home

dhc.freewindowsmediaconverter.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain dhc.freewindowsmediaconverter.com is registered by proxy through GODADDY.COM, LLC and was originally registered in February of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Cambridge, Massachusetts within the United States which resides on the Akamai Technologies, Inc. network.
Registrar:
GODADDY.COM, LLC

Server location:
Massachusetts, United States (US)

Create date:
Wednesday, February 13, 2013

Expires date:
Thursday, February 13, 2014

Updated date:
Wednesday, February 13, 2013

ASN:
AS20940 AKAMAI-ASN1 Akamai International B.V.

Root domain:
freewindowsmediaconverter.com

Whois:
1 freewindowsmediaconverter.com record

Scanner detections:
Detections  (85% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.Bundlore.F, PUP.Installer.IronInstall.F, PUP.Installer.Bundlore.I, PUP.Tuguu.Bundler (M), PUP.Tuguu.TuguuSL.Bundler (M)
100.00%

VIPRE Antivirus
Bundlore, InstallCore
72.73%

avast!
Win32:Bundlore-A [PUP], Win32:Installer-I [PUP]
72.73%

Dr.Web
Adware.Downware.925
63.64%

Bkav FE
W32.Clod357.Trojan, W32.Clodc14.Trojan, W32.Clodd04.Trojan
54.55%

ESET NOD32
Win32/Toolbar.Conduit, Win32/InstallCore.BH (variant)
54.55%

Malwarebytes
PUP.Optional.Bundlore
45.45%

Fortinet FortiGate
Adware/WebCake
45.45%

Norman
Agent.ASCUC, Bundlore.CERT
45.45%

Trend Micro House Call
TROJ_GEN.F47V0507, TROJ_GEN.F47V0510, TROJ_GEN.F47V0517, TROJ_GEN.R002H05IT14
45.45%

McAfee
Artemis!D0AA0A857FBF, Artemis!B469EB85CBB3
45.45%

Sophos
Generic PUA JD, Bundlore
18.18%

K7 AntiVirus
Trojan
9.09%

Avira AntiVirus
ADWARE/InstallCore.Gen
9.09%

Boost by Reason
Adware.Installer.IronInstall.F
9.09%

The domain dhc.freewindowsmediaconverter.com has been seen to resolve to the following 4 IP addresses.

23.67.242.35
a23-67-242-35.deploy.static.akamaitechnologies.com
November 19, 2013

23.67.242.80
a23-67-242-80.deploy.static.akamaitechnologies.com
November 19, 2013

63.88.100.152
November 17, 2013

63.88.100.139
November 17, 2013

File downloads found at URLs served by dhc.freewindowsmediaconverter.com.

13 / 68    (Adware)
http://dhc.freewindowsmediaconverter.com/download/b101/.../video_downloader.exe  (setup.exe)

11 / 68    (Adware)
http://dhc.freewindowsmediaconverter.com/download/b97/.../video_downloader.exe  (setup.exe)

11 / 68    (Adware)
http://dhc.freewindowsmediaconverter.com/download/b106/.../setup.exe  (d5756959f253e331a3a63930a65f0ab4)

1 / 68      (Adware)
http://dhc.freewindowsmediaconverter.com/download/b105/.../setup.exe  (9c6a20197611d52a9af6ef00f7ebcab6)

1 / 68      (Adware)
http://dhc.freewindowsmediaconverter.com/download/b105/.../setup.exe  (80a75655b005ed53c67fa0ca2414cc03)

1 / 68      (Adware)
http://dhc.freewindowsmediaconverter.com/download/b106/.../setup.exe  (4d90c6af1be7b67e464e5308a2fdccde)

0 / 68
http://dhc.freewindowsmediaconverter.com/download/b97/.../video_downloader.exe  (chrome.exe)

0 / 68
http://dhc.freewindowsmediaconverter.com/download/b104/.../setup.exe  (34a1009b0e4f8a089e9f6a404946dfd6)

11 / 68    (Adware)
http://dhc.freewindowsmediaconverter.com/download/b85/.../video_downloader.exe  (setup.exe)

5 / 68      (Adware)
http://dhc.freewindowsmediaconverter.com/download/b94/.../setup.exe  (3d12c5b154b256a5f4d858237a882061)

11 / 68    (Adware)
http://dhc.freewindowsmediaconverter.com/download/b100/.../video_downloader.exe  (setup.exe)

5 / 68      (Adware)
http://dhc.freewindowsmediaconverter.com/download/b90/.../video_downloader.exe  (setup.exe)

5 / 68      (Adware)
http://dhc.freewindowsmediaconverter.com/download/b94/.../video_downloader.exe  (setup.exe)

11 / 68    (Adware)
http://dhc.freewindowsmediaconverter.com/download/b97/.../setup.exe  (34c6623059d968513a66b08323ca220f)

11 / 68    (Adware)
http://dhc.freewindowsmediaconverter.com/download/b106/.../video_downloader.exe  (setup.exe)

11 / 68    (Adware)
http://dhc.freewindowsmediaconverter.com/download/b105/.../setup.exe  (d5756959f253e331a3a63930a65f0ab4)

11 / 68    (Adware)
http://dhc.freewindowsmediaconverter.com/download/b102/.../video_downloader.exe  (setup.exe)

11 / 68    (Adware)
http://dhc.freewindowsmediaconverter.com/download/b103/.../video_downloader.exe  (setup.exe)

11 / 68    (Adware)
http://dhc.freewindowsmediaconverter.com/download/b104/.../video_downloader.exe  (setup.exe)

8 / 68      (Adware)
http://dhc.freewindowsmediaconverter.com/download/start_download_ww-IC/.../setup.exe  (599f29c5e6af5397de1ae680a010e2b3)

11 / 68    (Adware)
http://dhc.freewindowsmediaconverter.com/download/b107/.../setup.exe  (d5756959f253e331a3a63930a65f0ab4)

The following 53 files have been seen to comunicate with dhc.freewindowsmediaconverter.com in live environments.

TCP » 23.67.242.35:80
drop_to_s.crx

TCP » 23.67.242.35:80
facelift.crx

TCP » 23.67.242.35:80
new_tab.crx

TCP » 23.67.242.35:80
facelift.crx

TCP » 23.67.242.35:80
facebook.crx

TCP » 23.67.242.35:80
goipcfdihomaoojgckmhigcogbnpncaf.crx

TCP » 23.67.242.35:80
Client.exe

TCP » 23.67.242.35:80
gagdebbdflpnhgahjichmoigigfbbmon.crx

TCP » 23.67.242.35:80
eopkijkcgpoililocaolmakddpiekljc.crx

TCP » 23.67.242.35:80
jmanhnpbjfimadidojfmbkeilpjimbnk.crx

TCP » 23.67.242.35:80
gmnhkhnkokdagfhdhphaejgjakkjekam.crx

TCP » 23.67.242.80:80
ippenodjaoidmkkfdlmdhofiebnpjddb.crx

TCP » 23.67.242.80:80
ibokihboaojdolnlgbejebillmaodnfc.crx

TCP » 23.67.242.80:80
ckehiapfbolghghlmopccocfnncldmao.crx

TCP » 23.67.242.80:80
jofaljhnpafkgaegcnganfcehmgicdoi.crx

TCP » 63.88.100.139:80
toolbarcr.crx

TCP » 63.88.100.139:80
toolbar.crx

TCP » 63.88.100.139:80
pfhnkainfgebjkhaoadlkjgjhhgpbohg.crx

TCP » 63.88.100.139:80
bddliligffobaljnkoggdijkcobadcco.crx

TCP » 63.88.100.139:80
toolbar.crx

 
Latest 20 of 53 files

URL:
http://dhc.freewindowsmediaconverter.com/

Web server:
Apache/2.2.3 (CentOS)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.