home

dl.fakdmr.com

Grupo Blidoo S.L.

Domain Information

The domain dl.fakdmr.com registered by Grupo Blidoo S.L. was initially registered in August of 2013 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Cambridge, Massachusetts within the United States which resides on the Akamai Technologies, Inc. network.
Registrar:
GODADDY.COM, LLC

Server location:
Massachusetts, United States (US)

Create date:
Wednesday, August 21, 2013

Expires date:
Friday, August 21, 2015

Updated date:
Monday, August 18, 2014

ASN:
AS20940 AKAMAI-ASN1 Akamai International B.V.

Root domain:
fakdmr.com

Whois:
1 fakdmr.com record

Scanner detections:
Detections  (90% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.FIRSERIASL.H, PUP.Solimba, PUP.Solimba.FIRSERIA.Bundler (M), PUP.Solimba (M)
100.00%

avast!
Win32:Firseria-A [PUP]
22.22%

Dr.Web
Trojan.DownLoader10.14117
22.22%

VIPRE Antivirus
Threat.4782980, Threat.4895151
22.22%

ESET NOD32
Win32/FirseriaInstaller.A potentially unwanted application
22.22%

MicroWorld eScan
Gen:Application.Bundler.Firseria.1
22.22%

Malwarebytes
PUP.Optional.Firser.A
22.22%

K7 AntiVirus
Unwanted-Program
22.22%

Agnitum Outpost
Trojan.ULPM
22.22%

Kaspersky
not-a-virus:Downloader.Win32.Firser
22.22%

Bitdefender
Gen:Application.Bundler.Firseria.1
22.22%

NANO AntiVirus
Trojan.Win32.DownLoader10.cviyhv
22.22%

Sophos
Solimba Installer, PUA 'Solimba Installer'
22.22%

Comodo Security
Application.Win32.Solimba.J
22.22%

Avira AntiVirus
TR/Crypt.ULPM.Gen
22.22%

The domain dl.fakdmr.com has been seen to resolve to the following 6 IP addresses.

23.67.250.112
a23-67-250-112.deploy.static.akamaitechnologies.com
May 5, 2015

23.67.250.121
a23-67-250-121.deploy.static.akamaitechnologies.com
May 5, 2015

23.62.6.51
a23-62-6-51.deploy.static.akamaitechnologies.com
March 1, 2015

23.62.6.90
a23-62-6-90.deploy.static.akamaitechnologies.com
March 1, 2015

23.0.160.66
a23-0-160-66.deploy.static.akamaitechnologies.com
September 5, 2014

23.0.160.16
a23-0-160-16.deploy.static.akamaitechnologies.com
September 5, 2014

File downloads found at URLs served by dl.fakdmr.com.

1 / 68      (Adware)
http://dl.fakdmr.com/n/3.0.19.2/.../Skype.exe  (75fc94774c2700a364c104cbdd0009bc)

1 / 68      (Adware)
http://dl.fakdmr.com/n/3.0.19.2/.../Google Chrome.exe  (bafef27ad40a5492b59571b9b933091a)

1 / 68      (Adware)
http://dl.fakdmr.com/n/3.0.18.4/.../Zune software.exe  (94f8444cdd87142bf7695282c5801776)

1 / 68      (Adware)
http://dl.fakdmr.com/n/3.0.19.5/.../Magic Photo Editor.exe  (cd73886551586bc4d263b747f8e8b6b1)

1 / 68      (Adware)
http://dl.fakdmr.com/n/3.0.19.2/.../Google Chrome.exe  (9ab6032af37c2ccb539c2b5ddfde34e5)

1 / 68      (Adware)
http://dl.fakdmr.com/n/3.0.18.2/.../Spybot Search & Destroy.exe  (7628c976bfbdf38243698645e3533e7c)

1 / 68      (Adware)
http://dl.fakdmr.com/n/3.0.19.2/.../Picasa.exe  (b762c3103943153cfbce3cedbf834ae8)

0 / 68
http://dl.fakdmr.com/n/3.0.18.2/.../AdwCleaner.exe  (adwcleaner_4.112.exe)

28 / 68    (Adware)
http://dl.fakdmr.com/n/3.0.19.2/.../MSN Messenger.exe  (5b7bd1b4c7674581cb4e5b206628661a)

29 / 68    (Adware)
http://dl.fakdmr.com/n/3.0.19.2/.../ImgBurn.exe  (57da0ee4f6f93147ee34d0e83843b5e3)

The following 76 files have been seen to comunicate with dl.fakdmr.com in live environments.

TCP » 23.67.250.112:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 23.0.160.16:80
TWCApp.exe (The Weather Channel App by The Weather Channel)

TCP » 23.0.160.16:80
PSANHost.exe (Cloud Antivirus Platform by Panda Security, S.L)

TCP » 23.0.160.16:80
iafdglafjnbhhfnbdlmageiffbhapked.crx

TCP » 23.0.160.16:80
kifafadhaonpfpdepdjmdmcgmnjieenj.crx

TCP » 23.0.160.16:80
pmkdchokpegklckhiggdmjfjfdlkgmmg.crx

TCP » 23.0.160.16:80
ckkfipncfiigadelehgcbcbemeopmcdg.crx

TCP » 23.0.160.16:80
hfcmajnmfggpkknianiidjfhapbkmdgp.crx

TCP » 23.0.160.16:80
ceiapeodjfjcbfkfkfbdpgbhbgiidjdb.crx

TCP » 23.0.160.16:80
mclkedoeeehnmdcbjejgkhobkbibkkdk.crx

TCP » 23.0.160.16:80
gmlikmikiobdfcmdfgacgjikmpcfgdkc.crx

TCP » 23.0.160.16:80
lpmmogapccokpnokcdhjfiildnodjgam.crx

TCP » 23.0.160.16:80
ceiapeodjfjcbfkfkfbdpgbhbgiidjdb.crx

TCP » 23.0.160.16:80
ofbadnfgflalgnlglgchfonmpoiiclig.crx

TCP » 23.0.160.16:80
gmlikmikiobdfcmdfgacgjikmpcfgdkc.crx

TCP » 23.0.160.16:80
oiboaofjhidpibfidnjmnfefaiidodim.crx

TCP » 23.0.160.16:80
gflpcjeoeocanhomdojchhdmmidhgake.crx

TCP » 23.0.160.66:80
total-video-converter-3.71.exe

TCP » 23.0.160.66:80
infonaut-setup-1.10.0.14.exe (Infonaut)

TCP » 23.0.160.66:80
gbgjmckogbhefegcopoangfdofebgjge.crx

 
Latest 20 of 78 files

URL:
http://dl.fakdmr.com/

Web server:
AkamaiGHost

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.