» d.provideodownloader.com
Overview
Analysis
IPs Addresses (16)
Downloads (2)
Network (16)
Website Detail

d.provideodownloader.com

Data Beat Solutions, LLC (via a Proxy Registrant)

Domain Information

The domain d.provideodownloader.com is registered by proxy through GODADDY.COM, LLC and was originally registered in June of 2011. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Seattle, Washington within the United States which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Cloudfront CDN service which utilizes a number of proxy IP Addresses (see below). The domain is associated with the publisher Data Beat Solutions, LLC who is located in San Diego, California in the United States.

Registrant:

Domains By Proxy, LLC on behalf of Data Beat Solutions, LLC

Registrar:

GODADDY.COM, LLC

Server location:

Washington, United States (US)

Create date:

Monday, June 6, 2011

Expires date:

Sunday, January 1, 2017

Updated date:

Saturday, January 2, 2016

ASN:

AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:

provideodownloader.com

Whois:

1 provideodownloader.com record

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.Installer.DataBeatSolutions.F, PUP.Injekt.DataBeat.Installer (M)

100.00%

Bkav FE

W32.Clodd67.Trojan

50.00%

McAfee

Artemis!9A2E058F3554

50.00%

Malwarebytes

PUP.Optional.SearchDonkey.A

50.00%

Norman

Malware

50.00%

Trend Micro House Call

TROJ_GEN.F47V1011

50.00%

avast!

Win32:BHO-AMO [PUP]

50.00%

Dr.Web

Adware.Plugin.128

50.00%

VIPRE Antivirus

SearchDonkey

50.00%

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

50.00%

ESET NOD32

Win32/ExFriendAlert (variant)

50.00%

The domain d.provideodownloader.com has been seen to resolve to the following 16 IP addresses.

52.84.125.219

server-52-84-125-219.iad16.r.cloudfront.net

June 3, 2016

52.84.125.134

server-52-84-125-134.iad16.r.cloudfront.net

June 3, 2016

52.84.125.77

server-52-84-125-77.iad16.r.cloudfront.net

June 3, 2016

52.84.125.61

server-52-84-125-61.iad16.r.cloudfront.net

June 3, 2016

52.84.125.38

server-52-84-125-38.iad16.r.cloudfront.net

June 3, 2016

52.84.125.12

server-52-84-125-12.iad16.r.cloudfront.net

June 3, 2016

52.84.125.246

server-52-84-125-246.iad16.r.cloudfront.net

June 3, 2016

52.84.125.226

server-52-84-125-226.iad16.r.cloudfront.net

June 3, 2016

52.85.131.165

server-52-85-131-165.iad53.r.cloudfront.net

April 16, 2016

52.85.131.100

server-52-85-131-100.iad53.r.cloudfront.net

April 16, 2016

52.85.131.94

server-52-85-131-94.iad53.r.cloudfront.net

April 16, 2016

52.85.131.70

server-52-85-131-70.iad53.r.cloudfront.net

April 16, 2016

52.85.131.57

server-52-85-131-57.iad53.r.cloudfront.net

April 16, 2016

52.85.131.34

server-52-85-131-34.iad53.r.cloudfront.net

April 16, 2016

52.85.131.21

server-52-85-131-21.iad53.r.cloudfront.net

April 16, 2016

52.85.131.218

server-52-85-131-218.iad53.r.cloudfront.net

April 16, 2016

File downloads found at URLs served by d.provideodownloader.com.

1 / 68 (Adware)

http://d.provideodownloader.com/ProVideoDownloader/322/.../Setup.exe (d6cc5aaae4c30ee3102a7e10be9d00ea)

11 / 68 (Adware)

http://d.provideodownloader.com/ProVideoDownloader/63301/.../Setup.exe (9a2e058f35546245a2a84db7f899c719)

The following 16 files have been seen to comunicate with d.provideodownloader.com in live environments.

TCP » 52.84.125.61:443

UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.226:80

se.exe

TCP » 52.84.125.12:443

UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.61:443

online-guardian-v2.0.9.exe

TCP » 52.84.125.12:80

UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.12:80

Trezaa.Service.exe (Trezaa.Service by Microsoft)

TCP » 52.84.125.77:443

online-guardian-v2.0.9.exe

TCP » 52.84.125.12:443

UCBrowser.exe (by UCWeb)

TCP » 52.84.125.77:80

new_chrome.exe (1stBrowser by The 1stBrowser Authors)

TCP » 52.84.125.12:80

Mobogenie.exe (Mobogenie by Mobogenie.com)

TCP » 52.84.125.38:443

ManyCam.exe (ManyCam Virtual Webcam by Visicom Media)

TCP » 52.84.125.12:80

browser.exe (speed browser by Smart Applications)

TCP » 52.84.125.226:443

online-guardian-v2.0.9.exe

TCP » 52.84.125.226:443

ManyCam.exe (ManyCam Virtual Webcam by Visicom Media)

TCP » 52.84.125.226:80

Trezaa.Service.exe (Trezaa.Service by Microsoft)

TCP » 52.84.125.77:443

secureassist.exe (SecureAssist.exe by SecureAssist)

TCP » 52.84.125.134:443

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.84.125.219:80

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.84.125.219:80

browser.exe (Browser)

TCP » 52.84.125.226:80

rlvknlg.exe (Relevant-Knowledge by TMRG)

Latest 20 of 38 files

URL:

http://d.provideodownloader.com/

Network:

Amazon Cloudfront

Web server:

AmazonS3

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.