware)
http://dfd.windowmediaconverter.com/download/bin/.../setup.exe  (1bea5671427e8839e7d63ffb7556e47b)

7 / 68      (Adware)
http://dfd.windowmediaconverter.com/download/bin/.../setup.exe  (94df4d0ce499064d436e87bca97cbbfc)

10 / 68    (Adware)
http://dfd.windowmediaconverter.com/download/bin/.../setup.exe  (305f5891c36ee93eda6b0b27e4183054)

7 / 68      (Adware)
http://dfd.windowmediaconverter.com/download/b66/.../setup.exe  (e62e989617b7df6cc43c0e479d67941c)

7 / 68      (Adware)
http://dfd.windowmediaconverter.com/download/bin/.../setup.exe  (e62e989617b7df6cc43c0e479d67941c)

1 / 68      (PUP)
http://dfd.windowmediaconverter.com/download/bin/.../setup.exe  (f3e9dfad3bd81a2a971fb1907b7f1054)

11 / 68    (Adware)
http://dfd.windowmediaconverter.com/download/bin/.../setup.exe  (d5756959f253e331a3a63930a65f0ab4)

The following 36 files have been seen to comunicate with dfd.windowmediaconverter.com in live environments.

TCP » 23.3.13.227:80
browser.exe (Browser)

TCP » 23.3.13.227:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 23.3.13.242:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 23.3.13.241:80
browser.exe (Browser)

TCP » 23.3.13.241:80
clearscreenplayerbrowser.exe

TCP » 23.62.6.168:80
plugin.exe

TCP » 23.62.6.168:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 23.3.13.242:80
gamelogin.exe (gamelogin by 337 Technology Limited)

TCP » 23.62.6.168:80
PSANHost.exe (Cloud Antivirus Platform by Panda Security, S.L)

TCP » 23.62.6.168:80
plugin.exe

TCP » 23.67.242.34:80
abadlpnchipkpeikchblnfiicfdoabei.crx

TCP » 23.67.242.34:80
abadlpnchipkpeikchblnfiicfdoabei.crx

TCP » 23.67.242.34:80
mlgcookighdffbceabehaijcollmjloe.crx

TCP » 23.67.242.34:80
eehdkbdjlfcbljimghjcdnnimkhonahp.crx

TCP » 23.67.242.34:80
nongkkjjhbjloiienhkhphhjjlnlnbfe.crx

TCP » 23.67.242.40:80
vprot.exe (VProtect Application)

TCP » 23.67.242.40:80
dkhjlahlbnpiplnkdaolloikfbaoaefm.crx

TCP » 23.67.242.40:80
nnolgbipmflnffgjkplookkecjifejmb.crx

TCP » 23.67.242.67:80
hoghgdndakjkjpjoedpeaflllogoleal.crx

TCP » 23.67.242.67:80
lbfaiggndgpopcfjpjfgabkijhnodoip.crx

 
Latest 20 of 41 files

URL:
http://dfd.windowmediaconverter.com/

Web server:
Apache/2.2.3 (CentOS) (PHP/5.3.26)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.