home

api.downloadmr.com

FIRSERIA, S.L.  (via a Proxy Registrant)

Domain Information

The domain api.downloadmr.com is registered by proxy through GODADDY.COM, LLC and was originally registered in December of 2010. This domain has been seen distributing various forms of adware (some being very aggressive) directly or via bundled installations. The hosted servers are located in Amsterdam, Noord-Holland within Netherlands which resides on the RIPE Network Coordination Centre network. The domain is associated with the publisher FIRSERIA, S.L. who is located in Badalona, Barcelona in Spain.
Registrar:
GODADDY.COM, LLC

Server location:
Noord-Holland, Netherlands (NL)

Create date:
Monday, December 20, 2010

Expires date:
Tuesday, December 20, 2016

Updated date:
Monday, October 20, 2014

ASN:
AS16265 FIBERRING LeaseWeb B.V.

Root domain:
downloadmr.com

Whois:
2 downloadmr.com records

Scanner detections:
Adware distribution

Scan engine
Details
Detections

Bkav FE
W32.Clod966.Trojan
50.00%

Reason Heuristics
PUP.InstallX.Bundle
50.00%

ESET NOD32
Win32/Toolbar.Conduit
50.00%

Panda Antivirus
PUP/Conduit.A
50.00%

The domain api.downloadmr.com has been seen to resolve to the following 11 IP addresses.

52.201.162.61
ec2-52-201-162-61.compute-1.amazonaws.com
May 15, 2016

52.201.40.16
ec2-52-201-40-16.compute-1.amazonaws.com
May 15, 2016

52.200.45.104
ec2-52-200-45-104.compute-1.amazonaws.com
April 5, 2016

52.21.5.35
ec2-52-21-5-35.compute-1.amazonaws.com
April 5, 2016

52.0.64.164
ec2-52-0-64-164.compute-1.amazonaws.com
March 4, 2016

52.22.236.126
ec2-52-22-236-126.compute-1.amazonaws.com
March 4, 2016

52.4.214.140
ec2-52-4-214-140.compute-1.amazonaws.com
February 29, 2016

52.22.177.73
ec2-52-22-177-73.compute-1.amazonaws.com
February 29, 2016

52.7.125.65
ec2-52-7-125-65.compute-1.amazonaws.com
February 1, 2016

52.4.53.6
ec2-52-4-53-6.compute-1.amazonaws.com
February 1, 2016

95.211.39.161
halw1.1e111.net
March 14, 2014

File downloads found at URLs served by api.downloadmr.com.

0 / 68
http://api.downloadmr.com/installer/50d1d9d5-cf90-407c-820a-35e05bc06f2f/.../open?i=t&n=f&v=3.0.17.6  (wlsetup-web.exe)

0 / 68
http://api.downloadmr.com/installer/50d1d9d5-cf90-407c-820a-35e05bc06f2f/.../open?i=f&n=f  (wlsetup.exe)

2 / 68
http://api.downloadmr.com/installer/5193805b-c284-4f85-b972-26465bc06f2f/.../open?i=f&n=f&v=3.0.17.6  (winzip165es-32.exe)

2 / 68      (PUP)
http://api.downloadmr.com/installer/50d1d9d5-cf90-407c-820a-35e05bc06f2f/.../open?i=t&n=f&v=3.0.17.6  (7z920.exe)

0 / 68
http://api.downloadmr.com/installer/50d1d9d5-cf90-407c-820a-35e05bc06f2f/.../open  (google-chrome-26.0.1410.43-en.exe)

0 / 68
http://api.downloadmr.com/installer/50d1d9d5-cf90-407c-820a-35e05bc06f2f/.../open  (avast_free_antivirus_setup.exe)

0 / 68
http://api.downloadmr.com/installer/50d1d9d5-cf90-407c-820a-35e05bc06f2f/.../open?i=f&n=f&v=3.0.13.0  (dotNetFx45_Full_setup.exe)

0 / 68
http://api.downloadmr.com/installer/512e4fc0-18d4-4361-bb1e-3ca05bc06f2f/.../open  (SFXCAB.EXE)

The following file have been seen to comunicate with api.downloadmr.com in live environments.

TCP » 95.211.39.161:80
WajamInternetEnhancer.exe (Wajam Internet Enhancer by Wajam Internet Technologies)

URL:
http://api.downloadmr.com/

Web server:
nginx

winportal.com

descargargratis.com

socdn.com

pc-file.info

download366.com

download-best-games.com

win-install.com

downloadaixeechahgho.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.