home

cdnus.wawosodadol.com

Privacy Protection Service INC d/b/a PrivacyProtect.org  (Proxy Registrant)

Domain Information

The domain cdnus.wawosodadol.com is registered by proxy through PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM and was originally registered in November of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Frankfurt Am Main, Hessen within Germany which resides on the Leaseweb USA, Inc. network.
Registrar:
PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

Server location:
Hessen, Germany (DE)

Create date:
Thursday, November 21, 2013

Expires date:
Monday, November 21, 2016

Updated date:
Sunday, October 25, 2015

ASN:
AS30633 LEASEWEB-US - Leaseweb USA, Inc.

Root domain:
wawosodadol.com

Whois:
2 wawosodadol.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Dr.Web
Trojan.Packed.24524
100.00%

Vba32 AntiVirus
Downware.InstallCore
100.00%

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
100.00%

Reason Heuristics
PUP.WorldSetup.L, PUP.WorldSetup.H, PUP.WorldSetup.T, PUP.WorldSetup.X, PUP.ironSource
100.00%

K7 AntiVirus
Unwanted-Program
80.00%

Sophos
Install Core
80.00%

Comodo Security
Application.Win32.Installcore.WS, Application.Win32.Installcore.BB
80.00%

VIPRE Antivirus
Trojan.Win32.Generic, InstallCore
80.00%

Avira AntiVirus
ADWARE/InstallCore.Gen7
80.00%

G Data
Win32.Application.InstallCore
80.00%

ESET NOD32
Win32/InstallCore.JE.gen (variant), Win32/InstallCore.IO (variant)
80.00%

AVG
MalSign.Generic, InstallCore, Ransomer
80.00%

Qihoo 360 Security
Win32/Trojan.8c6, HEUR/Malware.QVM20.Gen, Win32/Virus.Adware.94c
80.00%

McAfee
Artemis!824ED9E716BF, Artemis!BD1DD7D12693, Artemis!D98F17DA9E8C
60.00%

Trend Micro House Call
TROJ_GEN.F47V0317, TROJ_GEN.F47V0304, TROJ_GEN.F47V0323
60.00%

The domain cdnus.wawosodadol.com has been seen to resolve to the following 4 IP addresses.

199.58.87.151
hosted-by.leaseweb.com
May 1, 2014

50.115.122.45
50.115.122.45.static.westdc.net
May 1, 2014

199.58.87.155
hosted-by.leaseweb.com
May 1, 2014

74.81.69.244
May 1, 2014

File downloads found at URLs served by cdnus.wawosodadol.com.

16 / 68    (Adware)
http://cdnus.wawosodadol.com/app/Udownloadsoft/.../Firefox.exe  (icreinstall_firefox.exe)

16 / 68    (Adware)
http://cdnus.wawosodadol.com/app/Udownloadsoft/.../AdobeReader.exe  (824ed9e716bf0c95ac2d91423f0de6d6)

16 / 68    (Adware)
http://cdnus.wawosodadol.com/app/Udownloadsoft/.../InternetDownloadManager.exe  (d98f17da9e8c568de56326e489ac589d)

13 / 68    (Adware)
http://cdnus.wawosodadol.com/app/Udownloadsoft/.../InternetDownloadManager.exe  (89ad1f0cc69d6f62c650a4a504c03d9b)

8 / 68      (Adware)
http://cdnus.wawosodadol.com/app/Udownloadsoft/.../Firefox.exe  (36d852912e76cae15dd684bef8f9f6c7)

The following 449 files have been seen to comunicate with cdnus.wawosodadol.com in live environments.

TCP » 50.115.122.45:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 199.58.87.151:80
emuletorrent.exe

TCP » 199.58.87.151:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 50.115.122.45:80
emuletorrent.exe

TCP » 199.58.87.155:80
emuletorrent.exe

TCP » 199.58.87.155:80
ffsetup3.8.0.0.exe (Format Factory by Free Time)

TCP » 199.58.87.155:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 50.115.122.45:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 50.115.122.45:80
ffsetup3.8.0.0.exe (Format Factory by Free Time)

TCP » 199.58.87.151:80
ffsetup3.8.0.0.exe (Format Factory by Free Time)

TCP » 199.58.87.155:80
mediaget_id2634925ids4s.exe (mediaget-installer Module by MediaGet)

TCP » 50.115.122.45:80
mediaget_id2634925ids4s.exe (mediaget-installer Module by MediaGet)

TCP » 199.58.87.151:80
mediaget_id2634925ids4s.exe (mediaget-installer Module by MediaGet)

TCP » 50.115.122.45:80
alcohol120_trial_2.0.2.4713.exe

TCP » 199.58.87.151:80
ffsetup3.8.0.0.exe (Format Factory by Free Time)

TCP » 50.115.122.45:80
ffsetup3.8.0.0.exe (Format Factory by Free Time)

TCP » 50.115.122.45:80
whatsapp_setup.exe (Baliber by Nocu)

TCP » 50.115.122.45:80
skype_7.32.exe (Fotololed)

TCP » 199.58.87.151:80
navifirm-plus_3.2.exe (Fotololed)

TCP » 199.58.87.155:80
freemakemusicboxsetup.tmp

 
Latest 20 of 649 files

URL:
http://cdnus.wawosodadol.com/

Web server:
nginx/1.0.10

ironcdn.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.