dl.f1l3ohqimjjedf0jq.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain dl.f1l3ohqimjjedf0jq.com is registered by proxy through GODADDY.COM, LLC and was originally registered in September of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Amsterdam, Noord-Holland within Netherlands which resides on the RIPE Network Coordination Centre network.
Registrar:
GODADDY.COM, LLC

Server location:
Noord-Holland, Netherlands (NL)

Create date:
Thursday, September 19, 2013

Expires date:
Saturday, September 19, 2015

Updated date:
Sunday, May 3, 2015

ASN:
AS16265 LEASEWEB LeaseWeb B.V.

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.BechiroSL.O, PUP.Installer.BechiroSL.F, PUP.Installer.Fileadventure.F, PUP.Installer.Solimba, PUP.Solimba.Bechiro.Bundler (M)
100.00%

Malwarebytes
PUP.Optional.InstallCore, PUP.Optional.Firseria, PUP.Optional.Ibryte
95.00%

K7 AntiVirus
Unwanted-Program
95.00%

VIPRE Antivirus
DownloadMR, Threat.4150696, Trojan.Win32.Generic, Threat.4798837
95.00%

G Data
Win32.Application.Morstar, Gen:Application.Bundler.Firseria, Win32.Adware.IBryte
95.00%

Vba32 AntiVirus
Downware.Morstar, suspected of Trojan.Downloader.gen.h
95.00%

Rising Antivirus
PE:Malware.FirseriaInstaller!6.17AF, PE:PUF.FirseriaInstaller@CV!1.9C54, PE:Malware.iBryte!6.192B
95.00%

AVG
BundleApp, Adware BundleApp.H, Found Win32/DH{gRKBEyAlflCBB3lUTxVRgQkcU04}
95.00%

Comodo Security
Application.Win32.Solimba.L, Application.Win32.FirseriaInstaller.RRB, TrojWare.Win32.Trojan.Obfuscated.~EN, Application.Win32.Ibryte.NW
82.50%

ESET NOD32
Win32/FirseriaInstaller (variant)
70.00%

MicroWorld eScan
Gen:Variant.Strictor.55064, Gen:Application.Bundler.Firseria.1, Gen:Variant.Kazy.439479
42.50%

Bitdefender
Gen:Variant.Strictor.55064, Gen:Application.Bundler.Firseria.1, Gen:Variant.Adware.Graftor.161766
42.50%

Agnitum Outpost
PUA.Firseria, PUA.Downloader, Riskware.Agent
42.50%

Dr.Web
Trojan.DownLoader11.4114, Adware.Downware.1433, Trojan.DownLoader11.51174
42.50%

Avira AntiVirus
APPL/Firseria.A.15, TR/Crypt.XPACK.Gen, Adware/iBryte.zline
42.50%

The domain dl.f1l3ohqimjjedf0jq.com has been seen to resolve to the following 7 IP addresses.

ec2-54-225-146-71.compute-1.amazonaws.com
May 3, 2015

ec2-54-225-92-8.compute-1.amazonaws.com
May 3, 2015

ec2-54-235-219-29.compute-1.amazonaws.com
December 11, 2014

ec2-75-101-142-114.compute-1.amazonaws.com
December 11, 2014

ec2-75-101-156-240.compute-1.amazonaws.com
September 3, 2014

ec2-54-197-235-95.compute-1.amazonaws.com
September 3, 2014

hadl.lw100.1e111.net
November 19, 2013

File downloads found at URLs served by dl.f1l3ohqimjjedf0jq.com.

1 / 68      (Adware)
http://dl.f1l3ohqimjjedf0jq.com/n/3.0.20.4/.../Setup.exe  (a3315d25d16d38ebbbadbe808914a221)

1 / 68      (Adware)
http://dl.f1l3ohqimjjedf0jq.com/n/3.0.20.3/.../Setup.exe  (1c3bf20188e22268110742d5ca72f718)

30 / 68    (Adware)
http://dl.f1l3ohqimjjedf0jq.com/n/3.0.23.4/.../Setup.exe  (0872ca2377f46a262e1738989ca9a9ca)

30 / 68    (Adware)
http://dl.f1l3ohqimjjedf0jq.com/n/.../Setup.exe  (0872ca2377f46a262e1738989ca9a9ca)

40 / 68    (Adware)
http://dl.f1l3ohqimjjedf0jq.com/n/3.0.20.3/.../Setup.exe  (5c4b266d4120fa43c58fb5c7f53b7cf8)

40 / 68    (Adware)
http://dl.f1l3ohqimjjedf0jq.com/n/.../Setup.exe  (5c4b266d4120fa43c58fb5c7f53b7cf8)

28 / 68    (Adware)
http://dl.f1l3ohqimjjedf0jq.com/n/3.0.23.10/.../Setup.exe  (ba13598a1d0d9cee0d2c7e291146f5f9)

28 / 68    (Adware)
http://dl.f1l3ohqimjjedf0jq.com/n/3.0.23.10/.../Setup.exe  (90fc09f05525a7dcdd64c02b82ba0c89)

28 / 68    (Adware)
http://dl.f1l3ohqimjjedf0jq.com/n/.../Setup.exe  (90fc09f05525a7dcdd64c02b82ba0c89)

20 / 68    (Adware)

URL:
http://dl.f1l3ohqimjjedf0jq.com/

Web server:
nginx (PHP/5.5.24)