The domain dl.f1l3ohqimjjedf0jq.com is registered by proxy through GODADDY.COM, LLC and was originally registered in September of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Amsterdam, Noord-Holland within Netherlands which resides on the RIPE Network Coordination Centre network.
Registrant:
Domains By Proxy, LLC
Registrar:
GODADDY.COM, LLC
Server location:
Noord-Holland, Netherlands (NL)
Create date:
Thursday, September 19, 2013
Expires date:
Saturday, September 19, 2015
Updated date:
Sunday, May 3, 2015
ASN:
AS16265 LEASEWEB LeaseWeb B.V.
Scanner detections:
Detections (100% detected)
Scan engine
Details
Detections
Reason Heuristics
PUP.Installer.BechiroSL.O, PUP.Installer.BechiroSL.F, PUP.Installer.Fileadventure.F, PUP.Installer.Solimba, PUP.Solimba.Bechiro.Bundler (M)
100.00%
Malwarebytes
PUP.Optional.InstallCore, PUP.Optional.Firseria, PUP.Optional.Ibryte
95.00%
K7 AntiVirus
Unwanted-Program
95.00%
VIPRE Antivirus
DownloadMR, Threat.4150696, Trojan.Win32.Generic, Threat.4798837
95.00%
G Data
Win32.Application.Morstar, Gen:Application.Bundler.Firseria, Win32.Adware.IBryte
95.00%
Vba32 AntiVirus
Downware.Morstar, suspected of Trojan.Downloader.gen.h
95.00%
Rising Antivirus
PE:Malware.FirseriaInstaller!6.17AF, PE:PUF.FirseriaInstaller@CV!1.9C54, PE:Malware.iBryte!6.192B
95.00%
AVG
BundleApp, Adware BundleApp.H, Found Win32/DH{gRKBEyAlflCBB3lUTxVRgQkcU04}
95.00%
Comodo Security
Application.Win32.Solimba.L, Application.Win32.FirseriaInstaller.RRB, TrojWare.Win32.Trojan.Obfuscated.~EN, Application.Win32.Ibryte.NW
82.50%
ESET NOD32
Win32/FirseriaInstaller (variant)
70.00%
MicroWorld eScan
Gen:Variant.Strictor.55064, Gen:Application.Bundler.Firseria.1, Gen:Variant.Kazy.439479
42.50%
Bitdefender
Gen:Variant.Strictor.55064, Gen:Application.Bundler.Firseria.1, Gen:Variant.Adware.Graftor.161766
42.50%
Agnitum Outpost
PUA.Firseria, PUA.Downloader, Riskware.Agent
42.50%
Dr.Web
Trojan.DownLoader11.4114, Adware.Downware.1433, Trojan.DownLoader11.51174
42.50%
Avira AntiVirus
APPL/Firseria.A.15, TR/Crypt.XPACK.Gen, Adware/iBryte.zline
42.50%
The domain dl.f1l3ohqimjjedf0jq.com has been seen to resolve to the following 7 IP addresses.
ec2-54-225-146-71.compute-1.amazonaws.com
May 3, 2015
ec2-54-225-92-8.compute-1.amazonaws.com
May 3, 2015
ec2-54-235-219-29.compute-1.amazonaws.com
December 11, 2014
ec2-75-101-142-114.compute-1.amazonaws.com
December 11, 2014
ec2-75-101-156-240.compute-1.amazonaws.com
September 3, 2014
ec2-54-197-235-95.compute-1.amazonaws.com
September 3, 2014
hadl.lw100.1e111.net
November 19, 2013
File downloads found at URLs served by dl.f1l3ohqimjjedf0jq.com.
URL:
http://dl.f1l3ohqimjjedf0jq.com/
Web server:
nginx (PHP/5.5.24)
Related Domains