The domain dl.wasdmr.com is registered by proxy through GODADDY.COM, LLC and was originally registered in July of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in New York City, New York within the United States which resides on the nLayer Communications Internal/Backbone network.
Registrant:
Domains By Proxy, LLC
Registrar:
GODADDY.COM, LLC
Server location:
New York, United States (US)
Create date:
Friday, July 5, 2013
Expires date:
Sunday, July 5, 2015
Updated date:
Sunday, July 6, 2014
ASN:
AS4436 AS-GTT-4436 - nLayer Communications, Inc.,US
Scanner detections:
Detections (100% detected)
Scan engine
Details
Detections
Reason Heuristics
PUP.Installer.FIRSERIASL.J, PUP.Installer.FIRSERIASL.H, PUP.FIRSERIASL.K, PUP.Installer.BechiroSL.E, PUP.Installer.BechiroSL.R, PUP.Installer.PopelerSystemsl.O, PUP.Installer.EilioDevelopmentssl.Q, PUP.Installer.BechiroSL.M, PUP.Solimba.Bechiro.Bundler (M), PUP.Solimba.PortalProgramas (M), PUP.Solimba.FIRSERIA.Bundler (M), PUP.Solimba.PopelerS.Installer (M), PUP.Solimba.PortalPr (M), PUP.Solimba (M)
100.00%
Malwarebytes
PUP.Optional.Solimba.mr, PUP.Optional.Firseria, .PUP.Optional.Solimba
33.33%
VIPRE Antivirus
DownloadMR, Trojan.Win32.Generic, Threat.4782980, Threat.4150696
33.33%
Avira AntiVirus
TR/Dropper.Gen, APPL/Firseria.Gen, APPL/Solimba.Gen, APPL/Firseria.Gen8, PUA/Solimba.Gen
33.33%
Sophos
Solimba Installer, PUA 'Solimba Installer'
22.92%
Dr.Web
Adware.Downware.1424, Adware.Downware.1433, Adware.Downware.1302, Trojan.DownLoader11.24441
22.92%
AVG
Adware AdInstaller.Firseria, Skodna.Generic, Adware Skodna.Generic.AMG
22.92%
avast!
MSIL:Crypt-KA [PUP], Win32:Solimba-M [PUP], Solimba-Z [PUP], Morstar-U [PUP]
20.83%
ESET NOD32
MSIL/Solimba.AB, Win32/FirseriaInstaller (variant)
20.83%
Kaspersky
not-a-virus:Downloader.Win32.Firser, not-a-virus:Downloader.Win32.Morstar, not-a-virus:Downloader.Win32.Solimba
20.83%
Agnitum Outpost
PUA.Solimba, PUA.Downloader
20.83%
Vba32 AntiVirus
Signed-Downware.Morstar.FIRSERIA, TScope.Trojan.MSIL, Signed-Downware.Morstar.BechiroSL
20.83%
NANO AntiVirus
Riskware.Win32.Downware.cyaacs, Trojan.Win32.Morstar.delxop, Trojan.Win32.Morstar.dfjxtk, Trojan.Win32.DownLoad3.daevxj
18.75%
G Data
Gen:Application.Bundler.Firseria, Gen:Variant.Application.Bundler.Kazy.132995, MSIL.Application.Solimba, Win32.Application.Solimba
18.75%
K7 AntiVirus
Trojan , Unwanted-Program
18.75%
The domain dl.wasdmr.com has been seen to resolve to the following 23 IP addresses.
ec2-54-72-9-51.eu-west-1.compute.amazonaws.com
August 20, 2016
a23-62-7-41.deploy.static.akamaitechnologies.com
November 29, 2014
a23-62-7-57.deploy.static.akamaitechnologies.com
November 29, 2014
a23-0-160-32.deploy.static.akamaitechnologies.com
September 21, 2014
a23-0-160-82.deploy.static.akamaitechnologies.com
September 21, 2014
a23-0-160-49.deploy.static.akamaitechnologies.com
September 21, 2014
ip-69-31-29-231.nlayer.net
September 18, 2014
ip-69-31-29-191.nlayer.net
September 18, 2014
a23-62-6-90.deploy.static.akamaitechnologies.com
September 18, 2014
a23-62-6-51.deploy.static.akamaitechnologies.com
September 18, 2014
a23-67-242-56.deploy.static.akamaitechnologies.com
April 29, 2014
a23-67-242-58.deploy.static.akamaitechnologies.com
April 29, 2014
a23-67-242-96.deploy.static.akamaitechnologies.com
December 27, 2013
a23-67-242-114.deploy.static.akamaitechnologies.com
December 27, 2013
a23-67-244-163.deploy.static.akamaitechnologies.com
November 16, 2013
a23-67-244-131.deploy.static.akamaitechnologies.com
November 16, 2013
a23-67-243-18.deploy.static.akamaitechnologies.com
November 16, 2013
a23-67-243-91.deploy.static.akamaitechnologies.com
November 16, 2013
a23-67-242-27.deploy.static.akamaitechnologies.com
November 16, 2013
a23-67-242-66.deploy.static.akamaitechnologies.com
November 16, 2013
File downloads found at URLs served by dl.wasdmr.com.
Latest 30 of 157 download URLs
The following 564 files have been seen to comunicate with dl.wasdmr.com in live environments.
URL:
http://dl.wasdmr.com/
Web server:
nginx (PHP/5.5.18)