The domain dl01.faadmr.com is registered by proxy through GODADDY.COM, LLC and was originally registered in April of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dublin, Dublin City within Ireland which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the EU (Ireland) region datacenter.
Registrant:
Domains By Proxy, LLC
Registrar:
GODADDY.COM, LLC
Server location:
Dublin City, Ireland (IE)
Create date:
Thursday, April 25, 2013
Expires date:
Saturday, April 25, 2015
Updated date:
Saturday, April 26, 2014
ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.
Scanner detections:
Detections (100% detected)
Scan engine
Details
Detections
Reason Heuristics
PUP.Installer.FIRSERIASL.J, PUP.FIRSERIASL.V, PUP.Installer.AppsInstallerSL.V, PUP.Installer.AppsInstallerSL.H, PUP.Installer.BechiroSL.V, PUP.Installer.AppsInstallerSL.AA, PUP.Solimba.AppsInstaller.Installer (M), PUP.Solimba.FIRSERIA.Bundler (M), PUP.Solimba.PopelerSystemsl.Installer (M), PUP.Solimba.PortalPr.Bundler (M), PUP.Solimba.PopelerS.Installer (M), PUP.Solimba.PortalPr (M), PUP.Solimba.AppsInst.Bundler (M), PUP.Solimba (M)
100.00%
VIPRE Antivirus
DownloadMR, Threat.4782980
17.39%
avast!
MSIL:Crypt-KA [PUP], Solimba-C [PUP], Win32:Installer-N [PUP], Win32:Solimba-C [PUP]
15.22%
Avira AntiVirus
TR/Dropper.Gen, APPL/Solimba.Gen
15.22%
ESET NOD32
MSIL/Solimba.AB
13.04%
Dr.Web
Adware.Downware.1125, Adware.Downware.1302
13.04%
Trend Micro House Call
ADW_SOLIMBA, TROJ_GEN.F47V0515, TROJ_GEN.F47V0710, TROJ_SPNV.03KC13, TROJ_GEN.F47V0628
13.04%
Sophos
Solimba Installer, DownloadMR
13.04%
Malwarebytes
PUP.Optional.Solimba.mr
10.87%
Comodo Security
Application.Win32.Solimba.GW, UnclassifiedMalware
10.87%
K7 AntiVirus
Unwanted-Program
8.70%
Agnitum Outpost
PUA.Solimba
8.70%
Trend Micro
ADW_SOLIMBA, TROJ_SPNV.03KC13
8.70%
IKARUS anti.virus
nbsp;
8.70%
Fortinet FortiGate
Adware/Solimba
8.70%
The domain dl01.faadmr.com has been seen to resolve to the following 15 IP addresses.
ec2-54-72-9-51.eu-west-1.compute.amazonaws.com
August 19, 2016
a184-51-126-57.deploy.static.akamaitechnologies.com
September 5, 2014
a184-51-126-33.deploy.static.akamaitechnologies.com
September 5, 2014
a23-0-160-48.deploy.static.akamaitechnologies.com
September 2, 2014
a23-0-160-11.deploy.static.akamaitechnologies.com
September 2, 2014
a23-67-250-128.deploy.static.akamaitechnologies.com
June 21, 2014
a23-67-250-112.deploy.static.akamaitechnologies.com
June 21, 2014
a96-16-98-18.deploy.akamaitechnologies.com
December 18, 2013
a96-16-98-8.deploy.akamaitechnologies.com
December 18, 2013
a96-16-98-112.deploy.akamaitechnologies.com
December 18, 2013
a23-67-242-35.deploy.static.akamaitechnologies.com
November 16, 2013
a23-67-242-10.deploy.static.akamaitechnologies.com
November 16, 2013
a23-67-243-96.deploy.static.akamaitechnologies.com
November 16, 2013
File downloads found at URLs served by dl01.faadmr.com.
Latest 30 of 46 download URLs
The following 394 files have been seen to comunicate with dl01.faadmr.com in live environments.
URL:
http://dl01.faadmr.com/
Network:
Amazon Web Services (AWS), running an EC2 instance
Web server:
nginx (PHP/5.5.16)