home

www.mmdhost.info

Chang and Co

Domain Information

This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Beaumaris, Victoria within Australia which resides on the Asia Pacific Network Information Centre network.
Registrar:
Above.com Pty Ltd.

Server location:
Victoria, Australia (AU)

ASN:
AS133618 TRELLIAN-AS-AP Trellian Pty. Limited,AU

Root domain:
mmdhost.info

Whois:
2 mmdhost.info records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.Bestopapp.U, PUP.VASSANAKONGSOONGNERN.Q, PUP.Installer.ITLGROUP.e, PUP.installCore.Bestopapp.Installer (M), PUP.installCore.Bestopap.Installer (M)
100.00%

VIPRE Antivirus
Threat.4788237, Threat.4150696, CoolMirage Ltd, Trojan.Win32.Generic
55.56%

McAfee
CryptInno, Artemis!B01AA10E5A9E, Artemis!6ADC153F5730, Artemis!82E44C463EE1
55.56%

K7 AntiVirus
Unwanted-Program , Adware
55.56%

Sophos
Install Core Click run software, Generic PUA EG, Generic PUA FH, Generic PUA KO
55.56%

AVG
Generic
55.56%

Dr.Web
Trojan.Packed.24524, Adware.Downware.8319
44.44%

Avira AntiVirus
ADWARE/InstallCore.Gen7, ADWARE/InstallCore.Gen9, Adware/Yontoo.72664.1, ADWARE/Adware.Gen4
44.44%

G Data
Win32.Application.InstallCore.CI, NSIS.Application.Adload, Win32.Virtob.Gen.12
33.33%

Trend Micro House Call
Suspicious_GEN.F47V1129, Suspicious_GEN.F47V1205, PE_VIRUX.R
33.33%

Kaspersky
not-a-virus:AdWare.NSIS.Yontoo, not-a-virus:AdWare.Win32.Amonetize
33.33%

ESET NOD32
NSIS/TrojanDownloader.Adload.AA, Win32/Amonetize.CH (variant)
33.33%

Comodo Security
Application.Win32.InstallCore.MZIV
22.22%

Malwarebytes
PUP.Optional.Bestop, PUP.Optional.Amonetize
22.22%

ESET NOD32
Win32/InstallCore.QH potentially unwanted application
11.11%

The domain www.mmdhost.info has been seen to resolve to the following 4 IP addresses.

103.224.212.244
lb-212-244.above.com
February 20, 2016

54.209.210.98
ec2-54-209-210-98.compute-1.amazonaws.com
December 30, 2014

107.23.164.229
ec2-107-23-164-229.compute-1.amazonaws.com
November 29, 2014

107.21.51.147
ec2-107-21-51-147.compute-1.amazonaws.com
October 20, 2014

File downloads found at URLs served by www.mmdhost.info.

1 / 68      (Adware)
http://www.mmdhost.info/3fddfe63-56dc-424b-a44f-3cd2fe02a5d3  (downloadmanagersetup.exe)

1 / 68      (Adware)
http://www.mmdhost.info/3fddfe63-56dc-424b-a44f-3cd2fe02a5d3?subid=mobit  (downloadmanagersetup.exe)

1 / 68      (Adware)
http://www.mmdhost.info/3fddfe63-56dc-424b-a44f-3cd2fe02a5d3?subid=mobit  (downloadmanagersetup.exe)

1 / 68      (Adware)
http://www.mmdhost.info/3fddfe63-56dc-424b-a44f-3cd2fe02a5d3?subid=soft_CH  (downloadmanagersetup.exe)

31 / 68    (Adware)
http://www.mmdhost.info/click  (flashplayer__10154_i1418287139_il172.exe)

11 / 68    (Adware)
http://www.mmdhost.info/click  (flvplayer-chrome.exe)

12 / 68    (Adware)
http://www.mmdhost.info/click  (flvplayer-chrome.exe)

15 / 68    (Adware)
http://www.mmdhost.info/3fddfe63-56dc-424b-a44f-3cd2fe02a5d3?subid=mobit  (downloadmanagersetup.exe)

9 / 68      (Adware)
http://www.mmdhost.info/3fddfe63-56dc-424b-a44f-3cd2fe02a5d3?subid=soft_CH  (downloadmanagersetup.exe)

The following 4 files have been seen to comunicate with www.mmdhost.info in live environments.

TCP » 103.224.212.244:1177
trojan.exe

TCP » 54.209.210.98:80
client.exe

TCP » 103.224.212.244:1117
imdcsc.exe (Remote Service Application by Microsoft)

TCP » 54.209.210.98:80
client_iobitdel.exe

URL:
http://www.mmdhost.info/

Title:
“mmdhost.info”

Web server:
Apache

jbtrax.net

pchealthcheckup.net

pcsoftupdate.com

trkxz.com

adtrkx.com

demshot.info

javaupdatewizard.com

trackvoluum.com

vidarama.info

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.