dl.wasdmr.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain dl.wasdmr.com is registered by proxy through GODADDY.COM, LLC and was originally registered in July of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in New York City, New York within the United States which resides on the nLayer Communications Internal/Backbone network.
Registrar:
GODADDY.COM, LLC

Server location:
New York, United States (US)

Create date:
Friday, July 05, 2013

Expires date:
Sunday, July 05, 2015

Updated date:
Sunday, July 06, 2014

ASN:
AS4436 AS-GTT-4436 - nLayer Communications, Inc.,US

Root domain:

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.FIRSERIASL.J, PUP.Installer.FIRSERIASL.H, PUP.FIRSERIASL.K, PUP.Installer.BechiroSL.E, PUP.Installer.BechiroSL.R, PUP.Installer.PopelerSystemsl.O, PUP.Installer.EilioDevelopmentssl.Q, PUP.Installer.BechiroSL.M, PUP.Solimba.Bechiro.Bundler (M), PUP.Solimba.PortalProgramas (M), PUP.Solimba.FIRSERIA.Bundler (M), PUP.Solimba.PopelerS.Installer (M), PUP.Solimba.PortalPr (M), PUP.Solimba (M)
100.00%

Malwarebytes
PUP.Optional.Solimba.mr, PUP.Optional.Firseria, .PUP.Optional.Solimba
33.33%

VIPRE Antivirus
DownloadMR, Trojan.Win32.Generic, Threat.4782980, Threat.4150696
33.33%

Avira AntiVirus
TR/Dropper.Gen, APPL/Firseria.Gen, APPL/Solimba.Gen, APPL/Firseria.Gen8, PUA/Solimba.Gen
33.33%

Sophos
Solimba Installer, PUA 'Solimba Installer'
22.92%

Dr.Web
Adware.Downware.1424, Adware.Downware.1433, Adware.Downware.1302, Trojan.DownLoader11.24441
22.92%

AVG
Adware AdInstaller.Firseria, Skodna.Generic, Adware Skodna.Generic.AMG
22.92%

avast!
MSIL:Crypt-KA [PUP], Win32:Solimba-M [PUP], Solimba-Z [PUP], Morstar-U [PUP]
20.83%

ESET NOD32
MSIL/Solimba.AB, Win32/FirseriaInstaller (variant)
20.83%

Kaspersky
not-a-virus:Downloader.Win32.Firser, not-a-virus:Downloader.Win32.Morstar, not-a-virus:Downloader.Win32.Solimba
20.83%

Agnitum Outpost
PUA.Solimba, PUA.Downloader
20.83%

Antiy Labs AVL
Trojan/Win32.TSGeneric, WebToolbar/Win32.Morstar, Trojan[Downloader:not-a-virus]/Win32.Morstar.as, Trojan[Downloader:not-a-virus]/Win32.Solimba.b
20.83%

Vba32 AntiVirus
Signed-Downware.Morstar.FIRSERIA, TScope.Trojan.MSIL, Signed-Downware.Morstar.BechiroSL
20.83%

NANO AntiVirus
Riskware.Win32.Downware.cyaacs, Trojan.Win32.Morstar.delxop, Trojan.Win32.Morstar.dfjxtk, Trojan.Win32.DownLoad3.daevxj
18.75%

G Data
Gen:Application.Bundler.Firseria, Gen:Variant.Application.Bundler.Kazy.132995, MSIL.Application.Solimba, Win32.Application.Solimba
18.75%

The domain dl.wasdmr.com has been seen to resolve to the following 23 IP addresses.

ec2-54-72-9-51.eu-west-1.compute.amazonaws.com
August 20, 2016

August 9, 2016

a23-62-7-41.deploy.static.akamaitechnologies.com
November 29, 2014

a23-62-7-57.deploy.static.akamaitechnologies.com
November 29, 2014

a23-0-160-32.deploy.static.akamaitechnologies.com
September 21, 2014

a23-0-160-82.deploy.static.akamaitechnologies.com
September 21, 2014

a23-0-160-49.deploy.static.akamaitechnologies.com
September 21, 2014

ip-69-31-29-231.nlayer.net
September 18, 2014

ip-69-31-29-191.nlayer.net
September 18, 2014

a23-62-6-90.deploy.static.akamaitechnologies.com
September 18, 2014

a23-62-6-51.deploy.static.akamaitechnologies.com
September 18, 2014

a23-67-242-56.deploy.static.akamaitechnologies.com
April 29, 2014

a23-67-242-58.deploy.static.akamaitechnologies.com
April 29, 2014

a23-67-242-96.deploy.static.akamaitechnologies.com
December 27, 2013

a23-67-242-114.deploy.static.akamaitechnologies.com
December 27, 2013

a23-67-244-163.deploy.static.akamaitechnologies.com
November 16, 2013

a23-67-244-131.deploy.static.akamaitechnologies.com
November 16, 2013

November 16, 2013

November 16, 2013

a23-67-243-18.deploy.static.akamaitechnologies.com
November 16, 2013

a23-67-243-91.deploy.static.akamaitechnologies.com
November 16, 2013

a23-67-242-27.deploy.static.akamaitechnologies.com
November 16, 2013

a23-67-242-66.deploy.static.akamaitechnologies.com
November 16, 2013

File downloads found at URLs served by dl.wasdmr.com.

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.21/.../Plants VS Zombies.exe  (c9c1a8ac666a534970b606b73c68be1e)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.17.4/.../PhotoScape.exe  (688a0f13b9bc1a0f4fe4f548af436cd4)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.17.6/.../MSN Messenger.exe  (ad623d80d3b1d2f734015798571bc72f)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.17.6/.../CutePDF Writer.exe  (7fa80cd821c57f4de92f65af99b0b7c6)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.21/.../Ares Mod.exe  (1b3e6b96193a70b8ee2006703f378b0c)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.15.3/.../iTunes.exe  (553fb3cf7ad71ec1e9d11085ced69b87)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.21/.../Photoshop.exe  (14719bdbfc25099f50dc49127e256414)

1 / 68      (Adware)
http://dl.wasdmr.com/n/.../Retrica for PC.exe  (ba7b2c3a1f8a979901e599b4e0798cda)

1 / 68      (Adware)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.21/.../Horas trabajo.exe  (04aeddb24b243e95e3fdda22599cf7b6)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.21/.../Angry Birds Space.exe  (cc9f22c24646b39dfed5e701d86a184c)

1 / 68      (Adware)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.17.4/.../Winrar.exe  (88fc3d297fc33fe2080c8d0ac6c8c53e)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.21/.../Ares MP3.exe  (a3dd33773a8a25e1f8eee0b5df88ae82)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.21/.../3D Analyze.exe  (328152d2944c5a344ca737736a4fe25f)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.21/.../Nero.exe  (2978c74837207912dde267ffae40f6b8)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.17.6/.../iTunes.exe  (95e2c4a619ad1e0b4c68330c36bc8446)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.21/.../WinQSB.exe  (651003b8828bfb1db4b74041e1ef0189)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.15.2/.../Google Chrome.exe  (da6c30e60cdc5c344f4f19f7d6b71622)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.17.9/.../PowerDVD.exe  (0fec8fcf4e4c23baa651d8b460cb0d6b)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.21/.../Governor of Poker 2.exe  (55fed83bb8c1751ff092ba3b714fe82a)

1 / 68      (Adware)
http://dl.wasdmr.com/n/.../iMessage.exe  (eda8b108e1fb38a58bd7870f01cf4d58)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.21/.../Setup.exe  (93996f3263379e72e80c4c62f4d254d4)

1 / 68      (Adware)

25 / 68    (Adware)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.18.1/.../DAEMON Tools.exe  (62f77c1d5e47600b04efa14216b562cc)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.21/.../Nuestro cuerpo.exe  (3c88a9c038e8b92e5aec7f02d4b4f1d1)

 
Latest 30 of 157 download URLs

The following 564 files have been seen to comunicate with dl.wasdmr.com in live environments.

TCP » 54.72.9.51:80

 
Latest 20 of 568 files

URL:
http://dl.wasdmr.com/

Web server:
nginx (PHP/5.5.18)