home

mydl.hexaweb.net

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain mydl.hexaweb.net is registered by proxy through ENOM, INC. and was originally registered in April of 2011. Currently this domain has been known to host various forms of malware. The hosted servers are located in Roubaix, Nord-Pas-De-Calais within France which resides on the RIPE Network Coordination Centre network.
Registrar:
ENOM, INC.

Server location:
Nord-Pas-De-Calais, France (FR)

Create date:
Saturday, April 2, 2011

Expires date:
Thursday, April 2, 2020

Updated date:
Thursday, October 17, 2013

ASN:
AS16276 OVH OVH SAS,FR

Root domain:
hexaweb.net

Whois:
1 hexaweb.net record

Scanner detections:
Malware distribution  (85% detected)

Scan engine
Details
Detections

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra, Threat.4657539
61.54%

Vba32 AntiVirus
TrojanDropper.Dapato, suspected of Trojan.Downloader.gen.h
61.54%

McAfee
Artemis!A942B3D27808, Artemis!C97614C14996, RDN/Downloader.a!tx, Artemis!D2CF23C94B75, RDN/Generic.bfr!hw, Artemis!FF8DA545FD18
53.85%

Reason Heuristics
Threat.Win.Reputation.IMP, PUP.Solimba.Bechiro (M)
46.15%

Trend Micro House Call
TROJ_GEN.R0CBH07FT14, Suspicious_GEN.F47V0616, TROJ_GEN.R047C0EL714, TROJ_GEN.R047C0EJT14, TROJ_GEN.R0C1H05A215
46.15%

Baidu Antivirus
Trojan.Win32.Dapato, Hacktool.Win32.Downloader, Trojan.Win32.Badur, Hacktool.Win32.Agent
46.15%

Qihoo 360 Security
Win32/Trojan.Dropper.a9d, HEUR/QVM42.0.Malware.Gen, HEUR/Malware.QVM20.Gen
46.15%

K7 AntiVirus
Riskware , Trojan-Downloader
38.46%

Kaspersky
Trojan-Dropper.Win32.Dapato, UDS:DangerousObject.Multi.Generic, Trojan.Win32.Badur
38.46%

Sophos
Mal/Generic-S, Generic PUA EL, Generic PUA KL
38.46%

Malwarebytes
Trojan.Downloader.Agent
38.46%

avast!
Win32:Dropper-gen [Drp], Win32:Malware-gen
30.77%

Agnitum Outpost
Trojan.Agent
23.08%

Quick Heal
TrojanDropper.Dapato.r5
23.08%

NANO AntiVirus
Trojan.Win32.Blocker.dbnfux
23.08%

The domain mydl.hexaweb.net has been seen to resolve to the following 3 IP addresses.

94.23.21.229
ns366973.ip-94-23-21.eu
April 6, 2016

178.33.228.198
ns338802.ip-178-33-228.eu
May 5, 2015

79.143.179.169
ip-169-179-143-79.static.contabo.net
May 31, 2014

File downloads found at URLs served by mydl.hexaweb.net.

23 / 68    (Malware)
http://mydl.hexaweb.net/clic.php?id_c=4d0e0b6312d5f974517eb20e56877bc5&id_a=30e3ef6f998  (flv-hd.exe)

1 / 68      (Malware)
http://mydl.hexaweb.net/clic.php?id_c=88e5bbd8b751cd04fa73f94f5657ec43&id_a=30e3ef6f998&host=fk  (flv-hd.exe)

1 / 68      (inconclusive)
http://mydl.hexaweb.net/clic.php?id_c=88e5bbd8b751cd04fa73f94f5657ec43&id_a=30e3ef6f998&host=fk  (flv-hd.exe)

10 / 68    (Malware)
http://mydl.hexaweb.net/clic.php?id_c=a725a3f3a0eaadf84c232213fc9d1b43&id_a=30e3ef6f998  (flv-hd.exe)

1 / 68      (Malware)
http://mydl.hexaweb.net/clic.php?id_c=a725a3f3a0eaadf84c232213fc9d1b43&id_a=30e3ef6f998&host=fk  (flv-hd.exe)

7 / 68      (Malware)
http://mydl.hexaweb.net/clic.php?id_c=a725a3f3a0eaadf84c232213fc9d1b43&id_a=30e3ef6f998  (flv-hd.exe)

1 / 68      (Adware)
http://mydl.hexaweb.net/clic.php?id_c=65718c802a3a0d800a06cd0855c13d9b&id_a=30e3ef6f998&host=fk  (flv_media_player.exe)

16 / 68    (Malware)
http://mydl.hexaweb.net/clic.php?id_c=88e5bbd8b751cd04fa73f94f5657ec43&id_a=30e3ef6f998&host=fk  (flv-hd.exe)

16 / 68    (Malware)
http://mydl.hexaweb.net/clic.php?id_c=0ccfae3344de8849dd45df502fc4fb2a&id_a=30e3ef6f998&host=fk  (flv-hd.exe)

23 / 68    (Malware)
http://mydl.hexaweb.net/clic.php?id_c=65718c802a3a0d800a06cd0855c13d9b&id_a=30e3ef6f998&host=fk  (flv-hd.exe)

20 / 68    (Malware)
http://mydl.hexaweb.net/clic.php?id_c=eb062815c8c99542ed28dcbd2d9cb259&id_a=30e3ef6f998&host=fk  (flv-hd.exe)

15 / 68    (Malware)
http://mydl.hexaweb.net/clic.php?id_c=a725a3f3a0eaadf84c232213fc9d1b43&id_a=30e3ef6f998&host=fk  (flv-hd.exe)

20 / 68    (Malware)
http://mydl.hexaweb.net/clic.php?id_c=88e5bbd8b751cd04fa73f94f5657ec43&id_a=30e3ef6f998&host=fk  (flv-hd.exe)

20 / 68    (Malware)
http://mydl.hexaweb.net/clic.php?id_c=65718c802a3a0d800a06cd0855c13d9b&id_a=30e3ef6f998&host=fk  (flv-hd.exe)

20 / 68    (Malware)
http://mydl.hexaweb.net/clic.php?id_c=a725a3f3a0eaadf84c232213fc9d1b43&id_a=30e3ef6f998  (flv-hd.exe)

2 / 68      (inconclusive)
http://mydl.hexaweb.net/clic.php?id_c=65718c802a3a0d800a06cd0855c13d9b&id_a=30e3ef6f998&host=fk  (flv-hd.exe)

15 / 68    (Malware)
http://mydl.hexaweb.net/clic.php?id_c=710bc1e577bc06098989432c73aa6cd5&id_a=30e3ef6f998&host=fk  (flv-hd.exe)

20 / 68    (Malware)
http://mydl.hexaweb.net/clic.php?id_c=8774789b9d8943f286989dfe98b5dcb2&id_a=30e3ef6f998&host=fk  (flv-hd.exe)

6 / 68      (Malware)
http://mydl.hexaweb.net/clic.php?id_c=8774789b9d8943f286989dfe98b5dcb2&id_a=30e3ef6f998&host=fk  (flv-hd.exe)

16 / 68    (Malware)
http://mydl.hexaweb.net/clic.php?id_c=1fdc89664c9d17343c6712ba6e5835e8&id_a=30e3ef6f998&host=fk  (flv-hd.exe)

16 / 68    (Malware)
http://mydl.hexaweb.net/clic.php?id_c=a725a3f3a0eaadf84c232213fc9d1b43&id_a=30e3ef6f998&host=fk  (flv-hd.exe)

16 / 68    (Malware)
http://mydl.hexaweb.net/clic.php?id_c=a725a3f3a0eaadf84c232213fc9d1b43&id_a=30e3ef6f998  (flv-hd.exe)

15 / 68    (Malware)
http://mydl.hexaweb.net/clic.php?id_c=a725a3f3a0eaadf84c232213fc9d1b43&id_a=30e3ef6f998  (flv-hd.exe)

URL:
http://mydl.hexaweb.net/

Web server:
Apache (PHP/5.5.33)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.