home

dl.wasdmr.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain dl.wasdmr.com is registered by proxy through GODADDY.COM, LLC and was originally registered in July of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in New York City, New York within the United States which resides on the nLayer Communications Internal/Backbone network.
Registrar:
GODADDY.COM, LLC

Server location:
New York, United States (US)

Create date:
Friday, July 5, 2013

Expires date:
Sunday, July 5, 2015

Updated date:
Sunday, July 6, 2014

ASN:
AS4436 AS-GTT-4436 - nLayer Communications, Inc.,US

Root domain:
wasdmr.com

Whois:
2 wasdmr.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.FIRSERIASL.J, PUP.Installer.FIRSERIASL.H, PUP.FIRSERIASL.K, PUP.Installer.BechiroSL.E, PUP.Installer.BechiroSL.R, PUP.Installer.PopelerSystemsl.O, PUP.Installer.EilioDevelopmentssl.Q, PUP.Installer.BechiroSL.M, PUP.Solimba.Bechiro.Bundler (M), PUP.Solimba.PortalProgramas (M), PUP.Solimba.FIRSERIA.Bundler (M), PUP.Solimba.PopelerS.Installer (M), PUP.Solimba.PortalPr (M), PUP.Solimba (M)
100.00%

Malwarebytes
PUP.Optional.Solimba.mr, PUP.Optional.Firseria, .PUP.Optional.Solimba
33.33%

VIPRE Antivirus
DownloadMR, Trojan.Win32.Generic, Threat.4782980, Threat.4150696
33.33%

Avira AntiVirus
TR/Dropper.Gen, APPL/Firseria.Gen, APPL/Solimba.Gen, APPL/Firseria.Gen8, PUA/Solimba.Gen
33.33%

Sophos
Solimba Installer, PUA 'Solimba Installer'
22.92%

Dr.Web
Adware.Downware.1424, Adware.Downware.1433, Adware.Downware.1302, Trojan.DownLoader11.24441
22.92%

AVG
Adware AdInstaller.Firseria, Skodna.Generic, Adware Skodna.Generic.AMG
22.92%

avast!
MSIL:Crypt-KA [PUP], Win32:Solimba-M [PUP], Solimba-Z [PUP], Morstar-U [PUP]
20.83%

ESET NOD32
MSIL/Solimba.AB, Win32/FirseriaInstaller (variant)
20.83%

Kaspersky
not-a-virus:Downloader.Win32.Firser, not-a-virus:Downloader.Win32.Morstar, not-a-virus:Downloader.Win32.Solimba
20.83%

Agnitum Outpost
PUA.Solimba, PUA.Downloader
20.83%

Vba32 AntiVirus
Signed-Downware.Morstar.FIRSERIA, TScope.Trojan.MSIL, Signed-Downware.Morstar.BechiroSL
20.83%

NANO AntiVirus
Riskware.Win32.Downware.cyaacs, Trojan.Win32.Morstar.delxop, Trojan.Win32.Morstar.dfjxtk, Trojan.Win32.DownLoad3.daevxj
18.75%

G Data
Gen:Application.Bundler.Firseria, Gen:Variant.Application.Bundler.Kazy.132995, MSIL.Application.Solimba, Win32.Application.Solimba
18.75%

K7 AntiVirus
Trojan , Unwanted-Program
18.75%

The domain dl.wasdmr.com has been seen to resolve to the following 23 IP addresses.

54.72.9.51
ec2-54-72-9-51.eu-west-1.compute.amazonaws.com
August 20, 2016

185.53.179.12
August 9, 2016

23.62.7.41
a23-62-7-41.deploy.static.akamaitechnologies.com
November 29, 2014

23.62.7.57
a23-62-7-57.deploy.static.akamaitechnologies.com
November 29, 2014

23.0.160.32
a23-0-160-32.deploy.static.akamaitechnologies.com
September 21, 2014

23.0.160.82
a23-0-160-82.deploy.static.akamaitechnologies.com
September 21, 2014

23.0.160.49
a23-0-160-49.deploy.static.akamaitechnologies.com
September 21, 2014

69.31.29.231
ip-69-31-29-231.nlayer.net
September 18, 2014

69.31.29.191
ip-69-31-29-191.nlayer.net
September 18, 2014

23.62.6.90
a23-62-6-90.deploy.static.akamaitechnologies.com
September 18, 2014

23.62.6.51
a23-62-6-51.deploy.static.akamaitechnologies.com
September 18, 2014

23.67.242.56
a23-67-242-56.deploy.static.akamaitechnologies.com
April 29, 2014

23.67.242.58
a23-67-242-58.deploy.static.akamaitechnologies.com
April 29, 2014

23.67.242.96
a23-67-242-96.deploy.static.akamaitechnologies.com
December 27, 2013

23.67.242.114
a23-67-242-114.deploy.static.akamaitechnologies.com
December 27, 2013

23.67.244.163
a23-67-244-163.deploy.static.akamaitechnologies.com
November 16, 2013

23.67.244.131
a23-67-244-131.deploy.static.akamaitechnologies.com
November 16, 2013

63.88.100.168
November 16, 2013

63.88.100.144
November 16, 2013

23.67.243.18
a23-67-243-18.deploy.static.akamaitechnologies.com
November 16, 2013

23.67.243.91
a23-67-243-91.deploy.static.akamaitechnologies.com
November 16, 2013

23.67.242.27
a23-67-242-27.deploy.static.akamaitechnologies.com
November 16, 2013

23.67.242.66
a23-67-242-66.deploy.static.akamaitechnologies.com
November 16, 2013

File downloads found at URLs served by dl.wasdmr.com.

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.21/.../Plants VS Zombies.exe  (c9c1a8ac666a534970b606b73c68be1e)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.17.4/.../PhotoScape.exe  (688a0f13b9bc1a0f4fe4f548af436cd4)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.21/.../akvis coloriage for mac.exe  (6b165b6e5c1d89b296898c0a3886962f)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.15.2/.../Windows Live Messenger.exe  (7202458d930b9a06598d5dd3b70e26dd)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.21/.../Plantas contra Zombis.exe  (714a201e549235deb7f8f950f9f5597b)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.17.6/.../MSN Messenger.exe  (ad623d80d3b1d2f734015798571bc72f)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.17.6/.../CutePDF Writer.exe  (7fa80cd821c57f4de92f65af99b0b7c6)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.21/.../Ares Mod.exe  (1b3e6b96193a70b8ee2006703f378b0c)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.15.3/.../iTunes.exe  (553fb3cf7ad71ec1e9d11085ced69b87)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.21/.../Photoshop.exe  (14719bdbfc25099f50dc49127e256414)

1 / 68      (Adware)
http://dl.wasdmr.com/n/.../Retrica for PC.exe  (ba7b2c3a1f8a979901e599b4e0798cda)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.21/.../The Treasures of Montezuma 2.exe  (efb1e7a137b946bf334dbbd15de7d68c)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.21/.../Horas trabajo.exe  (04aeddb24b243e95e3fdda22599cf7b6)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.21/.../Angry Birds Space.exe  (cc9f22c24646b39dfed5e701d86a184c)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.21/.../Magix Fotos CD & DVD.exe  (9348c38f7ca9ee2ca391121ec43e2e6c)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.17.4/.../Winrar.exe  (88fc3d297fc33fe2080c8d0ac6c8c53e)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.21/.../Ares MP3.exe  (a3dd33773a8a25e1f8eee0b5df88ae82)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.21/.../3D Analyze.exe  (328152d2944c5a344ca737736a4fe25f)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.21/.../Nero.exe  (2978c74837207912dde267ffae40f6b8)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.17.6/.../iTunes.exe  (95e2c4a619ad1e0b4c68330c36bc8446)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.21/.../WinQSB.exe  (651003b8828bfb1db4b74041e1ef0189)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.15.2/.../Google Chrome.exe  (da6c30e60cdc5c344f4f19f7d6b71622)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.17.9/.../PowerDVD.exe  (0fec8fcf4e4c23baa651d8b460cb0d6b)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.21/.../Governor of Poker 2.exe  (55fed83bb8c1751ff092ba3b714fe82a)

1 / 68      (Adware)
http://dl.wasdmr.com/n/.../iMessage.exe  (eda8b108e1fb38a58bd7870f01cf4d58)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.21/.../Setup.exe  (93996f3263379e72e80c4c62f4d254d4)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.21/.../Adobe Flash Player 11.exe  (841399f7c0fd48f3cf9025aaec228545)

22 / 68    (Adware)
http://dl.wasdmr.com/n/3.0.15.3/.../avast! Free Antivirus.exe  (7fe6c8f61f1df579c5cb87543ce3fe23)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.18.1/.../DAEMON Tools.exe  (62f77c1d5e47600b04efa14216b562cc)

1 / 68      (Adware)
http://dl.wasdmr.com/n/3.0.21/.../Nuestro cuerpo.exe  (3c88a9c038e8b92e5aec7f02d4b4f1d1)

 
Latest 30 of 157 download URLs

The following 564 files have been seen to comunicate with dl.wasdmr.com in live environments.

TCP » 54.72.9.51:80
toolbarupdaterservice.exe

TCP » 54.72.9.51:80
hdnInstaller.exe (hdnInstaller)

TCP » 54.72.9.51:80
onedrvup.exe

TCP » 54.72.9.51:80
hdnInstaller.exe (hdnInstaller)

TCP » 54.72.9.51:80
247843.ftf (Optimizer Pro v3.2 by PC Utilities Software Limited)

TCP » 54.72.9.51:80
1799877.exe

TCP » 54.72.9.51:80
IEError.exe (IEError)

TCP » 54.72.9.51:80
install_flashplayer14x32_x64md_aaa_aih.exe (bon joueur)

TCP » 54.72.9.51:80
optimizerproinstaller.exe (Optimizer Pro v3.2 by PCUtilities Software Limited)

TCP » 54.72.9.51:80
charles.exe (by Apple)

TCP » 54.72.9.51:80
onedrv.exe

TCP » 54.72.9.51:80
IEError.exe (IEError)

TCP » 54.72.9.51:80
updater27793.exe (CouponDropDown Plugin by Innovative Apps)

TCP » 54.72.9.51:80
install_flashplayer16x33_masp_aaa_aih.exe (by Apple)

TCP » 54.72.9.51:80
toolbarupdaterservice.exe

TCP » 54.72.9.51:80
hdnInstaller.exe (hdnInstaller)

TCP » 54.72.9.51:80
g.jpg

TCP » 54.72.9.51:80
smlb.jpg

TCP » 54.72.9.51:80
smlb.jpg

TCP » 54.72.9.51:80
hqghumeaylnlf.exe (Optimizer Pro v3.2 by PC Utilities Software Limited)

 
Latest 20 of 568 files

URL:
http://dl.wasdmr.com/

Web server:
nginx (PHP/5.5.18)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.