home

dl.hzdmr.com

jianlong song

Domain Information

The domain dl.hzdmr.com registered by jianlong song was initially registered in December of 2015 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Cambridge, Massachusetts within the United States which resides on the Akamai Technologies, Inc. network.
Registrar:
EUTURBO.COM LLC

Server location:
Massachusetts, United States (US)

Create date:
Tuesday, December 22, 2015

Expires date:
Thursday, December 22, 2016

Updated date:
Tuesday, December 22, 2015

ASN:
AS20940 AKAMAI-ASN1 Akamai International B.V.

Root domain:
hzdmr.com

Whois:
3 hzdmr.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
(M), PUP.Installer.FIRSERIASL.J, PUP.Installer.AppsInstallerSL.V, PUP.Installer.AppsInstallerSL.M, PUP.Installer.AppsInstallerSL.I, PUP.Installer.AppsInstallerSL.L, PUP.Installer.AppsInstallerSL.N, PUP.Solimba.AppsInstaller.Installer (M), Win32.Generic, PUP.Solimba.AppsInst.Bundler (M), PUP.Solimba.FIRSERIA.Bundler (M), PUP.Solimba.PortalPr.Bundler (M), PUP.Solimba (M)
100.00%

Avira AntiVirus
W32/Mabezat, TR/Dropper.Gen, APPL/Solimba.Gen, APPL/Firseria.Gen8, PUA/Solimba.Gen
27.27%

Malwarebytes
PUP.Optional.Solimba.mr, PUP.Optional.Firseria
27.27%

VIPRE Antivirus
DownloadMR, Threat.4782980, Threat.4150696
27.27%

avast!
MSIL:Crypt-KA [PUP], Solimba-C [PUP], Win32:Solimba-C [PUP]
21.21%

K7 AntiVirus
Trojan , Unwanted-Program
21.21%

Sophos
Solimba Installer, DownloadMR
18.18%

Vba32 AntiVirus
Downware.Morstar, TScope.Trojan.MSIL, Signed-Downware.Morstar.AppsInstallerSL
18.18%

AVG
Generic_r, Skodna.Generic, Adware Skodna.Generic.AMG, Bechiro SL, AdInstaller.V
18.18%

Dr.Web
Adware.Downware.1125, Trojan.DownLoader11.24441
18.18%

Comodo Security
Application.Win32.Solimba.GW, Application.Win32.Solimba.LSW
18.18%

Fortinet FortiGate
Adware/Solimba, Riskware/Morstar
18.18%

ESET NOD32
MSIL/Solimba.AB, Win32/FirseriaInstaller (variant), MSIL/Solimba potentially unwanted
15.15%

Kaspersky
not-a-virus:Downloader.NSIS.Agent, not-a-virus:AdWare.Win32.Fiseria, not-a-virus:Downloader.Win32.Morstar
15.15%

NANO AntiVirus
Trojan.Win32.Generic.cskuge, Trojan.Win32.DownLoad3.daevxj, Trojan.Win32.Morstar.dfgpsr, Riskware.Win32.Downloader.cskuky
15.15%

The domain dl.hzdmr.com has been seen to resolve to the following 15 IP addresses.

47.88.33.67
June 22, 2016

104.37.244.200
January 27, 2016

23.62.6.80
a23-62-6-80.deploy.static.akamaitechnologies.com
December 2, 2014

23.62.6.58
a23-62-6-58.deploy.static.akamaitechnologies.com
October 24, 2014

23.62.7.17
a23-62-7-17.deploy.static.akamaitechnologies.com
September 27, 2014

23.62.7.18
a23-62-7-18.deploy.static.akamaitechnologies.com
September 27, 2014

23.62.6.74
a23-62-6-74.deploy.static.akamaitechnologies.com
September 2, 2014

23.62.6.66
a23-62-6-66.deploy.static.akamaitechnologies.com
September 2, 2014

23.67.243.48
May 1, 2014

23.15.8.83
a23-15-8-83.deploy.static.akamaitechnologies.com
January 14, 2014

23.15.8.66
a23-15-8-66.deploy.static.akamaitechnologies.com
January 14, 2014

63.88.100.177
November 16, 2013

63.88.100.194
November 16, 2013

23.67.243.90
November 16, 2013

23.67.243.67
a23-67-243-67.deploy.static.akamaitechnologies.com
November 16, 2013

File downloads found at URLs served by dl.hzdmr.com.

1 / 68      (Adware)
http://dl.hzdmr.com/n/.../Avast.exe  (2077b4a49a21cbadcb2dfc708d0cf794)

1 / 68      (Adware)
http://dl.hzdmr.com/n/.../Stronghold Legends.exe  (2f58661f67c5fa64108a5973703484fa)

1 / 68      (Adware)
http://dl.hzdmr.com/n/3.0.17.6/.../Cuisine et salle de bains 3D.exe  (bed02e81e52af1bd251ab6143495ee37)

1 / 68      (Adware)
http://dl.hzdmr.com/n/.../LEGO Marvel Super Heroes.exe  (a8cfc31764afea9cf74b670eee398a10)

1 / 68      (Adware)
http://dl.hzdmr.com/n/3.0.17.6/.../Primal Carnage.exe  (c920b35988fd3060dffe54ef6ad09d2e)

1 / 68      (Adware)
http://dl.hzdmr.com/n/3.0.15.3/.../Descartes.exe  (198b617437898a2e642133ee35434278)

1 / 68      (Adware)
http://dl.hzdmr.com/n/.../Minecraft.exe  (820bf2b45bf0a2b3a57386dc6c2ae82b)

1 / 68      (Adware)
http://dl.hzdmr.com/n/.../BeFunky Photo Editor.exe  (c663839cf4f5bacbf88f38be368dfef5)

1 / 68      (Adware)
http://dl.hzdmr.com/n/.../PAST 2.15.exe  (76bc0a3b5f1c75066c5a71a2da4e358a)

1 / 68      (Adware)
http://dl.hzdmr.com/n/3.0.17.6/.../Mediaget.exe  (b51328761b52a1956e3e7029537e8359)

1 / 68      (Adware)
http://dl.hzdmr.com/n/.../forgek Dynamic Link Library.exe  (6cb44b99f0a058df4033f343940424c7)

1 / 68      (Adware)
http://dl.hzdmr.com/n/.../Outlook Express.exe  (9b71b989a0648ca3f78111aa745c6a24)

1 / 68      (Adware)
http://dl.hzdmr.com/n/.../Alarm Clock.exe  (3f52febaa7be30d7e62e827e1cd16741)

1 / 68      (Adware)
http://dl.hzdmr.com/n/.../Microsoft Works.exe  (a20c063b31a2cdcb0f4b7a49c1295f0f)

1 / 68      (Adware)
http://dl.hzdmr.com/n/.../Rayman Gold.exe  (57f8f78a9bf1b9929f56963f522a5264)

26 / 68    (Adware)
http://dl.hzdmr.com/n/3.0.15.3/.../FLVMPlayer.exe  (127014f05718aa22569932ab446611a0)

1 / 68      (Adware)
http://dl.hzdmr.com/n/.../Video Star.exe  (9d5f11a32a3cb3fea200318c7a52bd79)

1 / 68      (Adware)
http://dl.hzdmr.com/n/.../Easy Photo Print.exe  (00d558b38ac82794bffc03a656866454)

17 / 68    (Adware)
http://dl.hzdmr.com/n/3.0.15.2/.../Edge of Space.exe  (557fe94d3d406d219ba7682aefadbdf4)

17 / 68    (Adware)
http://dl.hzdmr.com/n/.../Edge of Space.exe  (557fe94d3d406d219ba7682aefadbdf4)

32 / 68    (Adware)
http://dl.hzdmr.com/n/.../Youtube Downloader HD.exe  (a727e9f991aae3a52947137659abe5a8)

17 / 68    (Adware)
http://dl.hzdmr.com/n/.../GoToMeeting.exe  (7c17c9b893a3d9afa7d63a7e41ed6216)

13 / 68    (Adware)
http://dl.hzdmr.com/n/3.0.15.3/.../Mediaget.exe  (c0796a214cf5e6aa407af52e20f414a9)

9 / 68      (Adware)
http://dl.hzdmr.com/n/.../Print Artist Platinum.exe  (appinstaller.exe)

7 / 68      (Adware)
http://dl.hzdmr.com/n/3.0.18.1/.../Adobe Acrobat 9 Pro Extended.exe  (installer.exe)

7 / 68      (Adware)
http://dl.hzdmr.com/n/3.0.18.1/.../WinZip.exe  (installer.exe)

The following 332 files have been seen to comunicate with dl.hzdmr.com in live environments.

TCP » 23.15.8.66:80
okmbhmfbghnekneejbbmeofpjoemplee.crx

TCP » 23.15.8.66:80
kgkmmefaeflbkbbamehfkghmmlgnpojl.crx

TCP » 23.15.8.66:80
kelheppgiophoagmlfhpkfkojeafleaa.crx

TCP » 23.15.8.66:80
iobjjcahfhldcakcacmcomhgepfcppkc.crx

TCP » 23.15.8.66:80
okmbhmfbghnekneejbbmeofpjoemplee.crx

TCP » 23.15.8.66:80
iobjjcahfhldcakcacmcomhgepfcppkc.crx

TCP » 23.15.8.66:80
ccdampogcophlelgenihcnlgamgeieca.crx

TCP » 23.15.8.66:80
ankgikcaabhnbjopedljgmgmdbkbdimn.crx

TCP » 23.15.8.66:80
ndimgldellnapmodhcbiindoiljbfnkg.crx

TCP » 23.15.8.66:80
imnmlgndokmgocfabbcnfnjfopjkbinb.crx

TCP » 23.15.8.66:80
iobjjcahfhldcakcacmcomhgepfcppkc.crx

TCP » 23.15.8.83:80
logbcjholopffghddogflajhklgncikg.crx

TCP » 23.15.8.83:80
ibokihboaojdolnlgbejebillmaodnfc.crx

TCP » 23.15.8.83:80
ggjeigokdkknombopfdlicnfbbcebdfc.crx

TCP » 23.15.8.83:80
ibokihboaojdolnlgbejebillmaodnfc.crx

TCP » 23.62.6.66:80
comcastantispyservice.exe

TCP » 23.62.6.66:443
ekrn.exe (ESET Smart Security by ESET)

TCP » 23.62.6.66:80
spd.exe

TCP » 23.62.6.74:80
sManager.exe (by Samsung Electronics CO.)

TCP » 23.62.6.80:80
new_chrome.exe (Google Chrome by Google)

 
Latest 20 of 333 files

URL:
http://dl.hzdmr.com/

Web server:
nginx (PHP/5.3.29)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.